December 10, 2018

A Common Facebook Scam

You wake up one morning and take a look at your Facebook account while you're having your coffee.  You notice that little red number on your Facebook messenger.  It's a friend telling you that they've received a "friend request" from you and that you should check your account because you've been "hacked."  Your heart sinks.  It has happened to other people you know, and now it's happening to YOU.  Someone has invaded your account and now has access to all of your photos, information, and more that you've had on Facebook for years!  Fear and frustration begin to set in, along with a feeling of helplessness.  What do you do?

It's that time of year.  Billions of dollars are being spent online for the Holidays and there are thousands of creative, deceptive people trying to take advantage of it.  They try to steal your identity, raid your bank accounts, threaten you for ransom money, and other tactics.  Hacking is one of the world's most lucrative businesses, and is something that shouldn't be taken lightly.  Even IBM's Chairman, President, and CEO Ginny Rometty said that "Cyber crime is the greatest threat to every company in the world."

It is also a great threat to us as individuals.  Hackers try to get at us mostly through deceptive emails and social media trickery. Why?  Because that's where people tend to spend the most time and have the most interactions online.

For Starters, Don't Panic...

You haven't been HACKED at all.  Not in the least.

Someone has simply created a separate, fake profile with your name and picture on it.  It's very easy to do, and you don't need access to anyone's account in order to do it.  Try it yourself; search for someone you don't really know on Facebook, click their name/profile picture and right click it and download it or save it on your computer.  Anyone can do this and there's no way to prevent it.  Makes you think twice about the photos you put up on social media, doesn't it?

These "hackers" then create a fake Facebook profile using your picture and your name.  There's no way to prevent this as there are a lot of people with the same names all over the world.  They haven't actually accessed your account at all, but using your picture and name gives the impression that they've invaded your privacy somehow.  This is merely an illusion.  If they are able to view your friends list, then they send out requests to as many of your friends as possible, because they are likely to respond and give away access to their personal information.  Most of this is done in attempt to steal any personal information they can get their hands on.  The more people they do this to the more likely they are to get info from someone who is careless or uninformed.  They target anyone and don't care who their victims are.

There are different ways to spot a fake account.  First of all, if you get a friend request from a person you are sure you are already connected with, go and find that person's profile and see if you are currently connected and are still "friends."  If you are, then this is obviously a fake account.

Another way is to look at the url (the website name as you type it into your browser) in your browser bar when visiting the fake page.  The url that is linked with your profile is absolutely unique (that's the "" in your browser's top bar); there's none like it in the world.  It's like a thumbprint for your Facebook profile.  It cannot be duplicated.  Here's the one from my personal Facebook account:


Notice that the url circled in the browser topbar in the image contains my first name, middle initial, and last name.  That is because I've created a custom Facebook url for my profile.  When you hover your mouse over my profile name, the true url will also appear at the bottom of the page, which is also circled.  This will always reveal the real url.  Yours may not contain exactly this.  You can customize yours as well, and I recommend this.  If you don't, by default, Facebook creates a url using the name in your profile plus a number.  For example, if your name is "Marge Hopkins" then the end of the url will likely be something like "marge.hopkins.39."  If it's "Russell M. Upsomegrub" then it will be "russell.m.upsomegrub.24" etc.


Why does this matter?

Because when someone creates a fake Facebook profile, most of the time their real url will give away that they are an imposter.  In this image, someone had sent me a friend request, pretending to be someone I already know and is a friend of mine.  Knowing I was already connected with this person, I didn't respond to the request, and instead went straight to their profile to investigate.  As you can see in the image here, the url gave them away as someone quite other than the friend of mine that they were pretending to be; a "Claudette Hambrickhorne." An imposter!

When I replied to their request in messenger, I said "Nice try, CLAUDETTE" and they began cursing at me (something my sweet friend would never do).  Of course it didn't bother me one bit as I would expect that type of a response from a poser and faker.

When you see that someone is falsely representing you or anyone you know, instantly report it to Facebook.  The easiest way is to go to the profile and click on the three dots "..." located on the right side of their cover photo.  This will give you an option to "Give feedback or report this profile."  They usually respond to this fairly quickly.  I recently had someone posing as me just as indicated above.  Within 5 minutes the profile had been completely removed from Facebook.

A Common Email Scam

At first it seems very scary.  An email has been sent to you (apparently from your very own email address!) and it contains an account username and a password that you've been using.  The sender claims that they've not only hacked your account, but somehow hacked into your computer and even your web cam and claim they have pictures of you doing dirty things, a list of pornographic websites that you've visited, and more.  They threaten to expose you publicly with this information unless you send them a lot of money in Bitcoin or some other way.

Even if you've never visited a porn site or done anything that will publicly shamed you, emails like this can be a bit scary.  If they have some of your "secret" information, what else might they have?  Once again, there is no need to panic in most cases.

The senders of such emails can easily obtain this info that has been leaked in data breaches from companies; an occurence that seems to be happening all too frequently.  Even Starwood Hotels recently had a huge data breach, exposing the data of over 500 million people.  Usually the passwords that they claim to have stolen are years old, which is a good reason to change your passwords often on any accounts that you have.

