December 29, 2021

Tis the season of Facebook and Messenger account impersonators

Beware of new Facebook Friend requests and Messenger message requests coming in the name of people you may already be friends with on the platform. A lot of these requests may even have same profile photo as your friend uses, but may not actually come from the accounts you are friends with.

First, let's acknowledge that there are valid reasons why a Facebook member might create a new account. For instance, they could have a new phone or computer and can't recover the logins from the old device for some valid reason. So, if that person sends friend requests to his previous friends it is probably not a scam (er, maybe). But, that person would be prudent to write a post explaining what happened in the new profile, or in Messenger messages.

But, let's get serious. Facebook accounts are juicy targets for scammers who copy user names, a photo and some details and create a fake, or clone account of somebody you know. They do this so they can scam that person's friends. Always check the member's profile before replying to an unexpected message request that says it is from a Facebook User, possibly with a new account, even if it has the profile photo that friend has been using. Just do a quick search for your friend's name then go to that friend's profile and see if they or their friends mention them possibly being "hacked." They usually have not been hacked, per se, but rather had their account cloned by an impersonator.

Hacked and cloned accounts are used to scam the victim's friends, either by sending a new Friend Request to a fake profile controlled by a criminal, or via specially crafted messages in Facebook Messenger. They can do this if you have an unprotected Friends List that is viewable by other people or the public. If you want to protect your friends from being contacted by scammers who might want to clone your account, just make your Friends list private and viewable to only yourself. To do this go to your account settings, then click or tap on Privacy. the Privacy section contains a setting labeled: Who can see your friends list? To protect your friends from scammers and potential account cloners, set it to: Only Me..

You get to this setting differently if you are using the Facebook App than if you use Facebook in a web browser. The path to this privacy setting on a smart device using the App is as follows.

  1. Log into the Facebook App and click on the Home icon
  2. Tap on the three vertical lines icon on the right side to open the account Menu
  3. Tap on the gear icon to open your Settings & Privacy
  4. Scroll down to the Audience and Visibility section
  5. Tap on How People Find and Contact You
  6. Tap on Who can see your friends list?
  7. Set it to: Only me

If you use a computer and a web browser to log onto Facebook.com, follow these steps.

  1. Log into Facebook
  2. Click on your account name or your small profile picture on top
  3. Click on the three horizontal dots on the right side to open an options menu
  4. Move the mouse down the list and click on Profile and Tagging Settings
  5. In the left sidebar click on Privacy
  6. Scroll down to How People Find and Contact You
  7. Click on Who can see your friends list?
  8. Change it to: Only me

If you do this, scammers and account cloners will not be able to see your friends list and will either try to scam you personally, or move along to a less protected account. But your friends will be protected from this attack and the scams that are bound to follow.

If you get an out of character message in a friend's name, but not from their known good account, especially one that has a link to some random website, possibly saying "Is This You?", either ignore, block, or report it (or do all three). Many of these message requests come from Nigerian 419 scammers. They are the World's leading experts in one-on-one online advance fee fraud (which violates Section 419 of the Nigerian Penal Code).

If you see that somebody is impersonating one of your friends, alert that friend, then report the impersonator to Facebook Security to get them shut down.

Posted by Wiz at 11:30 PM |

Facebook Twitter LinkedIn Pinterest Instapaper Google+ Addthis

back to top ^

December 28, 2021

Securing your Facebook account

I recently helped a Facebook friend secure his account after he accidentally got it hacked by a Nigerian 419 scammer/fraudster. The fraudster was using my friend's account to send scams to people on his Friends list via Facebook Messenger. He needed to change his Facebook password, but didn't know where to do it. This article describes how to do that.

If you are using the Facebook App (not a web browser) on a phone, tablet, or touch screen laptop computer, login to Facebook via the screen or desktop icon. Look at the icons along the top of your Facebook profile. At the far right is an icon with three horizontal lines. Touch that icon. A page opens labeled "Menu" on the upper left. To the right of the word Menu is a gear icon. Touch the gear icon to open your "Settings & Privacy" then follow these steps...

  1. Under the heading "Account" is a link labeled "Password and Security." When you press this link the first option is to check your "Important Security Settings." Do that and fix any serious issues.
  2. Afterward, come back to the Password & Security page and look under the heading: "Login" - where you will see: "Change password." Press that link and follow the on-screen instructions.
  3. Do not reuse an old password as they get stolen from hacked online databases. Create a strong new password that can't be guessed by a random stranger or a hack-bot using a dictionary attack to crack known words. Better yet, if your browser offers to create a strong password, let it and have the browser save/remember it.
  4. Note, you might have to add a punctuation mark, capital letter, or a number to the new password if the input field complains that the password must contain at least one of this or that character.

If you are using Facebook in a web browser, rather than an App, on a desktop or laptop computer, read the extended content for instructions for changing your Facebook password.

