This article has been updated. The updated article can be read here.
Original article follows.
One of the more obvious signs that something is wrong with your Facebook account is when it starts to automatically post spammy links which can be seen by all of your friends.
These links can lead your friends to a whole host of different scams so it is important to find out what happened, how your account got compromised and more importantly to remove all traces of the spam links.
Anyone who uses Facebook will most likely have encountered these spam messages and links at some point. They could be anything from advertising gift vouchers, dieting supplements, celebrity trash videos, free promotional products, bonus Facebook features or a wide variety of other bait designed to lure friends into clicking.
And after clicking, Facebook users can find themselves presented with any number of Internet scams, from the annoying, such as clickjacking attacks, spammy rewards offers or survey scams, to the dangerous such as identity fraud or malware attacks.
Contrary to popular notions and rumours that lay the blame for these unwanted messages squarely on hackers and viruses, this is hardly ever the case. Hundreds of well-meaning but ultimately inaccurate messages circulate every day, vaguely explaining the latest outbreak of spam links but these messages are often completely mixed up and only end up confusing matters further.
It is important for everyone to understand that if your account has started posting automatic messages, you have – somewhere along the line – fallen for a trap. Despite what inaccurate warnings or even Hollywood movies may have implied, it is extremely improbable that hackers can magically “hack” your account without any action or mistake on your part.
If an account has been compromised, it’s the account owner that has made a mistake – they may just not have realised what that mistake was. Nearly all scams on Facebook these days lie on social engineering methods – that is to say they trick a Facebook user into compromising their own account. An account posting messages automatically is a perfect example of this. It means a Facebook user has fallen for a trap.
So what are the possible reasons why your account has started posting messages by itself? Here we list the 5 most popular ways to make an account post messages automatically, how to avoid falling for it and what to do if you already have fallen for it. At the end of the article we also outline how to remove spam posts which you’ll always need to do if your account has made these spam posts.
5. Rogue Facebook Apps - One of the first things to look out for is if an application is posting the messages. Contrary to popular belief, Facebook apps are not viruses or any other type of malware. Malware is malicious software that has been installed onto a computer, and thus has access to the computer. A Facebook application is a piece of software that has been installed onto a Facebook account, and thus only has access to certain features of that account, based on the permissions the account owner gave the applications when it was installed.
Determining if an application posted a message is easy, because underneath the posted message or link will appear the application name. For example take the image below
In the image, notice how the name of the application appears at the bottom of the message next to the word Via. This means the owner of the account who posted this message installed a Facebook application called ePrivacy, and it was that application that was responsible for the posted message.
How to avoid it… – be careful what applications you install. Never install Facebook applications if you do not trust the source.
If you’ve already fallen for it … – In this case, the owner of the account has to remove the application as it will be able to continue to post messages from the account for as long as it is installed. To learn how to remove Facebook applications, read our instructions here. The account owner also needs to remove the offending posts as we describe at the end of this article.
4. Phishing Attacks - Phishing attacks involve a user unwittingly giving their Facebook login information to scammers. This is most commonly accomplished by setting up spoof websites designed to look like the Facebook website. These spoof websites will request a user’s password and username. Once these are entered a scammer has access to the Facebook account and can then access the account and post messages. A scammer could either manually access the compromised account or use software to automatically post from compromised accounts. For more information on phishing, click here.
How to avoid it… – never enter your Facebook password – ever – unless you are on the actual Facebook login page, or within Facebook’s own security centre – in both cases the URL address will begin with www.facebook.com. Be wary of clicking links which bring up websites asking for your Facebook password.
If you’ve already fallen for it… – you need to change your Facebook password, and remove the offending posts as explained at the end of the article.
3. Share/Like Widgets - Facebook have produced a wide range of tools that allow Facebook users to share external websites on their Facebook account. Most will be familiar with the Facebook Share or Like buttons that many webmasters will display on their webpages. Clicking these buttons will result in the webpage being shared onto the Facebook users profile/timeline, providing they were logged into Facebook. If an account posts an unexpected message or link, it may simply be the result of the Facebook user clicking the Share button.
However there are other ways of fooling a user into sharing or liking a website. Clickjacking – otherwise known as likejacking – is the most popular method, where the Share or Like button is essentially hidden from view, and the Internet surfer is tricked into clicking the area of the webpage where the button is located, thus unwittingly clicking the button and sharing the site. You can read more about clickjacking here.
Another method of tricking users into inadvertently sharing a website is by disguising the Share button by displaying it in another language, so the user is not aware that clicking the button results in sharing the webpage on their Facebook account.
These methods will result in one message posted each time the user clicks the like or share button, so if an account continues to post the messages without user interaction then it is not down to this method.
How to avoid it… – be careful what websites you visit and where you click. Don’t share a website in order to receive something
If you’ve already fallen for it … – then stop clicking these Share buttons and remove the offending posts using the instructions at the end of the article.
2. Browser Extensions – Browser extensions aresmall programs that work with your Internet browser to give the Internet browser extra functionality. Such extensions have recently become popular with social networking users down to the range of extensions available to instruct the Internet browser to hide the Facebook timeline. However extensions can also be malicious and have been known to force Facebook accounts to post messages automatically. This means if your account is posting messages automatically you may have installed a browser extension.
The good news is that a user first has to confirm the installation of any browser – they can’t install themselves without explicit consent from a user. Depending on the browser you use (IE, Firefox for example) the confirmation and installaton process can vary, but usually consists of a handful of pop-ups confirming you wish to install an extension. (see image below for Firefox prompts)
How to avoid it.. – simply never install or download any software if you do not trust the source. If click a link and your browser shows a window asking to confirm the installation of software, unless you fully trust the source always cancel the download. Browser extensions cannot install themselves without a users permission. Also be aware that browser extensions popularly bait users by tricking them into thinking they are plugins, codecs or updates for videos.
If you’ve already fallen for it… – You need to uninstall the extension. We have instructions here.
1. Koobface and other malware – If a Facebook account is posting messages automatically, it is possible that the Facebook user has been tricked into installing malware, possibly a Koobface infection. These types of malware search the computer for activity with Facebook accounts. Once it finds this activity it is able to login using that Facebook account and post messages from it. If this is the case, at some point in the past the Facebook user has been tricked into installing malware onto their computer. A popular method of installing this kind of malware is when a malicious website tricks a user into installing malware by disguising it as a “video plugin” or “adobe update” for example.
How to avoid it… – be aware of what updates and plugins you install. If an untrusted website requests you install something – don’t! It could potentially be anything! Only install updates etc. from trusted sources, such as from the official Adobe website.
If you’ve already fallen for it … – you need to run an antivirus scan with reliable up-to-date antivirus software. You can see our recommendations for good antivirus here. You also need to remove offending posts as we explain below.
Stay Safe and Don’t Get Fooled…
Having reliable security software installed on your computer can block many of these threats before they occur, especially threats that involve the installation of malicious software so if you think you could fall for one of these scams remember to get protected!
How to remove offending messages and links
No matter how a Facebook account ends up posting these unwanted messages and links, they need to be removed as to stop the friends of the Facebook account from seeing them. To remove a post on your timeline, identify the post you want to delete and hover the mouse over it. Click the pencil icon and click Delete.
So to condense this article, if your account begins to post messages and links automatically, first check if an application is responsible and remove the application accordingly. If an application is not responsible and you cannot remember sharing or posting the link yourself, change your Facebook password and perform an antivirus scan. In all cases, remember to delete the offending post. You should also consider letting your friends know not to click the links you posted.