BBB: CT Man’s Cautionary Tale of Facebook Hacking. Avoid His Mistakes

“I think getting hacked is like a car accident nowadays. It’s not a matter of if you ever get into a car accident, it’s a matter of when.” A Groton man has a warning after he says a “little ignorance” led to a big social media headache he’s still trying to resolve.

Mark says he was contacted by a Facebook friend whose account had been hacked. The hacker pretending to be his “friend” asked him to help restore his Facebook account through the instant messenger WhatsApp.

“I was ignorant of the scheme and distracted in my real life. By the time I realized it, I had given them my personal information and password reset code thinking I was helping a friend reset his Whatsapp account, not his Facebook account,” Mark said.

Mark says the hackers immediately started messaging his friends for money and making phony posts on his Facebook page selling puppies.

Mark says he received authentic messages from Facebook warning him that his password had been changed, but ignored them thinking they were phishing attempts.

“I made a number of mistakes in my frantic panic. I had actually regained access to my account, but only briefly. The hackers must have gotten an email that the password was reset and claimed it wasn’t them,” said Mark.

Mark created a new Facebook profile, but says many of his friends assumed that it was a fake and blocked him. Now, he says he has no way of alerting them that his original profile was hacked.

“I didn’t have anything sensitive on Facebook, just lots of memories over the last nearly 20 years and friends I may never get back,” said Mark. “I just don’t want my friends to get hacked or scammed.”

Mark, who works with cybersecurity teams as a defense contractor, hopes his cautionary tale proves that anyone can be susceptible to a scam.

“Lots of people ask questions when money is involved. When it comes to sharing information, the hackers just need a combo of things, a little ignorance or not paying attention, and they get your account.”

How to protect yourself from Facebook scams

  • Be wary of online messages. A person may be trustworthy in real life, but sometimes friends share things without checking them out first, and online accounts can be hacked. Take a closer look before sharing, applying, or donating.
  • Press for details. Ask strategic questions without giving any personal information to confirm you are actually talking to someone you know. If your “friend” can’t give you straight answers, leave the conversation, block them and then change your Facebook settings as well as your password.
  • Verify the request. If possible, call your friend on the phone and verify that they are the ones making the request. If that’s not possible, e-mail instead. Use a communication means that is not associated with Facebook. If you cannot verify that the person is truly making the request, do not comply.
  • Slow Down. Attackers will make you think you need to move quickly, hoping you’ll provide information without realizing what or how much you are providing. They will make you think there is some kind of false urgency. Do not be pressed into providing sensitive personal information too quickly.
  • Harden your Security. Use a complex password, change it regularly, and enable two-factor authentication. Two-factor authentication requires a second device, like an app on your phone, to provide a secure code to verify that you are the owner of your account.
  • Report suspicious activity to Facebook. You can report scammers to Facebook to help protect your real friends and family from a scam, plus you can report impersonations. You can reduce the risk of having your profile impersonated by tightening up your privacy settings and hiding your Friends list. Do a “Privacy Checkup” by clicking on the question mark at the top of your Facebook home page.

Report a scam

Obtaining money over the internet by impersonating someone else is a Federal crime. Internet crimes can be reported on the FBI’s Internet Crime Complaint Center.

To look up a scam or report one, even if you haven’t lost money, visit BBB’s Scam Tracker.