During the years that I have been writing Scamicide I have written many times about various Facebook scams. The reason for this is that with more than a billion users, Facebook is obviously popular and anything popular with that many people will be sought after as a vehicle for scammers to scam people. Recently, I wrote about the dangers of Facebook cloning when a new Facebook account is set up using your name and information in an effort to lure people into trusting messages and links that will appear to be sent by you. But Facebook accounts are relatively easy to hack as well with the same goal of using your name to lure someone who trusts you into becoming a victim of a scam.
I urge Scamicide readers to contact me with scams they encounter so we can share these with everyone. Recently I was contacted by Erica Kenney who was Facebook chatting with someone that she thought was her aunt after her aunt contacted her on Facebook to wish Erica a happy birthday. The conversation evolved into Erica’s “aunt” informing Erica that she had just won $100,00 from the Hugh Trust Foundation and that she saw Erica’s name on the list of winners too. All Erica had to do was contact the people her aunt referred her to in order to get her prize. Of course, if Erica had followed up on the scam, she would have either clicked on a link and downloaded keystroke logging malware that would steal her personal information from her computer and use it to make her a victim of identity theft or be tricked into providing personal information directly when she went to the website to claim her prize. Once again, there would be no prize except the booby prize of having your identity stolen due to providing the information to the scammer.
Fortunately, Erica was too smart to fall for this scam.
A strong password and security question can help increase your security on Facebook. Unfortunately, however, a very simple flaw in Facebook procedures allows a hacker to get access to your account and the ability to change your password after the hacker is unable to answer your security question merely by having the hacker provide three “friends” with Facebook accounts to whom Facebook will send security codes that the hacker can use to gain access to your account and change your password. The hacker, of course, has already set up Facebook accounts for three phony “friends” to whom Facebook will send the security codes which can be used to hack your account. Other times, the personal information that is readily available about people on line is sufficient to answer the security question. Regardless of how the account is hacked into, the result can bring an increased risk of identity theft to your real friends who may trust a message from you that contains a link with dangerous keystroke logging malware that can result in your real friend’s computer being infiltrated and all of the information on it stolen such as Social Security number, account passwords and credit card numbers that can result in identity theft.
Be careful what personal information you put on Facebook. Always consider how that information can be used against you to make you a victim of identity theft. When setting up a security question, pick an answer that is nonsensical to protect it from hackers, such as “Where did I go to High School?” with an answer of “blue.” Finally and most importantly, never, and I mean never, click on links in messages that you receive unless you are absolutely sure that they are legitimate. Merely because a message appears to be from a friend does not mean that the friend actually sent it. His or her account may have been hacked or they may even be passing on tainted material without knowing it. Never click on a link until you are absolutely sure that it is legitimate. Call your friend to confirm that the message was from them and confirm from where they got the link they are sending to make sure that it is legitimate. It may seem paranoid, but even paranoids have enemies.