Cyberscumbags Hijacking Social Media Accounts

Tuesday, May 04, 2010

Theresa Payton

D13f77e036666dbd8f93bf5895f47703

Our Word for the Week:  KOOBFACE.

Koobface is Facebook scrambled.   This malicious software targets users of social networking websites such as Facebook, MySpace, and Twitter.  

It’s purpose is to infect your PC and try to collect information about you or others via your computer such as credit card numbers, bank account information, and other details.  

Charlotte CBS Story Coverage:  http://www.wbtv.com/Global/story.asp?S=12396739

A SCAM YOU NEED TO KNOW ABOUT:

1.8 Million!  That is the number of hits you get when you type in “What To Do If Your Account Was Hacked” on Google.

Cybercreeps are using every trick in the trade to take money from you and your friends.  A scam you need to know about involves cybercreeps hijacking your Facebook, email, or Twitter accounts to get to your friends.  

Former White House cybersecurity expert, Theresa Payton, gives us more information on how this scam works and how to protect yourself.

Picture this Scenario:

Your heart pounds and you can barely comprehend the message you got from your friend.  Your friend just sent you a message online -  The message mentions real and personal facts about their life such as a sick Dad or a trip they are on.  You say something supportive and then your friend mentions she or he needs a small sum of money in a pinch and quick.  

You want to help your friend but if you are not careful, you will find yourself in the middle of a scam. 
This is scary.  It is happening to very internet saavy people.  Theresa had a social media professional contact her to ask for help.  

Cyberthugs had hijacked her Facebook account and email.  Not only were they sending messages asking her friends for money, they also began setting up new accounts and profiles in her name!  The kicker is, she could not get immediate help at Facebook or her email service provider so the cyberscumbags had her account hijacked for weeks.  

Her accounts are essential to her business.  The social media professional believes she was targeted because her list of contacts is so large.  This is not just annoying, it’s impacted her business.  She wants me to educate others about this.  She and I both agree that if it can happen to a social media expert, it can happen to anyone.

How to tune your antenna to spot this scam:

1.    SHOW ME THE MONEY:  Anyone that needs money wired to them quickly, it is most likely a scam.
2.    E-CHAT ONLY CONTACT:  Only communicating with you via online and not willing to let you call them.
3.    GRAMMER:  Bad grammar is usually a dead give away.
4.    TRUST BUT VERIFY:  Ask a few questions that may not be easily found on their accounts such as, “Where did we first meet?” or, “When I last saw you, what did we talk about?”

A NIGHTMARE COME TRUE.  READ ABOUT A SOCIAL MEDIA EXPERT'S EXPERIENCE:

Caitlin runs a Social Media business.  Facebook, Twitter and Email are her lifeline to her customers and colleagues.  She's as saavy and connected as they come.  She knew social media sites are risky but figured, when the time came, if she needed help, she could get it. 

She had no idea how at risk she really was.

About 3 weeks ago, she sent out a couple of emails.  She then linked her Facebook and Foursquare accounts using a service. 

About 10 minutes later she could not get into her email on her phone.

It was not long before her phone started ringing non stop.  A friend called her and said, "I think your account has been hacked, I'm getting weird emails."

Frantically, she tried to get into her email account and could not.  Her Mom contacted her and read her the emails, "I'm stuck in London.  I need help getting home.  Please email me back if you can help me out."

Friends start calling her and were worried.

She went to Facebook and posted on her Facebook account that something was wrong with her email and not to respond.

Then the hackers took over Facebook and started spamming her friends.  They had conversations with up to 30 people.

They chatted with her network pretending to be her. That's when they started asking for money.

The story takes an ugly turn.  

Caitlin had not shared with her network of friends and customers that her Dad is in poor health. She confided in a few about his condition, some via email. 

The cyberscumbags trolled through her email and learned that her Dad is in poor health.  They used this information to appeal to people's hearts and emotions.  They started telling people her Dad died.

Caitlin tried to contact Twitter, Facebook, and Gmail to get help.  She was faced with a bureaucracy of forms to fill out.  She could not find a human being.

Caitlin begins to worry about her business reputation.  She's spent 2 years building her blog and was worried they would take over that.

Frankly, she was helpless.  

When I talked with her and asked her what help she received, she said, "Only 2 people helped me.  Richard (who is a colleageue) and you.  Not one person from any of the companies got back to me."

To make matters worse,  Facebook kept rejecting her forms to ask to be let back in.  She did finally get control of her Facebook account - 3 weeks later.  

In the meantime, the hackers opened up a Microsoft email for her and forwarded her gmail account to that new account.  

It took her 2 days to get into her original account.  

When she got in, they had ransacked her email and removed all financial information from her email.  These cybercreeps had the audacity to pull emails out of her account about her personal life.  

The cybercreeps contacted people on Facebook they directed them to new email account that they had created under fraudulent circumstances.

She contacted Microsoft to ask them to shut down the account and nobody every got back to her.

What upsets Caitlin the most?  "They did not take advantage of me.  They took advantage of my network.  The people that were really harmed, was the secondary group that are not as close to me but still care about me."

