Yet Another Facebook Hack

So another hack is circulating around Facebook. Be careful on what you click on.

This is the second similar message I got this month. The last one I also missed. The owner of the account finally posted an update that she finally got her Facebook account back.

It appears that someone figured out her password and then logged into her account. I suspect the link installs a keylogger or it is a link to a phishing page that asks you to sign in again. This allows the hackers to get your password, so they can log in to your account.

Until I can figure out how they are getting in and how to prevent it, here are a few basic tips you need to remember for any of your online accounts.

1. Passphrases are more secure than alphanumeric passwords. Keep your credentials updated.
   

   

   Courtesy: https://xkcd.com/936/

   
   
2.  If you click on a link and it says that Facebook needs to verify your account, close the tab. The only time Facebook will ask you for your password is if  you cleared your cookies, or never signed in that browser before. Any other time is probably a phishing site.
3. Don't give your password out to anyone.
    
4. Be careful when going on to public WiFi. Double check there aren't two of the same hot-spots in your WiFi list on your device. For instance, check to see that there isn't two “Walmart” hot-spots. It's likely one of them is a hacker.
5. And finally, If alarm bells go off when you see something out of character from a friend, it's likely your instincts are right. Find another way to contact this friend and ask.

Hope this helps a little and maybe I won't get a similar message from another Facebook friend.

Related articles

How Hackers Hack Facebook Account In Minutes and Its Prevention

 
• Phishers Padding URLs with Hyphens to Target Facebook Users
• Secure your accounts and important login information for only $29!
• Phishing Scam: Man Stole Bitcoins From Dark Web Forums
• Brute Force: Anatomy of an Attack

This Scam is a little more Clever than the others

The SVG Facepalm v3.0 (Photo credit: Wikipedia)

I still sometimes go through my spam to make sure that none of the newsletters I signed up to ended up there.

It was mostly the same old, same old. I'm a winner in various sweepstakes that I never signed up to. I need to verify my credentials on supposedly legit sites that use too many dots in their email server. (I didn't know that Bank of America used angel.ocn.ne.jp email server). Life insurance, auto warranty extensions, and of course various "Final Notice" from a guy named Michael S.

For those of you who are wondering, companies sending you a final notice to anything will use their legitimate email server bearing the company name. Not some randomly generated alphanumeric name and email server.

You hear that "Michael"? You're an idiot. Even if you send it five times. Yeah, you're also "Andrew M." I'm on to you! Seventeen Emails! Take a hint already!

Of course, there were plenty others that were meant for a guy. I do not know any men named "Nancie". If they did, the algorithms that they set would leave male enhancements and messages like these out of my inbox.

It's not mine! I swear!

But then I came across this gem:

This one is odd. It has no pictures and no links. The email was sent via outlook. It was as legitimate as a friend sending a quick message.

However, all of the red flags started to go off. I'm not sure what triggered it at first, so I decided to check the original content. This actually contains all of the header information. It bounced around a few times, but nothing out of the ordinary.

After thinking a few minutes, it dawned on me. It was probably from a reshipping scam. This is a scam where thieves will send you stolen merchandise for you to "inspect", repackage and reship to another destination.

Criminals post job announcements on Internet career sites offering work-at-home positions—sometimes advertised as “merchandising manager” or “package processing assistant.” Duties include receiving packages and mailing them to a foreign address on behalf of a client, using postage-paid mailing labels provided via email. (source).

Some of the scams will deposit money into your account and tell you to send that money to another place. The money they deposit into your account is actually bogus and by the time you figure that out, it's too late. You have to pay that money back, regardless if you have it or not.

This particular scam in an economy that is still weak is the hardest to detect. I was able to detect this scam but only because I've had a few years of sniffing these out (since 1998, yes I'm that old). If you are not paying attention and you are struggling financially, it's easy to be taken.

Everything seemed perfectly legitimate in the beginning. The company had an extensive online presence, there was an employment contract, tax forms, and the offer of a decent income. (source)

Hopefully, as more people are informed about this scam, it becomes more and more difficult for these people to find the unsuspecting masses workers they need. Kind of hard to run a scam if no one is willing to be scammed.

I did get a Nigerian prince scam, but there are so many others, this got pushed down to three pages.  Sorry, (in this case) Saphia Farkash, the wife of an embattled Lybian leader, Colonel Muammar Gadaffi, you are no longer relevant.

By the looks of the related articles, however. Looks like people are falling for it still.

Related articles

• WhatsApp Scam: Text Message Offers Free Year Of Netflix, Steals User Information
• Nearly half of scam victims lose all their money - as banks claim the blame lies with them
• Mother's Day: Protecting Mom From The Bad Guys
• Phishy Google Docs Expose 1 Million
• Fyre Festival Disaster: The Best Burns On Twitter