My friend got their Facebook account “hacked”. Am I at risk?
We have published an updated article on this subject which you can read here. The post below is more than three years old and may contain information that is out of date.
They say a chain is only strong as its weakest link, and the same can be applied to our circle of friends on social media.
It doesn’t matter how much we lock down our own Facebook accounts and follow sensible advice concerning both privacy and security, if one of our friends falls victim to an online scam, it can potentially put us at risk as well.
Here, we outline the different ways a friends compromised Facebook account can potentially put us at risk, and how to minimise that risk.
“Facebook Security” Phishing Scams
Our friends on Facebook have the ability to send us instant chat messages through the Facebook Messenger platform, while strangers do not. (Messages from strangers go to your “Message Request” or “Other” inbox.)
And if a friend’s Facebook account is compromised by criminals, those criminals now have the ability to send us chat messages. This ability can launch any number of social media scams, perhaps the most popular being the ‘Facebook Security phishing scam’.
This is where a scammer changes the name of our friends Facebook account to some permutation of “Facebook Security” – as well as changing the profile picture to a logo pertaining to Facebook. Upon a cursory glance, our friend’s compromised Facebook account may now appear related to the Facebook Security team.
Now when this compromised account sends us a message, it no longer appears like it came from our friends account, but another account related to Facebook. And if this account sends us a message including a link to “confirm our Facebook details”, we may very well comply under the false belief it’s from Facebook. These scams usually claim things like “your account is violating Facebook’s terms of service” and will be disabled unless we click the link.
The link will duly lead to a standard phishing scam; that is, a spoof login webpage requesting our Facebook username and password which are then sent to the scammer.
Worth remembering; Facebook don’t send chat messages. Don’t click on suspicious chat links, and always verify the webpage before entering login information. Enabling 2-step authentication also prevents you falling victim to this type of scam. We discuss this scam in more detail here.
Sponsored Content. Continued below...
The “friend in crisis” scam
This scam again relies on a friend’s compromised Facebook account sending us instant chat messages over Messenger, but in this case, the criminals don’t change the name or profile picture of the account. Instead the criminal will actually pose as the friend and claim that they are in trouble, and need an urgent money loan.
An example of this scam is the criminal may – while posing as the friend – claim they are stuck abroad and need money to return home as their wallet has been stolen.
Of course as soon as we – the victim – send the money, it is stolen. Often these scams work by asking us to wire the money through services like Western Union, which are notoriously hard to trace and don’t always leave a digital trail that can be followed back to the criminal.
Spammy links
If a friends account gets compromised, they can post spammy links from that account, and it will appear as if the friend posted it. Such links can appear on your newsfeed or they can be sent to you through chat (possibly via a Facebook app.)
These links could potentially lead to a whole host of different scams, including malware laden webpages, and use a variety of social engineering tricks to lure you into clicking these dangerous links. So always be careful about links that seem suspicious, even if a friend sent them to you.
Identity Theft
Of course we recommend to all our readers that locking down your Facebook account so that strangers cannot see what you post is an absolute must.
But regardless of having your privacy settings set to “friends only”, we also recommend never uploading any information to Facebook that could put you at risk if it fell into the hands of cyber crooks. That’s because if your friends account gets compromised, you can have strangers snooping at all the information you post onto Facebook, regardless if it’s friends only or public. Things like holiday plans, your address or phone number (if for some reason you opted to allow Facebook to display that information to anyone!) your date of birth, or to accumulate information about you that could put you at risk to targeted scams, like phishing attacks or even the friend in crisis scam we discussed above.
Remember, the more information someone can glean from your account, the higher the risk of falling foul to an identity theft attack – so be careful with what information you choose to upload to social media, even if your account is locked down!
Sponsored Content. Continued below...
Facebook Lottery Scams
Facebook lottery scams work by the criminal posing as a member of staff working on behalf of Facebook, and they contact a victim informing them they won the “Facebook Lottery” – however in order to obtain your winnings, the victim must first pay a small fee, such as a courier fee or handing costs. These fees are duly stolen by the scammer once the victim opens their wallet and pays. It’s a type of advance fee fraud.
Compromised friends accounts can provide a way for criminals to pose as Facebook officials (by changing the name and profile picture of the compromised account, much like the ‘Facebook phishing scam’ we discussed above) to contact unwitting victims though Facebook Messenger.
~
The best advice here is to always be wary of suspicious activity on Facebook, even if it comes from a friends account. Having a friends account get hacked doesn’t mean you have to fall for a scam as long as you follow sensible security and privacy advice and don’t take the bait.