Thankfully, nobody lost any money.  2-3 people almost did send the money but Caitlin got to everyone before they did.

Caitlin sums up the experience in two words, "Total nightmare."

"I was literally sitting there watching them take over my life.  I had friends calling me saying they were talking to the hackers online." 

Caitlin filed a report with the FTC and local law enforcement.

"I really hope people understand the house of cards that we have in the social networking sites.  There is nothing you can do, there is nobody you can call.  Law enforcement is really more interested in what they are doing to my banking account vs. my Facebook account."

People with LARGE networks are the most at risk for this type of hijacking.

"I used to use the same password for Facebook and Gmail.  I think they may have cracked my Facebook password somehow.  I will never trust the social media space the same way.  I really had an eye opener.  Like a lot of people, I had a false sense of security that if I really needed someone that I could get someone to help you.  I look at what I put online differently.  This is really at an risk thing." 

Caitlin also added, "I went to all of my clients and told them to change all their passwords."

When I asked her how she felt now and if she felt her accounts were finally clean and free of cybercreeps she said, "No, I don't trust that my accounts are completely clean."

HOW TO AVOID THE H.A.C.K.:

1.   H: Have a routine in place to regularly change your social network passwords.
2.   A: Always antivirus.  Sometimes your account may be easy to hijack via a virus on your computer. 
3.   C:  Choose a different password for each of your accounts. 
4.   K:  Keep private details of your life off of social media accounts.  It’s harder to act like you if they can’t read it in your profile.

WHAT TO DO IF YOU OR A LOVED ONE HAS BEEN HACKED:
FACEBOOK:

To report this kind of scam to Facebook, visit: http://www.facebook.com/help/contact.php?show_form=419_scam

Facebook write up on the hacked account and money transfer scheme:

http://www.facebook.com/help/?page=420#!/help.php?page=1010

How to report your account as hacked:  http://www.facebook.com/help/?page=420

TWITTER:
http://help.twitter.com/forums/10713/entries/31796

GMAIL: 
http://mail.google.com/support/bin/answer.py?hl=en&answer=50270

See also:  http://www.eztechtips.com/has-my-gmail-account-been-hacked/

DO YOU HAVE A VIRUS?

It is possible that this scenario might have happened through a computer virus. 

Stop using your home and work computer until they are checked out.  Call your computer support desk or seek out a local expert to assist you with your computer to find and isolate the virus.

Microsoft provides free virus and spyware removal support to Windows customers who think they have an infected computer.

Call:                    1-866-PC Safety for phone support.
Online:           Microsoft customers can also visit http://safety.live.com for free online virus and spyware removal.

Apple provides help to computer users that believe their Mac may be infected.

Call:                    1-800-APL-CARE (1-800-275-2273)
Online:         Set up a phone appointment http://www.apple.com/support/expert/ or, request an in-person appointment at your closest 
Apple Store’s Genius Bar:  http://www.apple.com/retail/geniusbar/ .
BANK ACCOUNTS / CREDIT CARDS:Check your banking and credit card balances regularly after something like this occurs.
I recommend online alert services where you can set up alerts to notify you if a transaction takes place or if a transaction is over a certain amount.  Go to your online banking and credit card page for more information.
CREDIT REPORT:As a precaution, also FREEZE the credit file.  Request alerts on your credit reports.  .
Online:
Equifax:                  http://www.equifax.com
Experian:                    http://www.experian.com/
TransUnion:                  http://www.transunion.com/
North Carolina offers a free credit freeze for victims of identity theft - Go to the following website for more information:
http://www.ncdoj.gov/News-and-Alerts/Alerts/Freeze-your-credit-for-free.aspx.

LAW ENFORCEMENT / AUTHORITIES: Engage authorities.  They are committing fraud.
a.  File a report at the FBI's IC3.gov. 
b.  Contact the Federal Trade Commission.  
Federal Trade Commission:
Call:                    877-IDTHEFT or 877-438-4338
Online:          http://www.consumer.gov/idtheft

PRIVACY RIGHTS:
You may also want to review your Privacy Rights at www.privacyrights.org for more information.

 

Possibly Related Articles:
4667
Viruses & Malware Privacy
Twitter Facebook
Post Rating I Like this!
Default-avatar
Carla Getchell The day after I read this article I received an IM from an overseas friend (so the bad grammar did not tip me off). I realized within a few comments that I might not be talking with my friend. I asked them where we had met and they did not answer correctly. They attempted to lure me to a website for an IQ test.
1273541234
D13f77e036666dbd8f93bf5895f47703
Theresa Payton Carla, Thanks for sharing your story. It's important to get the word out.
1273543257
The views expressed in this post are the opinions of the Infosec Island member that posted this content. Infosec Island is not responsible for the content or messaging of this post.

Unauthorized reproduction of this article (in part or in whole) is prohibited without the express written permission of Infosec Island and the Infosec Island member that posted this content--this includes using our RSS feed for any purpose other than personal use.