Oh, No Oh, No Damielle's Pics Damielle's Pics

Facebook Scams, Hoaxes, and Malware

facebook by Rich Pasco

Quick Links

Introduction

The social networking site Facebook is large enough to have attracted more than its share of scams, hoaxes, and malware. The same cautions should apply when using Facebook as when reading regular e-mail or outside web sites:

  • Don't believe everything you read.
  • Don't share or re-post something just because it tells you to!
  • Don't trust everything that seems to come from a friend. Your friend may be misinformed, or it may have come from an imposter stealing his identity.
That much said, there are some Facebook-specific scams worthy of special note:

Don't accept “Friend” requests from strangers

Remember your parents telling you not to accept candy from strangers? Facebook “Friend” requests are much like that candy. Remember, on the Internet, nothing is as it seems. That lonely, sexy young woman might just be a devious hacker hell-bent on identity theft or taking over your computer. Photos of lovely models are freely available online, so pictures do not necessarily represent the person behind the Facebook profile. A true friend is someone you know well enough to trust. Simply declaring someone a “Friend” on a social network does not make them one.

If you get a Friend request from someone you don't know, do not accept it right away. You might reply (with a private message) and politely ask that person how they know you. Don't accept it just because they have mutual friends of yours, because it may be that your friends fell for the scam, too. You might message your friends and ask them how they know that person. If they don't know him either, then send them a link to this page.

One reason it is dangerous is that once the person is your “Friend,” he has access to all the information you have posted just for your friends. It is even easier for him to create a duplicate profile and then befriend all your friends, and so on. See “The Duplicate Profile” below. Another is that you might trust them and then fall victim to one of the hacks to take over your computer (see my article “Every Trick in the Book.”

Another scenario: You didn't know it, but that beautiful, lonely 26-year-old woman who sent you a friend request last week is really a 45-year-old male burglar. And by posting your vacation pictures as you travel, you've just told him that your home is available for his picking.

An example phony profile: “Comfort Mylla”

I got a Friend request from “Comfort Mylla” on Thursday, January 28, 2016. It was a new account with no history before the profile picture update notice below (see the “his” in it), and only a few friends, all older men.

Comfort Mylla 1

I put the photo into Google Images and found the net awash with that same picture attached to phony profiles at various dating sites. So naturally I declined the request. In fact, I never accept Friend requests from people I don't already know.

Comfort Mylla 2

I sent “Comfort” a private message explaining that I only accept Friend requests from people I already know. In an attempt to convince me of her sincerity, “she” sent me a few more pictures, which matched other shots of “Danielle” from the Danielle FTV site at the first link above. When I asked about that, she said she used to be a model under the assumed name Danielle, but returned to Ghana to care for her ailing mum. Sure, right.

So I reported the profile as per the instructions under “How to Report a phony profile” below. Here is the result:

Comfort Mylla 3

Another phony profile: “Mary Cusack”

When I opened my Facebook account on Friday, January 6, 2017, I had a Friend request from a beautiful, sexy twenty-something young woman with a brand-new Facebook account and absolutely no other Facebook friends. Eager to learn more about her, I right-clicked on her profile photo and chose “Copy Image Location.” Then I went to Google Images, opened their “search by image” feature, pasted the link and found several articles about “The ‘Yahoo Boys’ in Nigeria.” So I pulled down the menu on my new friend's profile and chose “report this profile” and “this is a fake account.” Facebook took it down promptly.

Mary Cusack

Mary Cusack Reviewed

For More Information

The Duplicate Profile

Hackers copy your name and your profile picture and create a new Facebook account. They send Friend requests to all of your Friends. Your friends think it is you, so they accept. From then on, the hackers can say and post whatever they want under your name.

Hacked vs. Cloned (or Spoofed)

Please carefully distinguish between two terms:

  • “Hacked” means that someone logged into your account (and possibly modified its content). An appropriate response is to change your password.
  • “Cloned” or “Spoofed” means that someone copied its publicly visible features (profile and cover photos, intro, biography and birthday) to create a phony account in your name. An appropriate response is to (1) report the phony account to Facebook mangement so they can take it down and (2) hide your list of friends from public view.
Too often, I read well-meaning friends of someone whose account was cloned telling the victim that their account was “hacked” and to change his password. Not only is this technically misleading, to change one's password is both unnecessary and ineffective in this situation.. It is unnecessary because there is no evidence that the original account was logged into or modified in any way—only published data was accessed. It is ineffective because changing one's password neither removes the phony profile nor stops the impostor from continuing to send Friend requests to the victim's Friends.

