URGENT - Facebook Hack Alert

Ln3xia on 06/04/2016 - 22:45
Last edited 07/04/2016 - 17:40 by 1 other user

Just reposting in as many places as I can. From what I can tell, this has only affected Australians so far.

My friend's account was hacked today. Not mucking-around-between-friends kind of hacking - I mean actual hacking. If you get the following message from any of your Facebook friends, DO NOT supply any account recovery details like email addresses, phone numbers or codes.

"Hey, Sorry to ask you but would it be ok if i added your phone number as a recovery option on my email? I need to add something before it will let me back on and i really need to get on it asap and can only ask around online at the moment,"

The messages are from someone else using your friend's account, attempting to gain control of YOUR Facebook account and/or email account too.

This is not your run-of-the-mill scam or Facebook hack. I believe a real person is behind it, not a bot or automated script. What the hacker/s do is pretend to innocently request help from you to 'recover' your friend's account. What they actually do is use Facebook/Gmail/Hotmail etc's 'forgot my password' feature to request a recovery code be sent to you to recover YOUR account, not your friend's. DO NOT SEND THEM THE CODE.

Once they have gained control of your account/s, they will look for nude photos, bank details, your home address or other confidential information or blackmail material and threaten you. They do not ask for money. There's some screenshots here of the messages my friend received from the hacker.

If you or your friend has been a victim of this type of attack, please call their phone number/s (do NOT email or Facebook message them, as their accounts are probably hacked) to notify them, then notify police. This is a criminal offence and the perpetrator must face consequences.

My friend, the victim here, is a law student and works in anti-corruption and fraud. I almost fell for it too and I am more tech savvy than the average person. It is not unusual for this particular friend to trust me with her passwords or ask me for assistance with her personal accounts. This is a clever blackmail scam and could happen to anyone. The AFP and ACORN (Australian Cybercrime Online Reporting Network) were most unhelpful to my friend. They simply told her to change her password and submit a report to Facebook about it - because Facebook have such an excellent history in dealing with these types of issues in a swift and appropriate manner rolls eyes

Please share to warn your friends - especially women, who are most at risk of this type of exploitation.

Internet

Related Stores

Facebook
Facebook

Comments

  • spackbace on 06/04/2016 - 22:52
    +4

    Lol

    Wait wait, apparently that's victim blaming.

    I can't help myself

    Must resist

    Uh oh, it's gonna happen again

    Lol

    • spackbace on 06/04/2016 - 22:54

      Oh and your friend's reply to your 'friend' (the hacker) of "I know we hardly ever talk" says it all really!

      And in order for someone to get in that position, they first need to obtain your friends Facebook login details. That in itself should be a difficult task.

      • n3xia on 06/04/2016 - 23:06
        1. The conversation in the screenshots was between my friend and the hacker, not me.
        2. You're right, that IS victim blaming.
        3. They did not need all of the login details because they used the 'forgot my password' feature. My friend did not give her password away.
        • spackbace on 06/04/2016 - 23:50

          Someone had their Facebook password stolen, in order to msg your friend in the first place… Get what I'm saying here? 2 people got hacked in your story.

        • n3xia on 15/04/2016 - 10:08

          @Spackbace: Yes, someone. But not the women in the screenshots, and not me. My friend and her friend were both hacked; their passwords were not stolen.

        • spackbace on 15/04/2016 - 10:16

          @n3xia:

          My friend and her friend were both hacked; their passwords were not stolen.

          You can't have 1 without the other in this instance. A Facebook login requires a password, obtained by a number of different way, but requires the password nonetheless.

          Something isn't adding up here and it's strange. The first Facebook account had to be either a) copied, in order to look like your friends, or b) password stolen, but then you're trying to say that the login details weren't stolen…!

  • Nutrino on 06/04/2016 - 23:21
    +1

    Social engineering.

  • altomic on 07/04/2016 - 00:18
    +4

    Please share to warn your friends - especially women, who are most at risk of this type of exploitation.

    Brooke, it's 2016.

    • n3xia on 07/04/2016 - 07:41

      Yeah, and we're still dealing with sexism. Amazing, isn't it? But yeah, the hackers were targeting women only.

  • spackbace on 07/04/2016 - 01:10

    Actually I'm still trying to work this out, someone appears to actually not be tech savvy.

    So, was the first Facebook profile hacked, or spoofed? I've heard of people copying your profile, adding your friends, in order to try things like this.
    Or, was the first account hacked, and from there they msged people on their friends list?

    2 different things, both with obvious flaws. 1st one should be picked up by at least 1 sensibly minded friend, and the 2nd should inform you that you're getting msgs come in (as the hacker chats to your friend/s).

    And then, once your friend's email was hacked, they couldn't have gotten into her bank accounts, not just by an email address. Not unless she stored login details in an email, which isn't very clever. So, empty threats on that one.

    So yeah, I doubt this scam is really gonna go far. And the 'hacker' knew that, hence asking for nudes… I mean seriously, that was his mission?!

  • eatwell365 on 07/04/2016 - 01:51

    Thank you OP.

  • the-mal on 07/04/2016 - 07:49

    Very lousy situation for your friend.

    It does raise one good lesson though: don't keep nudes or logins/passwords or credit card numbers stored in your email or on any cloud service.

    Just don't do it. These accounts (cloud photo storage, cloud email, cloud messaging apps) are not secure because they rely on the human brain to keep them that way (brain, pick a good password, don't write it down, don't give it out to friends, don't click unknown links, read emails carefully etc). Humans are always the weak link in the chain and social engineering always targets the easiest human flaw: our desire to help others in need.

