The saying goes that a chain is only as strong as its weakest link. If only one link breaks, the whole chain collapses.
The same could be applied to your circle of friends on Facebook. If one of your friends gets their account “hacked” (or perhaps more accurately, they fell for a scam and unwittingly passed over control of their account to a crook) then the entire circle of friends is at risk.
This is largely because the crook now has access to the inner, more private part of our Facebook account. The parts of our social media life that we earmarked “friends only”. Not for the eyes of strangers.
We take a look at the potential ways crooks can target you if they manage to take control of a friend’s Facebook account.
Targeted Phishing Scams
A phishing scam is when a crook pretends to be someone they’re not, in order to trick you into revealing personal information. For example, a crook may send you an email pretending to be from your bank asking you to click a link that leads to a spoof website which then asks for your username and password.
Targeting phishing scams, called spear phishing, is the same scam, only the crook has tailored the scam specifically for you. This usually means the crook has managed to collect information about you, such as your name, date of birth, which city you live in, even the names of your family members. And the crook uses that information to make their scam more convincing.
We share information with our friends on Facebook, and if a crook takes over a friend’s account, they can see and collect that information, and use it against us in a targeting phishing scam.
Try and avoid this by limiting what information we choose to share on Facebook, even with our friends. We can also be more careful with any email that asks for sensitive information, even if it the email contains our personal information.
Facebook Phishing Scams
Alternatively the crook can try and scam you on Facebook itself using your friend’s compromised account.
For example, the “friend in crisis” scam. With this scam, the friend’s account will message you describing some type of crisis your “friend” has found themselves in, and will ask you for money. Of course, since it’s not really your friend, any money we send is stolen. If you get such a request from a friend, always verify it’s really them, preferably over the phone or in person.
A crook could also employ a different type of phishing scam and change the name of your friend’s compromised account to make it appear to be connected to a trusted entity, and use this rebranded account to scam you. Even with a name change, that Facebook account that once belonged to your friend is still connected to you on Facebook, and can still send you chat messages.
A popular example of this is when crooks change the name of a compromised account to “Facebook Security” and send you messages claiming your account will be disabled unless you click a link and… you guessed it … enter your username and password. And since that link led to a spoof website, that information it sent to the scammer.
A crook can send scam links to you directly, through chat or on your timeline, while pretending to be from your friend. If you believe it was sent by your friend, you may trust the link and click on it.
Remember to be sceptical of suspicious links, even if they were sent by a friend.
Armed with enough personal information about you, a crook can take on your identity. Which means opening accounts in your name, affecting your credit score, taking out loans with your information and so on.
And if a crook takes over a friend’s Facebook account, they can access all the information about yourself that you share with your friends. And if you’re sharing a lot of information, the crook can collect enough (or close enough) information to commit identity theft.
So make sure you’re not oversharing on Facebook (or any other social media site.) We never recommend sharing your full date of birth, your workplace, your address or (perhaps more obviously) any passwords, social security/national insurance or financial information. Not even with “friends only” privacy applied.
Sponsored Content. Continued below...
Facebook Cloning Scams
If a crook takes over a friend’s account, they can see more of your account than strangers can. This allows a crook to create a more convincing “duplicate” of your Facebook account.
Cloning scams are where a crook creates a new Facebook account with your name and profile picture, making it appear like the account belongs to you, in order to trick your friends into accepting a friend request. Creating such a duplicate account is easy, since your name and profile picture are available for all to see.
However, if a crook can see the innards of your account by compromising a friend’s account, they can create a more convincing duplicate account, and copy over more photos, even status updates to the cloned account. And when they send out friend requests to your friends, those friends will be more likely to accept the request.
Make sure your friends list private, and if you notice your account has been cloned, warn your friends and report the cloned account to Facebook. More on Facebook cloning scams can be seen in our post here.
Crooks may love to know when you’re out of the house. For example when you’re on holiday. They know your home and belongings will be vulnerable when you’re away. Don’t broadcast when you’re leaving your house on social media, because you don’t know who might be listening.
To help protect yourself from these sorts of scams that may arise from a compromised Facebook account, we recommend keeping your Facebook friend limit to a reasonable number and remove friends that you don’t recognise or no longer wish to keep in contact with. If you do see suspicious activity such as name changes, report the account to Facebook and remove it from your friends list.