Confusion between hacked and cloned profiles resulted in an e-mail virus claiming that hackers could post inasulting messages ostensibly from you on your friend's “wall” (status timeline). As this article explains, any such messages may appear when your friends accept clones of your profile.

Defenses

Configure your account so that your posts by default are visible only to your Friends, not to the general public. Your public profile should list only what is necessary for someone to recognize you.

Keep your Friends list non-public (so it is not publicly visible). While this won't stop a hacker from cloning your profile, it will reduce his motivation to do so, because then if he does, he can't send Friend requests to all your real Friends. How to do this is explained below.

If you have a Facebook account, use it! Post frequent status updates (with photos if possible) for your Friends' eyes, about what you're doing in your life. That way they will know they are your Friend and be less likely to accept a second Friend request. It will also make it easier to distinguish the real you from your clone (the hacker would have to copy your updates one by one, which would introduce a delay.)

Periodically enter your name into the search box at the top of the Facebook screen. If you see a second profile with your name and profile picture, open it and report it as a fraud to the Facebook authorities.

Sadly, sometimes hackers will Block the account of the person whose identity the are stealing. (In Facebook, if you “block” a profile, you don't exist as far as that person is concerned. But the rest of the world can still see you.) In this case, you may have some success asking a friend to follow the above procedure on the duplicate account, except choosing “pretending to be someone I know” in the last step.

If you get a Friend request from someone you thought was already your friend, do not just Accept it. Instead, contact them (by a trusted means, not via the fake profile!) and ask about the duplicate. If they did not intend to create it, they should report it as above.

How to Report a phony profile

Note: Access Facebook via a web browser. I don't know how to report a phony profile from a cell phone's Facebook “app.” In fact, I don't think you can.

  1. First, visit the phony profile. If you got a Friend request from a phony profile, you can visit it without accepting the Friend request by clicking on the highlighted name in your Friend Requests list (neither the “Confirm” nor “Delete” button).
    Friend Requests

  2. Pull down the menu next to the word “Message” to the right of the profile name.) and click “Report”
    Report

  3. Click “Report this profile” and then click “Continue”
    Report this Profile

  4. Click “They're pretending to be me or someone I know” and then click “Continue”
    Pretending to be

  5. Click “Someone I know” and then click “Continue”
    Someone I know

  6. Click “Submit to Facebook for Review”
    Submit to Facebook

  7. Type your Friend's name, click the match from the pull-down list, and don't forget to click “Submit.” Don't click “Done” yet.
    Name Submit

  8. Verify the submission and then click “Done”
    Done


Keep your Friends list non-public

It is a good idea to keep your list of Friends hidden from public view, for at least two reasons:

  • To make it harder for a hacker who creates a phony clone of your profile to send Friend Requests to all of your real Friends (see “The Duplicate Profile” above).
  • To make it harder for spammers to put your name on the “From:” of spam to your friends, or your friends' names on spam to you.

To do this:

  1. Go to your home profile page (by clicking on your name in the blue bar at the very top of your screen).
    Home Page
  2. In the bar under your name and profile picture, click on Friends.
    Friends
  3. On your Friends page, click on the pencil icon at the right of its heading.
  4. On the pop-up menu, click on “Edit Privacy.”
  5. On the Edit Privacy dialog, pull down the menu next to “Who can see your friend list?” and click on “Friends”. Then click on “Done” to close the dialog and save your choice.
    Edit Privacy

FAQ

Q. 

Why should I care if a hacker cloned my profile? What are the consequances of just letting it be?

A. 

While you may know that the clone is phony, your friends may not. If your real friends accept the impostor, then he may pester them with advertisements or insults which they may blame on you.
 

Q. 

But what if I already did accept a Friend request from a hacker pretending to be my friend?

A. 

unfriendYou should un-Friend the phony account ASAP. To do so, visit the phony profiles, and near the top, click on little triangle next to the word “Friends” and choose “Un-friend” from the pop-up menu.
 

Q. 

My profile was cloned. Do I need to change my password?

A. 

While it is a good idea to change your password from time to time, there is nothing about simply being cloned to suggest that your account was compromised. Most likely the hacker created a new profile based on your public information (including public images).
 

Q. 

My profile was cloned. Should I close my Facebook account?

A. 

Absolutely not! Not only is there no evidence that your account was compromised, closing it would not stop the hacker from continuing to impersonate you. It would allow him free reign over your identity while removing your only weapon to fight him.
 

Q. 

My profile was cloned, but I can no longer see the phony. Does that mean it was taken down?

A. It actually could mean any of three things:
  1. The phony profile was taken down.
  2. The hacker blocked you, his victim, so that you could not see the phony.
  3. Earlier, you yourself blocked the phony profile. In this case you need to unblock it in order to report it as above.

