If you spend anytime on Facebook sooner or later you or a friend of yours is going to get hacked. Just last week a friend of mine, Carly Johnson, a REALTOR with Keller Williams Realty in Johnson City got hacked on her personal Facebook page. I found out because I received what seemed like a very odd message from Carly on Facebook. The note seemed so out of character for Carly that I immediately messaged her asking if the note was really from her. Carly and two of our region’s finest I.T. gurus have provided me with this information in order to keep this from happening to you!
MarketingMel: Carly, tell us what happened.
Carly Johnson: Last Monday, I received a text from a friend asking if I had sent him a Facebook message regarding a picture he needed to look at. Almost instantly, I received a similar text from another friend, and then my iPhone began showing several Facebook notifications of friends sending messages saying they were unable to find the picture. I went into my account, only to find that it appeared as if I had sent this message to every single Facebook friend. “hey, go to album32 dot com and search for “name of friend” then click on the first photo. I bet you didn’t remember that, eh?” I knew I did not send the message, so I began responding as quickly as possible to every friend who messaged or texted me to make sure they did not try to go there. After sending about 20 messages, I decided to update my status to alert people that I did not send the message and that they should not do as requested. Thankfully, Marcus Ledbetter saw my post and posted that it was a phishing scheme designed to steal passwords.
MarketingMel: Carly, what have you learned from this?
Carly: I changed my passwords on as many different accounts as I could think of, and I updated my status again to alert others that they may need to change their passwords as well. I continued to send messages to friends who were responding throughout the evening, and some are still trickling in. The terrible part is that the message is authentic looking enough to make people think it is from the supposed sender. Unfortunately several of my friends attempted to view the picture and put their passwords in. I have been trying to determine exactly how my account was hacked, and I cannot even remember a time that I clicked on anything unusual. That just means that it is way too easy for them to get in.
MarketingMel: Carly, any takeaways for others?
Carly: I am on high alert now and am being overly selective with regards to my accounts. One lesson I definitely learned from this experience is not to have the same password for multiple accounts. If I had used the same password for my bank account, it would have been very easy for them to research my account to find out where I bank, and they would have known my password. Lastly, it saddens me that people who have the intelligence to make a scheme like this one work, would not have a desire to help others instead of stealing and making people’s lives difficult.”
MarketingMel: Marcus, what is your advice as an IT professional and Director of Operations at ITD Interactive?
Marcus Ledbetter: The key is – while your bank and other important accounts have good security measures in place to stop the brute force intrusions (brute force is where they basically have a program that just guesses as many passwords as it can in hopes that one of them gets in). Twitter does not. Facebook pages get hacked all the time though – and folks that I’ve talked to that have gotten hacked often have simple passwords: names of their kids, pets, whatever. To make matters worse, people often use the same passwords, or variations of the same password, for all their online accounts. This is the big problem – while getting your Facebook page hacked can be annoying, and sometimes embarrassing, the real danger is if the password they used for Facebook also works for your email login. If they can get into your email account they can often get into bank accounts, credit card accounts, etc. They can request password resets and often get around security questions using info they learn sifting through your Facebook information. maiden names, past addresses, etc. It can snowball very quickly.
Then I sought the advice of my I.T. professional, Andy Mitchell of Holston IT.
MarketingMel: Andy, can you tell me what you tell your clients so they can protect their passwords on Facebook and elsewhere?
Andy Mitchell: The best advice I can give you about passwords would be a few simple rules.
- Your password should be over 12 characters in length.
- It should contain Upper & Lower case Letters, Numbers, and special characters such as ! @ # $ % ^ & *
- It should not contain words or phrases.
- NEVER USE THE SAME PASSWORD TWICE! Each login needs its own password.
- Do not save your passwords when prompted. Always type them in.
- Change your passwords OFTEN. Every 30-90 days depending on how important they are to you.
Another school of thought is to use several common words that have nothing to do with each other to create a really long password.
MarketingMel: How do you avoid phishing attempts?
- Never click on a link in an email. If you hover your mouse pointer over the link it will either pop up and show you the hidden URL or it will show in your browser at the bottom left.
- Copy Past the link if you must. This will copy the text you see and not the hidden hyperlink. Only do this if you are sure the link is safe.
- Manually typing it into your browser is another alternative. Again only if you know the link is safe.
Here is an example of what I describe above.
If you copy past it you’ll get my website. Click on it and well…..
- Generally I only click a link in an email when I requested a password reset, or need to activate a new account. Otherwise I go to the website and log in the normal way rather than taking the shortcut presented in the email.
- Keep Adobe Flash and Java updated. Check them at least every 30 days even if they are set to update automatically. Java exploits are one of the top sources of computer viruses.
- Finally, Install Firefox and the Adblock-plus Add-On. This will strip most advertisements from webpages and online videos. This goes a long way to help you avoid confusion. Not to mention it is nice browsing without those annoying commercials.
- The above links have not been modified and will take you right to the 2 programs I mentioned.
Many thanks to Carly for sharing a story that could happen to any of us and to Marcus and Andy for providing solutions that we hope will help keep all of us a bit safer! Please share your stories here with us along with any tips you have for preventing these things from happening!
Follow me on twitter @MarketingMel.