What is worst than getting locked out of your Facebook account after it got hacked? When the hacker uses your account to share an embarrassing post, tag all your Facebook friends, then deletes the post after an hour without you knowing anything.
That just happened to a friend of mine. Scary? Absolutely. All he can do at this point in time is prevent the hacker from getting access to his account and carry out damage control. But the damage that has already been done is irreversible.
So what can you do when this happens to your or one of your friends? How can you prevent such things from happening to you? After contacting SingCert and searching various websites for the answer, here is what I have gathered.
Before I begin though, I am sure you are interested in what happened to my friend’s Facebook account. At 2:30PM on a Sunday, I received a notification from Facebook, informing me that my friend had tagged me in a comment on a link he shared.
Tapping on the notification, I discovered that it was a link to an obscene post, as you can see below. The worst part of it is that all of his friends were tagged in the comments. To protect everyone’s identity, I have censored all the names in the image.
I knew that my friend would never do such a thing, and the emoji between each name tagged was very suspicious. Hence, I messaged him about the post and he had no clue that it happened. When he checked his activity log, there was nothing.
What happened? The hacker deleted the post, leaving no trace that it was done. But it was too late. Everyone tagged in the post had already received a notification and those that clicked on the notification before it was deleted saw what he shared.
What to Do When This Happens to Your Friend?
1) Do not click on the link
Even if you are interested in the content of the link, do not click on it or you might become the next victim. The link is likely to be malicious, a trap set by the hacker in an attempt to gain access to your Facebook account. DO NOT CLICK!
2) Inform the victim immediately
In my example above, my friend had no idea that his account was compromised and used to share the disgusting post. If he hadn’t logged in after being alerted about it, the post might still be up there and more of his friends would have seen it.
Let the victim know about it as soon as possible, so that he/she can take down the post and carry out damage control before it spreads further. Also, this would prevent more people from clicking on the sketchy link and falling victim to it.
What to Do When This Happens to You?
After the incident, I contacted Singapore Police Force and SingCert on how my friend could resolve the incident. Both told me to contact Facebook, but if you have tried, you will know doing so isn’t as easy and straightforward as it sounds.
Facebook does have a page where you can report compromised account, linked here. But other than recovering your account, it ain’t very useful and may not be sufficient to prevent it from happening again. So what else can you do?
Thankfully, SingCert also gave me a couple of pointers on how to report and prevent such attacks in the future. Combining tips I found online, here is a list of things you should do when someone compromises your account and does horrible stuff:
1) Send an email to SingCert with the screenshot/link
If possible, ask your friend to send you a screenshot of “your” post or the link shared by “you”, before you take any other action. Then, send the link or screenshot to SingCert’s email and they will try to prevent such things from happening to others.
2) Change your password and enable 2FA
Now that the hacker has access to your account, they probably have your password so you will want to change that. Choose a reliable password that isn’t too similar from your old one.
Next, enable 2 factor authentication by going to Settings > Security & Login > Use 2 factor authentication > Edit on your Facebook Account. Once enabled, you will have to enter a 6 digit code on top of your password whenever you login on a new device.
The extra step when login in on a new device is not very convenient, but your account will be a lot more secured and you will be notified whenever someone tries to login to your account.
3) Reset devices that are possibly infected
Think about why someone could have gotten access to your account. Did you leave your device unattended? Did you download anything sketchy? Did you click on any suspicious links?
In my friend’s case, I suspect that something nasty was inside his computer or phone all along, silently collecting his passwords, personal data and activities. Knowing his habit of downloading stuff from suspicious sites, I am not surprised.
From my understanding, no Facebook apps has permission to leave a comment as the user. Hence, in order to tag his friends in the comments, the intruder must have access to his account.
Next, the emojis used in separate the names tagged leads me to believe that it is done by a bot. Which human has so much time to waste on switching between so many emojis?
4) Announce that your account was compromised
When such a thing happens, there isn’t a way to undo it, so the best thing that you can do is damage control. Delete the post if it hasn’t been done so by the hacker already and announce to your friends on Facebook that your account got compromised.
Conclusion – Stay Safe Online!
Before the attack, I thought that getting locked out of your account or getting your data stolen was bad and I am sure that I am not the only one who thought so. But after this incident, we now know that it can get a lot worst.
None of us wants to have to deal with such attacks and the only way to truly do so is avoid clicking on any unreliable links and do not download anything from sketchy sites.