New Hackers on Facebook

Claim:   Hackers seize control of Facebook accounts to post insulting messages on the walls of friends of those whose accounts they've taken over.



[Collected via Facebook, August 2015]

WARNING EVERYBODY: New hackers on Facebook and what they write is aggression from you and it's insulting. It's really nasty and it appears to come from you. You do not see it, but your friends do. One result of this can be that you will be deleted on your friends list. I just want to say, if you get something that is offensive, malicious, vulgar, etc., it is ABSOLUTELY NOT from me! Copy this and let your friends know. If you get anything like this from me, please tell me and report it immediately to Facebook. Apparently it can come in messages too. Everyone knows me and knows how I am, so please don't be fooled! PLEASE do NOT share! "COPY AND PASTE" ONLY!

Origins:   False warnings about hackers invading Facebook accounts to post insulting messages to the walls of friends of the rightful owners of those accounts have been circulating in e-mail and on social networking sites since at least 2011.

Facebook accounts can be retooled by hackers to issue missives their actual owners would never send (such as the posting of derogatory notes on friends' walls), but the mechanism whereby malcontents gain such control is one of social engineering rather than computer wizardry. There's no special programing trick the
ill-intentioned have mastered that allows them to seize control of social media accounts, no way for 'hackers' to randomly access Facebook accounts and use them to send insulting and/or sexual messages in others' names. Instead, it comes down to a matter of tricking the unsuspecting into unlocking the door through which invaders gain the access they seek.

Those who lose control of their accounts do so through unintentionally installing rogue Facebook applications. Or they fall victim to clickjacking schemes when they click on proffered links misleadingly labeled as innocuous or alluring items (such as "Like" buttons or links to videos that sounds interesting) when in fact they are really quite different critters. Or (as was the case in the November 2011 Facebook porn video attacks, described in further detail on our page about that incursion) they are duped into executing malicious Javascript code in their browsers' address bar. Or they fall prey to phishing schemes.

The bottom line is that Facebook users have to actively do something (even if they aren't aware they're doing it) to open the door and allow hijackers to access their accounts; security-conscious users need not worry that "hackers" will suddenly seize control of their Facebook accounts no matter what precautions they may take.

Last updated:   10 August 2015