Facebook Attacks: Prevention & Recovery

Yesterday we noticed a large number of people having their Facebook accounts hacked. This was caused by their clicking on a link to a video sent to them by a trusted friend.

 What they didn’t know or understand was that their friend had already been hacked. The friend did not knowingly send out or post this video.

 So far it appears that this particular hack only affects Facebook, and is just posting a link to the video on your friend’s walls. (The video is graphic in nature. This is another reason that children under 13 years old should not be allowed on FB.)  Not all Facebook hacks are this way; most are much more malicious.

 Most of the time Facebook hacks send out links to videos or pictures that are actually links to a place where a virus can be downloaded to your computer. If you find yourself in the situation, there are a number of things that you can do to help restore your account and your credibility within your community of friends.

 Before I discuss that, however, I would like to discuss some practical preventative measures so that you do not find yourself in this situation

 Be sure that you change your password frequently

  • Do not use the same password for all of your social media accounts
  • Make sure your password is a strong password
  • Limit the amount of third party applications that you allow to share information
  • If you utilize a third-party application such as Hootsuite, or TweetDeck, make sure that you regularly change that password as well
  • Make sure that your virus protection on your computer is up to date, and run frequently
  • Be sure you run additional programs for malware and spyware on a regular basis
  • Make sure you have an IT person in your contact list before your computer is hit with a virus

 Why that last line? Once your computer has been infected with a virus, often times, programs that you use for prevention and detection are not enough to remove a virus from your computer. Many of them have now evolved to the point that they disable those programs. If that happens, you have to remove your hard drive and place it in a secondary machine in order to remove the viruses. Most people do not have the resources in which to perform this task. This is not a service that you want to look for when you’re in a crisis situation. Also, I highly recommend computer maintenance on a regular basis. Just as with a person’s health, there are a number of things that you can do on a regular basis to ensure that you are less likely to get a virus.

 If you don’t currently have an IT professional in your contact list, we recommend Nomad Technology Group.

Listed below are instructions posted by Mary Biever in response to yesterday’s attack:

What You Can do to Prevent and Restore Your Account and Credibility

Prevention (for all users):
A. Go to account, account settings, and password and change your password. Logout and log back in.
B. Go to account, account settings, and account security and click the check box. This will notify you when a new computer accesses your account. (This step is open on some FB accounts and not others; I think it is a new feature.)
C. If you use Hootsuite or other such products, update your password for Facebook on them.
D. Post as a status: “Do not click on any Optical Illusions Link. If you see it, the person posting has been hacked.” Contact them ASAP and tell them. Also contact the people whose walls had the video posted on it and tell them.

If the Optical Illusions Link appears on your wall:
E. Hover on right hand corner and click “Remove.” Remove the link. Do not click on it.
F. Go through steps A through D.

If you get hacked:
G. Do step A pronto.
H. Go to Account, Privacy Settings, Post by me. Click on the drop down arrow and select custom. Set your custom feed to show “only me.” Then, temporarily, your wall will be unavailable.
I. Use this time to try to discern via news feeds where the link was posted.
J. If you are able to remove the link from your friends’ walls, do so (see step E). If not, contact your friends whose walls were hit personally (via telephone) and explain what happened – explain to them how to remove the link. You will need to scan your friends’ walls to look for the post. (Hint – talk to a trusted friend with multiple mutual friends of yours.  Ask them to check their news feed.)
K. When you are comfortable problem has been contained, return settings on step H to what you had before.
L. Follow steps B through D.

Finally, the best defense is a good offense. If you are using Facebook as a way to engage your customers and encourage your employees to do the same, don’t let attacks like this deter your efforts.  If you know how to use Facebook well, you can prevent hack attacks like this and handle them if they do happen.

Facebook Attacks: Prevention & Recovery

Yesterday we noticed a large number of people having their Facebook accounts hacked. This was caused by their clicking on a link to a video sent to them by a trusted friend.

 What they didn’t know or understand was that their friend had already been hacked. The friend did not knowingly send out or post this video.

 So far it appears that this particular hack only affects Facebook, and is just posting a link to the video on your friend’s walls. (The video is graphic in nature. This is another reason that children under 13 years old should not be allowed on FB.)  Not all Facebook hacks are this way; most are much more malicious.

 Most of the time Facebook hacks send out links to videos or pictures that are actually links to a place where a virus can be downloaded to your computer. If you find yourself in the situation, there are a number of things that you can do to help restore your account and your credibility within your community of friends.

 Before I discuss that, however, I would like to discuss some practical preventative measures so that you do not find yourself in this situation

 Be sure that you change your password frequently

  • Do not use the same password for all of your social media accounts
  • Make sure your password is a strong password
  • Limit the amount of third party applications that you allow to share information
  • If you utilize a third-party application such as Hootsuite, or TweetDeck, make sure that you regularly change that password as well
  • Make sure that your virus protection on your computer is up to date, and run frequently
  • Be sure you run additional programs for malware and spyware on a regular basis
  • Make sure you have an IT person in your contact list before your computer is hit with a virus

 Why that last line? Once your computer has been infected with a virus, often times, programs that you use for prevention and detection are not enough to remove a virus from your computer. Many of them have now evolved to the point that they disable those programs. If that happens, you have to remove your hard drive and place it in a secondary machine in order to remove the viruses. Most people do not have the resources in which to perform this task. This is not a service that you want to look for when you’re in a crisis situation. Also, I highly recommend computer maintenance on a regular basis. Just as with a person’s health, there are a number of things that you can do on a regular basis to ensure that you are less likely to get a virus.

