How a Friend’s Hacked Facebook Account Can Compromise Your Privacy and Security

facebook-security-2I had an ironic situation occur a while back – a close family member had their Facebook account hacked. Despite all of my warnings and admonitions, this young person I hold dear fell victim to a Facebook scammer.

My wife called and asked me why they had changed their name on Facebook. This immediately sent off warning bells in my mind, so I hopped on Facebook and visited the profile. Sure enough, the account name had been changed and the profile pic had been replaced with that of a trashy looking tramp.

I contacted my relative and told them about the situation. Unfortunately, their email had also been hacked. They reported the incident to Facebook and created a new Facebook profile. They also sent a shout out to all of their friends advising them that their account had been hacked – a pretty common occurrence in this situation.

There are a couple of problems here:

  1. It is nice they created a new account and advised people that their account had been hacked. Unfortunately, only the friends who re-friend them on this account will see it. Her 1300 plus other friends are clueless about the incident, and unless they notice the strange name, then they are at risk. If they also have a huge amount of friends, then what are the chances they will notice a name change on one account? Obviously we don’t advise having 1300 friends on Facebook, but that is the subject for another post!
  2. Facebook can be very slow at taking action on fake profiles. This incident was reported on Wednesday morning and the bogus profile has been active for over six months!

The hacker not only has complete access to the Facebook information of my relative, but they can also access a large volume of data on the people she is friends with. Even the most privacy conscious individuals with everything set to ‘Friends Only’ are now exposed and at risk. Think of all the information they can collect and the damage they can do in just a short period of time. Here are just a few ways they can exploit the friends of the newly acquired account:

  1. Data mine for mobile phone numbers on account profiles
  2. Collect personal and private information to be used for phishing attempts, identity theft or to make the ‘Grandma Scam’ more believable
  3. Use Photos and data obtained to create other fake profiles
  4. Install rogue Facebook applications and send spam and scam links to all of the friends on the account
  5. Monitor status updates of friends to know where they are and when they are not at home

These are just a few things I came up with in brainstorming for five minutes or so. I’m sure there are countless other things a professional cyber criminal could devise.

Another scam that is very common at the moment is the bogus Facebook Security phishing scheme. We have warned on this one several times in the past. Basically, the person receives a message from someone pretending to be Facebook Security. Often times, the account sending the message has also been hacked by scammers. The profile picture is changed to that of the real Facebook Security and the name is changed to “Facebook Security” spelled with funky, non-traditional characters. Not only does this make the scam appear more legit, but these scammers have the access mentioned above to all of the ‘friends’ of the hacked account.

Pay careful attention to everyone on your friends list. If you see any name changes or other suspicious activity, immediately perform the following actions to protect your personal information:

  1. Block or Unfriend the person sending the messages or that has had their name changed.
  2. Notify them of the situation, so they can take action to reclaim their account and mitigate the damage.
  3. Report the Fake Profile to Facebook – Do this by navigating to the offending profile, and clicking on the Down Triangle in the top right corner:
report_friend_account

It’s also a good idea to limit who can see your friends list altogether. If a friend’s account gets hacked then having a visible friends list gives them more information and potential victims to target. This is a very easy fix – just navigate to your Timeline by clicking on your name in the top right corner, then you’ll want to click on your ‘Friends’ box. At the top of the next page you’ll see an ‘Edit’ button. Just click that button and select ‘Only Me.’
who_can_see_friends_list

On Facebook, your privacy is only as secure as your weakest friend.

Related Links and Resources:

Four Things You Need To Do If Your Facebook Account Gets Hacked

Fake Facebook Profiles and Pages – the Tools of Scammers, Bullies and Thieves



Recommended Resources

IDrive® Secure, fast and simple online backup – 5G Free!


BitDefender Safego is a Facebook application you can install that will scan your News Feed and help keep you safe from scams on Facebook.

PRIVATE WiFi® is a Personal VPN that encrypts everything you send and receive. Don’t access Facebook from a public WiFi hotspot without it.

DoNotTrackMe® is a used by millions of people worldwide for free to block web tracking and spam email. Advanced Premium features ($5/mo.) allow you to protect more private information by creating one-time use, private credit cards when you shop online.

Facebook Smart Phones: Is your data the motivation? Previous post Facebook Smart Phones: Is your data the motivation? Tricky Phishing Scam Mimics Facebook's Official E-Mails Next post Tricky Phishing Scam Mimics Facebook's Official E-Mails