Facebook Spyware Threats

Over and over I see customers having their Facebook accounts hijacked and falling prey to spyware spawned from social networking.  Hopefully the information provided will help someone avoid these common internet pitfalls.

In this scenario, you log into Facebook and you receive a notification alert.  It could be something like “Johnny posted a link…” or “Jenny tagged you in this photo”.  You click on the link and the next thing you know, your computer is now sending all your friends random bogus messages and repeating the process that just occurred to you.  This kind of spyware can be easily removed with programs like Malwarebytes.

The more insidious infection will lead you to believe that you have been logged out of Facebook and request that you log back in.  The login page will look just like the legitimate one.  Once you have “logged in”, the hackers will now own your account because you just gave them your username and password.

This form of identity theft has far reaching effects.  Hackers can then solicit your friends for money with stories of being on vacation and the losing one’s wallet.  Even worse, they can login to your email account (if you use the same password) and start resetting passwords for other accounts you have (eg. Ebay, Paypal, online banking, etc.).  You may even find that the person who controls your accounts has also changed the answers to security questions, making them extremely difficult to reclaim.

If this has happened to you, immediately take the following action:  First, call your bank and immediately suspend any credit/debit cards that have been used or are tied to ANY online entities.  Next, change the passwords for EVERYTHING that used the same password as your Facebook account.  Create a new email address that you can use in the interim to contact any friends or business that may be affected by the security breach.  Contact places like Ebay by phone and make sure “You” aren’t selling or buying anything.  Finally, created a temporary Facebook account and tell all your friends to report your hijacked account as being stolen under “Report/Block this Person” ->  “Report this Person” -> “Fake Profile” -> “This profile is Hacked”.  Then try to reclaim your Facebook account by contacting Facebook directly.

If that sounds like a real painful online experience, may I suggest taking the following preemptive action: Go create a new email address with Gmail, Yahoo, Hotmail or similar.  Do NOT use this account for anything except Facebook.  Do NOT use the same password for this account as you do for any other accounts.  Update your email address and password on Facebook, so it now corresponds with this newly created email address.  Lastly, if you are ever asked to log back into Facebook, don’t assume your login expired or it somehow doesn’t think you are logged in anymore.  If in doubt, simply go back to the address bar and type in http://facebook.com and safely log back in there.

If you have been the victim of a Facebook related hack or have other useful advice, feel free to share your experience.