December 10, 2018
A Common Facebook ScamYou wake up one morning and take a look at your Facebook account while you're having your coffee. You notice that little red number on your Facebook messenger. It's a friend telling you that they've received a "friend request" from you and that you should check your account because you've been "hacked." Your heart sinks. It has happened to other people you know, and now it's happening to YOU. Someone has invaded your account and now has access to all of your photos, information, and more that you've had on Facebook for years! Fear and frustration begin to set in, along with a feeling of helplessness. What do you do?
It's that time of year. Billions of dollars are being spent online for the Holidays and there are thousands of creative, deceptive people trying to take advantage of it. They try to steal your identity, raid your bank accounts, threaten you for ransom money, and other tactics. Hacking is one of the world's most lucrative businesses, and is something that shouldn't be taken lightly. Even IBM's Chairman, President, and CEO Ginny Rometty said that "Cyber crime is the greatest threat to every company in the world."
It is also a great threat to us as individuals. Hackers try to get at us mostly through deceptive emails and social media trickery. Why? Because that's where people tend to spend the most time and have the most interactions online.
For Starters, Don't Panic...You haven't been HACKED at all. Not in the least.
Someone has simply created a separate, fake profile with your name and picture on it. It's very easy to do, and you don't need access to anyone's account in order to do it. Try it yourself; search for someone you don't really know on Facebook, click their name/profile picture and right click it and download it or save it on your computer. Anyone can do this and there's no way to prevent it. Makes you think twice about the photos you put up on social media, doesn't it?
These "hackers" then create a fake Facebook profile using your picture and your name. There's no way to prevent this as there are a lot of people with the same names all over the world. They haven't actually accessed your account at all, but using your picture and name gives the impression that they've invaded your privacy somehow. This is merely an illusion. If they are able to view your friends list, then they send out requests to as many of your friends as possible, because they are likely to respond and give away access to their personal information. Most of this is done in attempt to steal any personal information they can get their hands on. The more people they do this to the more likely they are to get info from someone who is careless or uninformed. They target anyone and don't care who their victims are.
There are different ways to spot a fake account. First of all, if you get a friend request from a person you are sure you are already connected with, go and find that person's profile and see if you are currently connected and are still "friends." If you are, then this is obviously a fake account.
Another way is to look at the url (the website name as you type it into your browser) in your browser bar when visiting the fake page. The url that is linked with your profile is absolutely unique (that's the "https://www.facebook.com/yourprofilename" in your browser's top bar); there's none like it in the world. It's like a thumbprint for your Facebook profile. It cannot be duplicated. Here's the one from my personal Facebook account:
Notice that the url circled in the browser topbar in the image contains my first name, middle initial, and last name. That is because I've created a custom Facebook url for my profile. When you hover your mouse over my profile name, the true url will also appear at the bottom of the page, which is also circled. This will always reveal the real url. Yours may not contain exactly this. You can customize yours as well, and I recommend this. If you don't, by default, Facebook creates a url using the name in your profile plus a number. For example, if your name is "Marge Hopkins" then the end of the url will likely be something like "marge.hopkins.39." If it's "Russell M. Upsomegrub" then it will be "russell.m.upsomegrub.24" etc.
Why does this matter?
Because when someone creates a fake Facebook profile, most of the time their real url will give away that they are an imposter. In this image, someone had sent me a friend request, pretending to be someone I already know and is a friend of mine. Knowing I was already connected with this person, I didn't respond to the request, and instead went straight to their profile to investigate. As you can see in the image here, the url gave them away as someone quite other than the friend of mine that they were pretending to be; a "Claudette Hambrickhorne." An imposter!
When I replied to their request in messenger, I said "Nice try, CLAUDETTE" and they began cursing at me (something my sweet friend would never do). Of course it didn't bother me one bit as I would expect that type of a response from a poser and faker.
When you see that someone is falsely representing you or anyone you know, instantly report it to Facebook. The easiest way is to go to the profile and click on the three dots "..." located on the right side of their cover photo. This will give you an option to "Give feedback or report this profile." They usually respond to this fairly quickly. I recently had someone posing as me just as indicated above. Within 5 minutes the profile had been completely removed from Facebook.
A Common Email Scam
At first it seems very scary. An email has been sent to you (apparently from your very own email address!) and it contains an account username and a password that you've been using. The sender claims that they've not only hacked your account, but somehow hacked into your computer and even your web cam and claim they have pictures of you doing dirty things, a list of pornographic websites that you've visited, and more. They threaten to expose you publicly with this information unless you send them a lot of money in Bitcoin or some other way.
Even if you've never visited a porn site or done anything that will publicly shamed you, emails like this can be a bit scary. If they have some of your "secret" information, what else might they have? Once again, there is no need to panic in most cases.
The senders of such emails can easily obtain this info that has been leaked in data breaches from companies; an occurence that seems to be happening all too frequently. Even Starwood Hotels recently had a huge data breach, exposing the data of over 500 million people. Usually the passwords that they claim to have stolen are years old, which is a good reason to change your passwords often on any accounts that you have.
Take it from someone who specializes in creating very convincing deceptions (for entertainment purposes only, mind you) that what you are witnessing is nothing more than a fake threat. Tens of thousands of these emails are sent out and all it takes for a hacker to cash in are just a few panicky people. They use just enough truth to scare you into believing they have an edge, when in fact they have none at all. Simply delete these emails, and if you are still using this password they know on any accounts, go and change it immediately.
Most cybercriminals are extremely lazy. They want the easy targets. That's why they just keep sending out these emails in droves. They aren't attacking you personally; they are simply setting their weapon of choice to fully automatic and pulling back on the trigger and seeing what targets they can hit.
Below is an example of this type of email that I recently received (not the entire email, just the first page of it).
The account username and password were definitely ones I had used on the past; many, many years ago. In fact, the "account" they mentioned was simply nothing more than an email address, so calling it an "account" is actually meaningless.
These cybercriminals usually have terrible grammar, and throw around buzzwords like OS (Operating System), "trojan" or "malicious code" or "dump of your disk" and other such terms. Just enough to make it sound like they know what they are talking about; and enough to get people to fear and respond to their demands.
While you can't entirely prevent others from stealing some of your info, here are some things you can do to greatly decrease your chances of ever having any of your accounts compromised, or your information stolen: