On Facebook, your friends could be your enemies

On Facebook, which last week bragged about its 300th million user and first-time profitability, you have “Friends.” You don’t have “Enemies.”

Or do you?

WatchdogNation.com wants everyone to learn some new Facebook terms that don’t necessarily show up in the company’s amazing corporate history.

Compromised account.Dave Lieber Facebook identity theft

Account takeover.

Account hijack.

Definition: term used to describe when an unknown scamster gains control of your account, often resulting in a fairly believable plea to your friends for money to rescue you from disaster.

That’s my definition. Feel free to rewrite in the comments.

Let me show you how it works. This research first appeared in the September 20, 2009 Fort Worth Star-Telegram, the best paper in Texas, in the Dave Lieber column.

* * *

While on Facebook recently, Gary Rifkin received an instant message from his friend Karen Cortell Reisman.

“Hey Kar, how’s it going?” he typed back.

“Not too good at the moment,” she answered.

“What’s going on?” he asked.

“I’m in a deep mess as we speak and I need your financial assistance,” she answered.

She explained that she was in London “and we got mugged at gunpoint.”

“Oh my God,” Rifkin said. “Are you okay?”

“Yes. Cash, credit card and phone got stolen. It was a brutal experience.”

“How are you going to get home?” he asked.

“That is the main problem now. I need your financial assistance.”

“How much do you need?” he asked.

“All I need is $1,300.”

“Where should I send it?”

The address was in London.

“Hang in there,” he advised, a transcript of the conversation shows.

Rifkin never sent the money. He knew he wasn’t talking to his friend but someone pretending to be her. He knew his friend was at home in Dallas.

Reisman, meanwhile, started getting frantic phone calls from friends asking, “Are you OK?”

As she told me later, “It was stunning to see how fast this grew over the course of one day.”

She calls the whole experience “the day I got hijacked on Facebook.”

Reisman uses Facebook as part of her speaking and coaching business. But she couldn’t get into her account because her password no longer worked. She tried to call Facebook’s corporate office in Palo Alto, Calif., but she couldn’t find the phone number. (Note: 650-543-4800)

She found the help page on Facebook that led to a contact form that put her in touch with the security team.

When Facebook e-mailed her a new password, she worried that it, too, was a hoax. But it wasn’t. She got her Facebook page back.

None of her friends sent money, but most called to see whether she was OK. “I was so touched by the concern of so many people,” she said.

In Facebook lingo, her account was compromised, company spokesman Simon Axten said.

Reisman has no idea how it happened. In all probability, Axten said, scammers learned her password through phishing.

That’s when a user goes to a fraudulent Web site that looks like the real thing. The person enters his or her login information, and then the crooks have what they need.

I can see how this happens. Sometimes I get an e-mail on an account that Facebook doesn’t know about. The e-mail asks me to look at Facebook photos. But I’d have to log in to Facebook. I ignore it.

The Facebook spokesman says scammers re-create e-mails that look like ones Facebook sends out. They might say that a friend has commented on your link or that you were tagged in a photo.

“We advise people to be careful when they’re clicking on e-mails, and especially links,” Axten said. “And when they do click on a link, check the URL [Web address]. If it’s not www.Facebook.com and it’s something else, most likely it’s a phishing site. Be careful.”

He suggests that when a friend claims to be in trouble, test the friend’s identity by asking key questions (“Where did we have lunch together last week?”).

The number of accounts compromised is very low, Axten said, considering that Facebook has 300 million worldwide.

“But obviously the consequences are pretty severe if someone ends up sending money. That’s a significant loss. As a result, we’re taking it very seriously, as we do any security threats.”


Facebook monitors users who start sending out lots of messages or making “wall” posts. Facebook may block or disable the account until the mystery can be solved, he said.

Passwords should be complex, with a variety of letters and numbers.

Reisman changed all her passwords after her experience – for Facebook and for her bank, e-mail, other social media sites and credit cards.

Previously, she said, “I used the same password for everything because life is short and I can’t remember everything.”

Now she keeps a separate list of passwords.

Facebook isn’t as much fun for her now.

“It’s left a bit of a bad taste in my mouth,” she said. “But Facebook came through, in my opinion, because they really did react to the problem in a fairly quick manner.”

Do you use the same password for multiple accounts? Or simple passwords, easy to figure out, like the name of your dog?

Remember that the best password is a combination of letters, numbers and punctuation marks. Always be careful when entering it into any e-mail that is sent to you.

And please feel free to share your detailed stories about similar problems – along with suggestions about how we can protect ourselves in the comments below.

* * *

Learn more about protecting yourself in the national-award winning book about social change, Dave Lieber’s Watchdog Nation: Bite Back When Businesses and Scammers Do You Wrong. Visit www.WatchdogNation.com.

Facebook Protection TIPS

– Be suspicious of friends who ask for money. Test their identity. Ask others who know them to verify any questionable situations that arise.

– If you see something suspicious on a friend’s account, go to the help link on the lower-right corner of a Facebook page and report it to the Help Center.

– Learn about security tips at www.facebook.com/security.

– Choose a strong password and don’t use it for other Web accounts.

– Use an up-to-date Web browser that offers anti-phishing features.

– Run anti-virus software on your computer.

– Reset your Facebook password if you suspect that your account has been compromised.

– Become a fan of Facebook at www.facebook.com/facebook to get the latest security announcements.

Source: Facebook