When dealing with cloned accounts, it is helpful to note (on a piece of scratch paper, or in a temporary file) the subtly different URLs (web addresses) of the genuine and phony accounts. For example, my genuine URL is

     https://www.facebook.com/richpasco
If there were a clone, it would have a different URL, usually with a number after it or in place of the name.

Editorial Commentary

by Rich Pasco
It is indeed unfortunate that Facebook's default setting (what new users get if they don't deliberately change it otherwise) is for your list of Friends to be visible to the entire world. I think that this is dangerous, because it encourages hackers to publish impostor profiles and then send Friend requests to all the Friends of their victims. So I encourage everyone to change their settings to hide their list of Friends from public view. I really wish that Facebook would change their default for new accounts to make your Friends list visible to your Friends only, but of course nobody in charge there ever listens to me.

For More Information

Beware of Messages Bearing Videos

Hoax Video If you get a private message via Facebook's Messenger component, apparently from a friend, with what looks like link to a video, do not click on that link without first asking your friend what the link is about. It may be that your friend's account was compromised and the link is malicious. The general rule is, never click on a link received in any unsolicited message, even if apparently from a friend, without a clear understanding of exactly what is at that link. Ask you friend what's there and why he sent it to you!

For More Information

Privacy Notice and Rescinding Terms and Conditions

In November 2012 and again in January 2015, countless Facebook users began posting a notice to their profiles encouraging their friends to do the same, apparently rescinding the Terms and Conditions they agreed to by signing up for Facebook. This is a virus in that it tricks others into reproducing it, while being a worthless, misleading waste of time. Think about it:

  • One cannot unilaterally changed the Terms and Conditions to which you agreed by opening your Facebook account.
  • In order to do its job, Facebook must disclose, copy and distribute the text and photos you post: that is the whole reason you upload them to Facebook in the first place. If you don't want to share them, then don't post them on Facebook.

For More Information

Graph App and Privacy

Since February 2013, there's another false “urban legend” going around on Facebook, claiming that their Graph App compromises user privacy. Read the truth by David Emery and on Snopes.

“Restricted Video” Scams

Your friend shares on his status/timeline what looks like a link to an interesting video (e.g. “Rowan Atkinson died in car crash” or “World's largest snake found in Brazil”), but when you click in it you get a message that says it is a restricted video and you must share it first in order to see it. Doesn't that seem strange? Personally, I share something after I watched it, not before. If you do share it, you have become an accomplice in spreading this junk, just like your friend. Some examples follow:

RIP Mr. Bean

You see a post ostensibly announcing the death of a celebrity (in this example, Rowan Atkinson) and want to learn more, so you click on it. A seemingly legitimate news video starts playing, but then is interrupted by a “Security Check” pop-up, instructing you to Share the video to prove that you are over 18 in order to continue watching. How sharing the item would prove anything about your age escapes me, but if you do, you are led to more diversions, aimed at installing malicious software (malware) onto your computer, extracting your credit card number, or both.

RIP Mr Bean

RIP Mr Bean

World's Largest Snake

snake

The link your friend shared leads to a page on a different domain than facebook.com, which is cleverly designed to resemble a Facebook page (that it is not). This too is a clue that it is fraudulent.

People who have persisted report that the process leads to a “survey”; which asks your cell phone number. If you provide it, you get signed up for a “service” which is then charged via your cell phone bill. Don't fall for it!

For More Information

The Phony Login Screen

You see what looks to be an interesting video, but when you click on the “play” icon, you get what looks like another Facebook login screen. Hey, weren't you already logged in to Facebook? You're looking at a phony screen—notice that its domain is not https://www.facebook.com/—and if you entered your login credentials (username and password) there, you would be putting them directly into the hands of a hacker!

Phony Charity and Promotion Scams: Don't “Like” or “Share” pages from users you don't know

Facebook is no stranger to “e-mail viruses,” defined as messages which just beg to be shared (or forwarded) because they contain an urgent-sounding warning, a heart-wrenching plea, an offer of something for nothing, or a heart-warming story. It is imperative to check the validity of claims made by an item before you share it.

There are a whole class of scams which promise a valuable prize (or a chance at winning an even more valuable prize) just for Liking, Sharing, and/or Commenting on a free offer. The scammers come up with these faster than I can document all of them here, so just because one does not appear among the examples below does not make it legitimate. Remember, “if something seems too good to be true, it probably is,” and “A virus is that which tricks its victim into reproducing itself.