 If you don’t currently have an IT professional in your contact list, we recommend Nomad Technology Group.

Listed below are instructions posted by Mary Biever in response to yesterday’s attack:

What You Can do to Prevent and Restore Your Account and Credibility

Prevention (for all users):
A. Go to account, account settings, and password and change your password. Logout and log back in.
B. Go to account, account settings, and account security and click the check box. This will notify you when a new computer accesses your account. (This step is open on some FB accounts and not others; I think it is a new feature.)
C. If you use Hootsuite or other such products, update your password for Facebook on them.
D. Post as a status: “Do not click on any Optical Illusions Link. If you see it, the person posting has been hacked.” Contact them ASAP and tell them. Also contact the people whose walls had the video posted on it and tell them.

If the Optical Illusions Link appears on your wall:
E. Hover on right hand corner and click “Remove.” Remove the link. Do not click on it.
F. Go through steps A through D.

If you get hacked:
G. Do step A pronto.
H. Go to Account, Privacy Settings, Post by me. Click on the drop down arrow and select custom. Set your custom feed to show “only me.” Then, temporarily, your wall will be unavailable.
I. Use this time to try to discern via news feeds where the link was posted.
J. If you are able to remove the link from your friends’ walls, do so (see step E). If not, contact your friends whose walls were hit personally (via telephone) and explain what happened – explain to them how to remove the link. You will need to scan your friends’ walls to look for the post. (Hint – talk to a trusted friend with multiple mutual friends of yours.  Ask them to check their news feed.)
K. When you are comfortable problem has been contained, return settings on step H to what you had before.
L. Follow steps B through D.

Finally, the best defense is a good offense. If you are using Facebook as a way to engage your customers and encourage your employees to do the same, don’t let attacks like this deter your efforts.  If you know how to use Facebook well, you can prevent hack attacks like this and handle them if they do happen.

A password lesson the hard way…

 I was just at the Drs. Office where he shared with me a terrible life lesson learned by his 7year old daughter. Passwords are supposed to be a secret! I know you know this, but how many of you have THE SAME EXACT password for EVERYTHING?? How many of you use a really simple password that is “easy to remember”? In her case she shared it with someone at school, who shared it wish someone else not so trustworthy. The result? Her world was rocked! Yes, it was only her Webkinz world, but they used the information, logged onto her account, sold all her items, trashed her rooms, and spent all her money. Don’t let your real or virtual world be hacked! Do you always leave yourself logged in on facebook or Twitter? We have all read them, the “I’m having a baby!” and worse posts, only to find out later that the person is not with child, but had left their account in the hands of friends or family. While this unguarded account activity is usually just frustrating, it could lead to much more disastrous results that will spill over into the real world.

 Lesson for you? Here are some tips adapted from the University of Texas.

Do:

Do: Use BOTH upper- and lower-case letters.

Do: Use numbers and punctuation marks. The more randomly you place them in your password, the better.

Do: Make your password between 8 to 20 characters long. The longer and more complex it is, the harder it is to crack.

Do: Use at least one of these special characters: ! @ # $ % * ( ) – + = , < > : : “ ‘ .

Do: Create different passwords for different accounts and applications.

Do: Change your passwords regularly, about every 6 months

Do: Keep them to yourself. Avoid giving out your password to others. Once it’s out of your control, so is your security.

Do: Make your password easy to type quickly. This will make it harder for someone looking over your shoulder to steal it.

Don’t:

Don’t: Use the same password for different accounts or applications. If one account is breached, the others will be at risk as well.

Don’t: Use your e-mail password for online shopping sites or free e-mail accounts (Hotmail, Yahoo!, Gmail).

Don’t: Create a password using your user name in any form (reversed, capitalized or doubled).

Don’t : Use your name, Social Security number or any other personal information that could identify you. This means pet names, girlfriend/boyfriend names, birth dates, phone numbers, license plates, car models or addresses.

Don’t share your password with others.

Don’t: Write them down and store them near your computer. It’s like a key under a welcome mat. It’s the first place someone might look.

Don’t: Provide your password—or any of your sensitive or confidential information—over e-mail or instant message. Think of an e-mail message or IM like a postcard. The information can be seen while it’s traversing the Internet. Also, once you send an e-mail, you no longer control the information in it. It can be forwarded to other people without your knowledge or consent.

Don’t: Enable the “Save Password” option if prompted to do so. Pre-saved passwords will make it easy for anyone else using your computer to access your accounts.

Don’t: Walk away from a shared computer without logging off. This will ensure no other users can access your accounts.