Doing this on a computer, via a web browser (e.g., Chrome, Edge, Firefox, Safari, etc.), is a little bit different and much easier to navigate with a mouse pointer. Here's the sequence...

Log into Facebook in your preferred web browser (and keep it updated for best security) and go to your main profile page; the one where you can edit your cover photo or your profile. Under your name and current profile photo (in a circle) is a bar with 7 text links starting on the left and three dots on the right. Click on the three dots. An options menu will open. Click on the bottom option: "Profile and Tagging Settings." Follow these links to get where you're going.

  1. In the left "Settings" sidebar click on "Security and Login."
  2. In the right pane, scroll down to the heading: "Login" and click on "Change Password."
  3. Your current password should appear as dots in the "Current" field if you told your browser to remember you user name and password for Facebook. If the dots are not shown in that field, type it in to continue. If you can't remember your password, click on the link "Forgot your password?" and wait for either a text message or email from Facebook and follow the instructions in it.
  4. With your password either already displayed as dots, or typed in, move down the the next input field labeled: "New" and type in your new password, or let the browser choose a random strong password for you and put it into that input field. You might have to add a punctuation mark or number to the automatically generated password if there is a note complaining that the password must contain at least one of this or that.
  5. Copy that new password and paste it into the "Re-type new" input field. Then click on the button labeled: "Save changes."

Dashlane 5 password manager- New and improved!

You may be in the habit of writing down your passwords on pieces of paper, or in random text files, or saving them in your web browsers that will fill them in for you when you revisit those websites that require you to log in. None of those methods are safe or secure. Paper can be lost or pilfered. Files can be copied. Browser login databases can be cracked and user names and passwords stolen by malware like the Redline Stealer Trojan. If you're wondering if there's a better way to save passwords there is.

Rather than writing down and updating your passwords on stick-m-notes that someone could pocket, or saving them in a text file that spyware might discover, or storing them in your web browser's database that could be hacked, consider storing them in a secure password manager. A password manager uses encryption to protect the passwords stored in it. The manager links to your web browsers and will only fill in a user name and password if the website's URL (website name and extension) matches what's saved in the manager's database. And best of all, a good password manager like Dashlane protects its database with multi-level authentication.

Changing your password is but one step securing your Facebook account. But, if a cyber criminal has really hacked into your account and knows your password, you must change it to regain control and keep that person from posting spam and scams to your Facebook friends, in your name and from your account. However, if that fraudster has changed your password, you will have to contact Facebook Security and try to convince them you are the actual owner of that account.

Posted by Wiz at 10:34 AM |

Facebook Twitter LinkedIn Pinterest Instapaper Google+ Addthis

back to top ^

Blog Links

Sponsored Message

I recommend Malwarebytes to protect your computers and Android devices from malicious code attacks. Malwarebytes detects and blocks spyware, viruses and ransomware, as well as rootkits. It removes malware from an already infected device. Get an 18 month subscription to Malwarebytes here.

If you're a fan of Robert Jordan's novels, you can buy boxed sets of The Wheel Of Time, here.

As an Amazon and Google Associate, I earn commissions from qualifying purchases.

CIDR to IPv4 Address Range Utility Tool | IPAddressGuide
CIDR to IPv4 Conversion



Search


About the author
Wiz FeinbergWiz's Blog is written by Bob "Wiz" Feinberg, an experienced freelance computer consultant, troubleshooter and webmaster. Wiz's specialty is in computer and website security. Wizcrafts Computer Services was established in 1996.

I produce this blog and website at my own expense. If you find this information valuable please consider making a donation via PayPal.

Follow @Wizcrafts on Twitter, where I post short updates on security issues, spam trends and things that just eat at my craw.

Follow Wizcrafts on Twitter

Malwarebytes' Anti-Malware is the most frequently recommended malware removal tool in malware removal forums, like Bleeping Computers. It is extremely effective for removing fake/rogue security alerts, Bots, Spyware and the most prevalent and current malware threats in the wild. Learn about Malwarebytes Anti-Malware.

MailWasher Pro is an effective spam filter that protects your desktop email client. Using a combination of blacklists and built-in and user configurable filters, MailWasher Pro recognizes and deletes spam before you download it. MailWasher Pro reveals the actual URL of any links in a message, which protects you from most Phishing scams. Try it free for 30 days.

Categories

Tag Cloud

Recent Posts

Popular Posts

Archives

Subscribe to this blog's feed
Creative Commons License This weblog is licensed under a Creative Commons License.
The content on this blog may be reprinted provided you do not modify the content and that you give credit to Wizcrafts and provide a link back to the blog home page, or individual blog articles you wish to reprint. Commercial use, or derivative work requires written permission from the author.
Powered by Movable Type

back to top ^