On Thursday 19 March we looked at the hacking of social media accounts and its consequences. Hacking requires getting access to log in credentials . There are many ways of doing it. e.g:
- The use of weak passwords, or using the same password for several online accounts;
- Logging into a social media account on a public device and forgetting to log out afterwards.
- Theft of credentials by Malware
- User is tricked into entering their credentials on fake websites or via spam e-mail and social media links (phishing).
In this context, the title and description of the March 19th presentation was publicised on the Javea Computer Club’s Public Facebook page. This succeeded in attracting a pile of Spam comments, some of which may well have been malicious! Here’s the publicity blurb for the talk:
Someone stole my Facebook account! – How? Why? Can I get it back?
Identity fraud is nothing new, but social media has created new avenues for stealing and impersonating our digital identities. This week, Thursday, March 20 we examine these frauds, their impacts and how to spot and prevent them. We’ll also discuss how we can tell if we’ve been hacked.
Our public page rarely attracts comments, or even likes. But this time there were almost 20, and none of the comments were from people who followed the page. Here are screenshots of some of the comments we received:
It’s obvious that the responses were referring to the title of the presentation, which sounded like a cry for help (until you read the content of the post, which none of the commenters had). The question is, who were these people and how did they “discover” our page so quickly? Some comments appeared within an hour of the post going up. Chris suggested that the commenters used “Facebook Scraping Tools” which are used to scan for specific types of content on Facebook. https://multilogin.com/blog/best-facebook-scraping-tools/ “Facebook scraping involves using automated tools, scripts, or software to extract data from Facebook. This process can include scraping user profiles, posts, comments, group data, event information, and more. The aim is to gather and analyze this data for purposes such as market research, sentiment analysis, or targeted marketing.” The practice is against Meta’s guidelines and is probably illegal.
Some of the comments on our page may just have been Spam, with people touting their services, on the otherhand some are likely to be scams – clicking on a link would connect you to a malicious or very dodgy Facebook account through which they could hack an account or lead you on to a scam site (we have since hidden these comments so that they cannot do any harm)
This website also demonstrates how the Facebook Support Scam might have worked if we had responded to any of the posts on our Facebook account.
Why hack an account?
It all boils down to stealing money: https://hacked.com/the-top-7-reasons-why-hackers-target-facebook-accounts/ .
How do you know if your account has been hacked?
The main giveaway is unusual behaviour and unusual posts coming from your account: https://sectigostore.com/blog/have-i-been-hacked-how-to-know-what-to-do-afterwards/
In addition to these checks, to confirm if your Facebook account has been hacked, you can check for any unusual logins:
The “Where You’re Logged In” section tells you every device logged on to your account and when they last logged on. Review each login to decide if it’s you.
- Open Facebook from your web browser.
- Click your profile photo in the upper right to open the menu, then select “Settings & privacy.”
- Select “Settings.”
- In the “Your activity” section in the left-hand column, select “Activity log” and then “Where You’re Logged In.”
Facebook has a help centre for people whose accounts have been hacked: https://www.facebook.com/help/1216349518398524/
An account can be cloned rather than hacked – i.e. a copy can be made made of someone’s account which is so good that the imposter can spread spam to a person’s “friends” causing mayhem in the process. https://www.techlicious.com/tip/facebook-account-cloning/
We Googled our president Margaret and found loads of information and images of her on-line, which is not surprising because she has a high profile in diverse charitable and social activities in Jávea. Scotty on the other hand is jealous of his privacy, and there’s not much about him online apart from mentions on the JCC web site – such as this page!
Tip: It’s wise to be aware of your digital footprint, avoid making your social media accounts open to the public and to employ two factor authentication and passkeys if they are available.
Chris Betterton-Jones – Knowledge Junkie