It is not surprising then, that Facebook accounts are like juicy bait to the scammer. And so, when you hear that someone has had their account hacked, a sigh rather than an audible gasp is in order.
The Facebook Scam – What Happened
A friend of mine recently had a shock; let’s call him ‘Bill’. Bill was an irregular user of Facebook but had a large group of Facebook ‘friends’, mainly family and friends (like me) but some work and client colleagues too. One day, Bill went to log in to Facebook and found that he couldn’t get into his account. Of course, first thought was that he had forgotten his password. But he logged in fairly regularly and knew it couldn’t be that. Bill kept trying. Eventually, he was locked out and a message came on screen that his account was locked and to contact Facebook.
A back story quickly unfolded. Scammers had managed to get into Bill’s account and take it over. Account takeover is big business. It is usually financially motivated. In the UK, the number of cases ending in court due to account takeover has doubled in the last year, according to KPMG.
Once Bill’s account was in the hands of the scammers, they then used his reputation amongst his peers to trick them out of money. They sent out a message to a number of people in his friend group asking for money for a ‘sponsored bike ride’. They also advertised fake goods on Bill’s profile.
Bill complained to Facebook through their “report compromised account” link. It took many weeks for Facebook to take action. This is not unusual. Another friend had a similar experience. In this case, my friend’s account was not taken over. Instead, the scammers created a fake Facebook account which used their reputation as a business owner to scam others.
Scammers use all sorts of tricks to play out their fraudulent games.
The Facebook Scam – How We Believe The Scam Happened
Bill isn’t sure exactly how his Facebook account was taken over. However, there are a number of ways it could have happened:
- Phishing: The most likely scenario is that Bill clicked on a link in a phishing email which took him to a spoof Facebook page. There, he would have entered his login credentials and unbeknown to him, they would then have been sent to the scammer to use to login to the real Facebook. It is not Bill’s fault – cybercriminals create very realistic looking emails and spoof sites.
- Account recovery: Sometimes, another compromised account can lead to another account being taken over – in a sort of cybercrime cascade. You try to get into a locked account (which has been, in fact, taken over). This then triggers the account recovery process. If the system for recovery is weak at any juncture, it is possible the cybercriminals will intercept the flow of messages to recover this account, and then take over another of your accounts. This is usually the case if an email address has been initially compromised.
- Wi-Fi hacking:If you login to an account using an insecure Wi-Fi connection, such as in a free Wi-Fi hotspot, you could have the communications (such as login credentials) intercepted by a scammer. This only happens if the site you are using is not properly secured using HTTPS.
- Brute force: This is where a hacker guesses your username and password. If you use a weak password, you are at risk of this. If you have a second factor set up, such as a mobile app authenticator code, you are less likely to be at risk of a brute force attack.
In the end, Bill got his Facebook account back under his control, but not before a lot of damage was done. Account takeover can affect many more people than just the account owner. He is now very careful about phishing emails and uses a more robust password for Facebook access.
Why not help your colleagues stay safe and send them this little reminder. Feel free to edit, copy/paste the advice below:
Facebook Account Takeover Scam
Scammers are targeting Facebook accounts. If they gain access, they will use your account to trick friends and family into paying out sponsor money for bogus charities.
Watch out for Facebook phishing emails and make sure your Facebook login password is robust – ideally using a mix of several unconnected words to form a password.
And, if you get a Facebook email asking you to click a link to login DO NOT CLICK THE LINK. Always go to Facebook directly and login from there.
Don’t forget to share this with your colleagues and friends and help them stay safe.