Recently (30 minutes ago) a friend of mine had his Facebook account compromised.
It came in the form of a notification that I had been tagged in a comment on a group that I was stalking my friend Sal.
Aside from the bad grammatically structured sentence, the way the post looked was frustratingly scam looking. What this bug is taking advantage of is people’s lack of security around their friends list.
This is what we did to secure his account and check what he was logged into:
1. Check this list: Remove anything you don’t recognise… https://www.facebook.com/settings?tab=applications
These are all the apps, third party games, subscriptions (Spotify) that you gave permission to through Facebook to connect to your network of connections.
2. Check where you are logged in… https://www.facebook.com/settings?tab=security§ion=sessions&view
Be aware that the location might not reflect where you actually are but where your Internet Service Provider is pinging back from (apparently our North Perth office is in Tasmania in this case), also note that I am logged into my Samsung multiple times (It’s because I use the Facebook Pages Manager app, Facebook Personal app, Facebook Messenger app)
3. In the same place for where you logged out of sessions you can also change your password below. Do that just in case. It’s likely they don’t have your password but just for added measure.
4. Message your friends something along the lines of this:
Hi, I recently had my account compromised and you were a tagged into a post that read “WHO CHECKING YOU OUT” Please DO NOT follow the link to this, it will compromise your account and tag all of your friends also. If you need help in addressing any issues that arise from this please visit this blog: https://mingjohanson.com.au/social-media-security-series-mass-tagging-who-checking-you-out
(you only need to send this to one person and then if you hold down on the message you can forward to your friends who might be effected)
5. Secure your friends list! NOW (check previous blog here: https://mingjohanson.com.au/social-media-2018-security-series-reducing-scam-risks/)
6. Take a breath, have a cup of tea.
\\This blog is part of a series of blogs to be released over the next year.
Remember to share, like, love, press the buttons and do the thing – Ming.