Take it from someone who specializes in creating very convincing deceptions (for entertainment purposes only, mind you) that what you are witnessing is nothing more than a fake threat.  Tens of thousands of these emails are sent out and all it takes for a hacker to cash in are just a few panicky people.  They use just enough truth to scare you into believing they have an edge, when in fact they have none at all.  Simply delete these emails, and if you are still using this password they know on any accounts, go and change it immediately.

Most cybercriminals are extremely lazy.  They want the easy targets.  That's why they just keep sending out these emails in droves.  They aren't attacking you personally; they are simply setting their weapon of choice to fully automatic and pulling back on the trigger and seeing what targets they can hit.

Below is an example of this type of email that I recently received (not the entire email, just the first page of it).


The account username and password were definitely ones I had used on the past; many, many years ago.  In fact, the "account" they mentioned was simply nothing more than an email address, so calling it an "account" is actually meaningless.

These cybercriminals usually have terrible grammar, and throw around buzzwords like OS (Operating System), "trojan" or "malicious code" or "dump of your disk" and other such terms.  Just enough to make it sound like they know what they are talking about; and enough to get people to fear and respond to their demands.

While you can't entirely prevent others from stealing some of your info, here are some things you can do to greatly decrease your chances of ever having any of your accounts compromised, or your information stolen:

Use A Completely Different Password for Every Single Account You Have

This may seem like a daunting task, but it is truly one of the best practices.  Security is only as strong as its weakest link, and while it's convenient for you to just use the same password on everything, it is just as convenient for hackers.  Don't make their job easy.  If you don't have a safe place to write them down and store them, I highly recommend using a password management software that not only can create, save and remember passwords for you securely; they encrypt them as well and also have a 2-factor authentication option.  The one I currently use is LastPass, though there are many others out there.  With only one account I can use it on several devices.

If Your Account Offers 2-Factor Authentication, Then Use It!

2-Factor authentication simply means that in order to access specific account information, a user has to not only have a username and password, but sometimes even a physical device such as a cell phone that receives a time-sensitive code in order to log in.  This means that even if someone steals your info, unless they have your mobile phone to receive a message on it, they still will be unable to access the account.  I personally use 2-factor authentication on as many things as I can, and use the Google Authenticator App on my phone to manage it as well.  It only takes a few extra moments but it increases your security many times over.  A little inconvenience for you, 100 times more inconvenient for a potential hacker.  The following is a brief video that explains a bit more what 2-Factor Authentication is.

Whenever Possible, Don't Use Public WiFi

This is especially true if you are making purchases in a public place using your mobile phone.  Use your phone service's cellular data, or create your own hot spot that is password-protected and use it.

Get A Good Anti-Virus Security Software and Use It

There are a lot of good ones out there.  Do your research and discover which will work best for you and update it as often as possible.

Use a Virtual Private Network

Also known as a "Proxy Server," this is one of my personal favorite security measures.  VPNs are very affordable, and basically allow you to use the web anonymously so that your activity cannot be tracked by people trying to get your information, or use information about your website browsing habits against you or for their personal gain.  I personally recommend a company called Private Internet Access, but there are many VPN services out there.  For a list of 10 great VPN services and more information about them, click here. You simply create an account, purchase the service, and add your devices such as smartphones, laptops, desktop computers, etc.  The following video gives a great and simple explanation about what a VPN is and how it works.

Always Use A Passcode On Your Smartphone

The few extra seconds it takes to enter it in is well worth the layer of security it provides.  Our phones are perhaps our single greatest threat to our personal identity; and the easiest inroad by "bad guys" into our personal lives.  If you've ever lost or misplaced your phone, you understand the panic that sets in.  In the hands of the right (or "wrong" person), someone can wreak a tremendous amount of havoc by stealing information from a lost phone.

Get Used To It, This Is Only The Beginning

This may all seem a bit overwhelming to many, but cybercrime isn't going away anytime soon; in fact, it gets worse all the time.  You need to educate yourself on it and take steps to make your information as secure as possible.  This isn't a "doomsday" message; it's a fact.  Don't take things for granted.  Learn what best practices are and implement them.  Your lives and the lives of your family, friends, and loved ones are at stake.  The old saying "an ounce of prevention is worth a pound of cure" still applies today, even to internet security.

Share This Information with Those You Know

While I don't consider myself a technical genius, or computer or internet expert, my many years of being in business for myself as a speaker and entertainer, building and managing websites, etc., have taught me a lot about the cyber world.  Especially since my "talent" involves creating deceptions (once again, for entertainment purposes only), I have a particular hatred for those who use deceptive practices to bring harm or injury to others.  That is why I have gone to the trouble to share some of this information.  This is only scratching the surface of things that are good practices to help keep info secure. I encourage everyone to always be vigilant and take time to learn and understand more about what you need to do to keep your information safe and secure.  It is always time well spent.