If your Facebook account is automatically sending suspicious messages and links to your friends over Messenger all by itself, then there is definitely something wrong with your account that needs sorting.
But what’s wrong? Have hackers executed some techie wizardry and pried open the door to your account? Or are you the target of state sponsored crooks looking to discover your darkest secrets?
The first thing to know is this… if this does happen, then you’ve almost certainly compromised your own security by committing an online security faux pas. You may not remember doing it, or even realised it was a faux pas, but you have. Facebook’s own security is pretty good, meaning if a Facebook user’s account gets broken into, it was probably the account owner who gave the crooks the key.
There are three methods that crooks will typically use to take control of an account with the intention of sending spammy messages from that account. 1. A phishing scam 2. A rogue Facebook app or 3. Malicious software/browser extension. If your Facebook account is spamming your friends with dodgy links, it’s likely that one of those three are to blame.
Let’s explain each three and how to stop it from happening.
A phishing scam
More than likely, if a phishing scam is to blame, then the victim had clicked a link (possibly a link sent from a friend who also had their account compromised) and entered their Facebook username and password into a fake Facebook login screen. The victim didn’t realise the website URL at the top didn’t belong to Facebook, and the information they entered into the username and password fields was sent to the scammer, giving them access to that account.
Fixing this is simple. You’ve given a crook your password, so you need to change it.
A rogue Facebook app
Perhaps more commonly, the reason a victim’s account may be sending spammy chat messages over Messenger is because they’ve given a Facebook app permission to do exactly that. For example, the victim may have again clicked a link (again it could have been sent by a Facebook friend) and were subsequently led to a webpage asking them give permission to install an app, which they did, and it is the app that is sending the spammy messages.
This was the case when many Facebook users were sent fake YouTube links along with a message claiming they were in a video. The links didn’t lead to YouTube, but a Facebook app installation page claiming they needed to install the app to see the video. Once the app installed, it was able to send out the spammy messages to that user’s friends.
The solution? Remove the offending Facebook app of course! Head to your main settings, click Apps and remove any apps you don’t recognise.
Malicious browser extensions/malware
Alternatively, if a Facebook account is sending chat messages by itself, then it means the owner could have installed malware onto their device, which has taken control of the Facebook account logged in on it. Earlier versions of malware that could do this were called “Koobface” (an anagram for Facebook.)
In most cases, the victim would have been tricked into installing malware onto their device. If this is the case, it is important to do a full antivirus scan with your security software, to ensure there is no malware. Or if you think you’ve installed a malicious browser extension, you need to remove it. Instructions on that vary depending on the Internet browser you use; for example for Chrome, go to the three dots icon, click More Tools and then click Extensions.
If your Facebook account is sending suspicious links to your friends, then one of these reasons should explain it and the corresponding solution should resolve it.