Sunday, 1 November 2009

Day two of my Facebook hack saga opened with further attempts to neutralise the foe. Wishful thinking! So far, the enemy has succeeded in maintaining its forward position and has infiltrated elements behind my lines of defence. But I have co-opted a new ally thanks to advice from my geeky brother, who thinks that Internet Explorer is the cause of many problems online because it is especially vulnerable to attacks.

In Firefox, you can sometimes see provenance information about the site you're looking at. At the head of the URL field, you might see a label that changes colour depending on the reliability of the page being viewed. A green label is the best, it seems. A blue label indicates uncertainty about the page's reliability.

Because of the label, I started to pay close attention to the URLs being displayed in my browser. Matching the type of URL with the content of the Profile page being displayed has enabled me to gauge whether my real Profile page is showing, or a fake Profile page being served by the hackers.

By paying attention to the URLs, rather than just assuming that a plausible Facebook page is displayed, I think I have at least been able to change my password in the authentic Facebook. Having done this, I made sure that I didn't do anything to again give the hackers access to personal details.

For example, after changing the password I received a Facebook message from "John Ryan" to "the members of Network Marketing - How to Build Online", which is definitely something that I have never subscribed to or followed or become a fan of. The message contains a link to a video. I deleted the message without even opening it, because this is clearly a hack attempt.

But there are so many of these. Some are more obvious than others, such as some among the multiple login screens that can appear when you're suddenly logged out (or 'timed out') of Facebook. The suspect login screens have pink labels and too many fields. You can also check the URLs at this point. Even better, just click away from the page. Then go to Google and return to the real Facebook and try logging in at the page that appears in your browser.

Notifying Facebook of the hack - which I did (again) today - can generate some unexpected results, too. And 'unexpected' can mean inauthentic and therefore dangerous.

When I filled out the hack report screen, an email arrived with 'Re: My Account Has Been Hacked' is the subject line. The email contains some unexpected things, one of which is that you should reply to the email confirming some requested information. This sounds suspect.

If you have not done so already, please attempt to reset the password to your account by selecting the "Forgot your password?" link that appears above the Password field. Entering the email address you use to log in to Facebook on the next page will cause a new password to be sent to that address.

If you still cannot access your account or you believe that your account is still compromised, please reply to this email to verify that you are the owner of the hacked account that you referenced in your Facebook support inquiry. Please also confirm that you own the email address from which you are currently writing and that it is not associated with an existing Facebook account. This security step must be completed before Facebook can assist you further.

In the meantime, do not create another account using this or any other email address. Doing so may increase the time needed to resolve the issue.

Finally, please provide a brief description of the issue you are experiencing. We apologize for any inconvenience this may cause.

You can be sure that, after reading this begging message, I did NOT try to reset my password. It may be that the scammers, finding themselves locked out of my account, are working on new ways to again get access.

OK, so I've sent my hack report and decided to avoid Facebook until the genuine administrators in Palo Alto resolve the problem. Just imagine that, at this point, I return to Facebook. Here's the URL I see:

Not sure? Me neither. Just to experiment with this a bit more, let's click on the Profile link at the top of the Home page. I get this:

Seem strange to you, too? I thought that my Profile page URL should be:

You see? You can't trust these pages. I can't say, right now and with my palpitating heart covered by a hand trembling with righteous anger, whether I'll entirely avoid Facebook until the mess is cleaned up. What I can say for sure is that I'll watch very closely where I put my login details, in future.


Carmen Sisson said...

I went through this with Twitter yesterday. I was timed out in the middle of a session and told to log back in. The login page was I stopped receiving Tweetdeck notices. My password was no longer recognized. Finally got my password changed on the real Twitter page - I think.

Stuff like this makes me angry. And worried. And disillusioned with social media. Good luck getting yours resolved.

Even though I'm on a Mac, I'm now running MacScan and iVirusAlert. I installed No Script for Firefox and forbid third party cookies. I changed a bunch of passwords to stuff I will never remember. Pain in the rear, for sure.

Matt da Silva said...

Thanks for commenting with your story, which I sympathise with. Empathise, actually. It makes for a lot of stress and unhappiness, you feel tired and frustrated and, as you say, scared. We'll see what happens and I'll continue to post about it.