This Public Service Announcement comes about after I received or saw messages from three Facebook Friends in the last week that they have been “Hacked” because someone was sending out Fake Friend Requests pretending to be them.
While Fake Friend Requests are definitely a problem and need to be dealt with correctly, they are not an indication that you have been hacked or that your account and passwords have been compromised in any way.
Fake Friend Requests are usually the result of collecting publicly available data like your name and profile picture in an attempt to “Spoof” you and are not a result of gaining access to anything protected by your account details (username and password). This means your account is still secure, but if you are more comfortable changing your password then that is fine too, just don’t forget to update your credentials on all the devices you use.
The aim of the scammer is to pretend to be you, connect with your friends and then use direct messages to provide some sort of sob story with eventual aim of getting you to send them money in some way. They might try to get more information about you in an attempt to get enough for identity theft, but usually it is just to get a short-term loan that will never be repaid.
If you ever get a Friend Request from someone that you think you are already friend with DO NOT ACCEPT IT. First check if you still have the person as a Friend and look at their profile to see what information and history is on their profile. Then look at the profile associated with the new Friend Request, you will probably find it was just created and has no information or history. Now contact your friend using their existing account or by another method (preferably a voice phone call) and check if they are creating a new account. If they are because they forgot a password, remind them there are ways to recover an account rather than creating a new one. Creating a new account appears very dodgy.
Once you have confirmed that the new Friend Request is fake, please report and block it. This will help prevent anyone else getting caught by the scammer.
If you are the target of a scammer attempting to spoof you, post a warning to your friends on your existing account letting them know someone is trying to spoof you and to report and block the fake profile.
Note: If you have actually been “Hacked”, it means that someone has got enough information to log into your account using your username and password. They might then change your password and/or two factor authentication details to prevent you getting access. I once had an email account hacked and they actually did not change the password so I was not alerted to anything being wrong but set up mail rules to hide the fact that they were sending spam from my account. I had to reset all my passwords to lock them out and clean out the mail rules and deleted emails.
Hopefully this explains the difference between being spoofed and being hacked.
A final point – go into your social media accounts and check the privacy settings and make sure that you only publish what you want Friends to see and never make your information available to Everyone or Friends of Friends.
Keep safe and alert.
David
This article was originally posted on http://www.winthropdc.com/blog.
Winthrop Development Consultants Blog 