Since Facebook sends you more stuff from users you like, unscrupulous hackers eager to get exposure will do anything to get you to “Like” or “Share” their content. Once they have baited you with cute animals, heart-wrenching tales, or offers of free stuff, they can then use their popularity to broadcast scams and malicious software (malware). Some falsely offer a reward if only you forward them. One common hoax contains a heart-wrenching photo of a deformed or maimed child and a claim that Facebook and CNN will contribute some amount for every Share or Like. These hoaxes are very common.

Example Scam: Mother's Day Digital Coupons

coupons

You see an advertisement offering coupons which look authentic and offer fantastic deals at well-known merchants. To get them you have to fill out a form asking for name, phone number, and bank account information—which a legitimate vendor would never request. Enter that information, and you become victim of identity theft and your bank account is emptied. Don't fall for it. This video tells more:

Example Scam: Coca Cola 24 Pack Giveaway Facebook

Allegedly the Coca Cola company is giving a free 24-pack to everyone who shares a post announcing that fact. In reality you are helping the scammers earn a commission, and you get nothing.

Example Scam: The “Free Airline Tickets” event

I got an invitation from a friend to join a Facebook “Event” whereby I could win free airline tickets simply by inviting 200 friends. The item claimed that Qantas airlines was giving away 17,000 free airline tickets! I didn't believe that claim, and checked with the real Qantas Airlines who confirmed it was a scam. What amazes me is how many people are so driven by greed as to carefully follow the instructions below without question.

Get 2 Free Quantas Tickets
Give Away 17,000 Airline Ticekts

References

Premium Account Trolling

Where you might expect to see a photo, you instead see a sign stating that the photo is only visible to Gold or Premium users. There may or may not be a link whereby you can send money to “upgrade” your account. If there is, do not send money. It is an old hoax.

This photo is only viewable Facebook PremiumŪ users

“Copy and Paste” Instructions

copy and paste

Sometimes, on a friend's status timeline page, I read a heartbreaking plea or an urgent-sounding warning, which concludes with instructions to “copy and paste this post to your own status page—do not share, be sure to copy and paste.” So what do I do next?

  1. I immediately realize that my friend did not thoughtfully write from his/her own experience, but merely robotically followed someone else's instructions to copy and paste it.

  2. I recognize that my friend has fallen victim to a form of virus, defined as “that which tricks its victim into making more copies of itself.”

  3. I wonder how seriously my friend takes our friendship if he or she would test it by whether or not I am willing to copy and paste a chain letter.

  4. I may reply with a statement that I post only original material to my status timeline; I don't copy and paste anything, especially not things that tell me to. I may include this link to this article:
    http://www.richpasco.org/virus/facebook.html#copyandpaste

  5. I certainly do not follow the instructions to copy and paste it. And I recommend that you don't, either.

Okay, I got suckered into copying and pasting a hoax. Now what?

You should delete it. Just posting a comment under it stating that it is phony will not effectively stop it from propagating, because many people may follow the copy-and-paste instructions without reading the comments.

How to Delete a Post

Here is how to delete an item you have posted on your status timeline.

  1. Pull down the menu from the caret in the top-right corner (or, if on a cell phone, hold your finger on the post to get the menu).
  2. Click Delete. It's that simple.

How to Delete

Further Reading


“Facebook is Limiting My Reach”

Facebook is limiting my reach

Yes, I can see it, but please don't be so paranoid: Facebook does not limit anybody's “reach” (whatever that is). The truth is:

  • If you post for a specific audience (e.g. your Friends) then all of that audience can see it by looking at your status timeline (home page) any time they choose.
  • Facebook edits what any individual user sees in their news feed, depending on whom they are “Following,” according to a complicated algorithm involving what they have “Liked” and commented on in the past.
So the grain of truth is that liking or commenting on this post may increase the likelihood that you will see more from this person in your news feed in the future. Do you want to?

Redacting History

When a friend changed her Profile Picture, she noticed an announcement that she had changed her profile picture appeared on her Timeline. She quickly selected the announcement and invoked “hide from timeline” on it. Indeed, it was hidden from her timeline, but the same announcement also appeared in the Newsfeeds of her Friends who Follow her, and was not removed therefrom by her action of hiding it from her timeline.

Blocking Secret Followers

Yet another Facebook virus is a forwarded message which claims that you should search for people following yourself by searching for “following me” and blocking the names which turn up. But really, this searching simply lists people who have the letters me in their names, not people who are following you. You end up blocking total strangers for no good reason. What a waste of time!

For more reading

For more reading


Index to all of Rich Pasco's articles on e-mail and viruses

Rich Pasco's home page

Copyright © 2010-2013 Richard C. Pasco. All rights reserved.