    We can't switch that flaw off. We'll always hold the secure office door open for the person with their hands full, we'll always stop to speak to that "tourist" who needs "directions", we'll always try to "help our friend".

    So be safe and just don't store super sensitive information like nude pictures or passwords/logins in your email/facebook/online account. Before you put anything in a cloud service ask yourself "Could this ruin my life if it went public?". If the answer is "yes"…don't post/store/send it. Zero exceptions.

  • [Deactivated] on 08/04/2016 - 15:13

    wouldnt this be phishing rather than hacking?

  • spackbace on 09/04/2016 - 12:43
    +1

    OP, care to share about how it happened in the first place?

    It looks like Brooke either had her Facebook password stolen/hacked, or a duplicate account was created, allowing the hacker to pose as her. 1 of these 2 options then allowed the hacker to contact Eun.
    So without even going into the phishing exploit to then get Eun's info and gain access to her email, maybe share how Brooke's Facebook got attacked?

    Me, I have everything locked down except for friends, with a complicated password that isn't used for any other accounts. Only way of gaining access is to keylog me. No one else can see my friends list, my photos, nothing, so they couldn't spoof my account in the first place.

    I'm amazed at the people that share things so publicly in this day and age. I mean when I clicked through onto your friend Eun's page, she's shared those images with the world. Her private images that the 'hacker' got, she's then showing anyone. Really?!

    • n3xia on 15/04/2016 - 10:01

      My account did not get hacked. The hackers did not use mine or my friend's password to gain access to our accounts. My name and profile was not in the screenshots, either, and your assumptions and speculation and victim-blaming is not helpful. Just read the post properly, heed the warning and move on.

      If you think you're impervious to hacking or phishing attacks, you're probably more likely you are to let your guard down and become a target of such attacks. My friend is the most careful person I know about her privacy and online security, and she became a victim. Obviously you've read the comments on my public Facebook post, because you found my friend's profile. Did you also see the comment where she said she's a law student and works in anti-corruption and fraud? And where I said I am more tech savvy than the average person? Clearly it's not just stupid people who fall for these things.

      My friend chose to post the screenshots of the hackers' messages, including the uncensored photos, because she felt that in taking ownership of the photos and presenting a body positive message, she removed what little power the hackers had to blackmail her. She also felt that warning other people (especially women, as they seem to be the target of this attack) was more important than her privacy or dignity in this instance. I'm not sure if you also noticed that that post is literally the only thing that is publicly viewable on her profile.

      • spackbace on 15/04/2016 - 10:14

        Just read the post properly, heed the warning and move on.

        In order to fix the future, we must learn from the past. If you can't say how they originally hacked the first Facebook account, then it's all meaningless, as without that they can't even complete the hacking/phishing attempt. I don't know why it's so difficult to explain how the very first account got hacked/copied in order to then msg your friend?

        Sigh anyway looks like it'll be another week before we even see a response.

        • n3xia on 15/04/2016 - 11:22

          I don't know Nira so I can't actually tell you for sure. I'm assuming she got hacked in the same way. Nira would have got a message from one of her friends saying they need help recovering their account, etc. I don't know why it's so difficult for you to figure that out yourself.

        • spackbace on 15/04/2016 - 11:27

          @n3xia:

          I'm assuming she got hacked in the same way.

          I'm sorry, there's a line about the word 'assume'…

          Your warning is meant to help people prevent the situation from reoccurring. It can't do that without all the facts in place. You've been to university, I'm sure you know how to formulate an argument with sound reasoning, highlighting the facts. Well, this is missing key details, and without it, forms nothing.

          I mean, I can assume that your friend freely gave out her login details to someone to get back at the other friend. See, assumptions can be made, whether rightly or wrongly, but without those details, they can be made…

        • n3xia on 15/04/2016 - 11:31

          @Spackbace: I can't give people the facts if I don't have them. If you directed this much energy towards the hackers instead of the victims/potential victims, maybe you could prevent the situation from reoccurring.

        • spackbace on 15/04/2016 - 11:35

          @n3xia:

          But without knowing the details, how do we know this is even a possible thing? It could actually be friend A's brother, jumps on friend A's computer/laptop, sees Facebook is logged in and proceeds to cause trouble, thus messaging friend B, obtaining her details, and proceeding to attempt to get the pictures.
          Trying to get nudes seems a very juvenile thing, which is why I guessed to a brother or someone known to friend A, maybe even known to friend B. Seems more likely than some hacker from elsewhere, who would've been more interested in the contents of the emails rather than pictures.

          So this all could just purely be an isolated incident.

          I'd be getting friend A to check her computer/laptop history details. I saw they also got the IP of the gmail login (of the hacker). That would, at the very least, pinpoint the city they were in (if not behind a VPN or anything).

  • Ughhh on 15/04/2016 - 10:44
    +1

    One thing I'm confused about is, her first reply to the the fake 'Nira' was "I know never we basically never talk", so they're not really friends, really just someone she knows. Doesn't that raise suspicions when someone who you never talked to suddenly wants your personal info for something so vague? Why ask you and not someone who she's actually close friends with?

    Blackmailing and hacking etc is definitely wrong, but I think we all have a responsibility to protect ourselves. The law can only protect you so much, it can't fix the past and the future can be hard to control- especially with the internet being so powerful now.
    Yes you have the right/freedom to post whatever you want, provided its legal and abides T&Cs, but its sort of like revealing 20x $50 notes in your hand while shopping- you wouldn't do that right? Despite having the right. I know I'd be hiding it deep in my bag and freak out at anyone who gets too close to me. Your body and privacy is worth more than $1000!!!

    As long as there's money to be made, all sorts of illegal practices will always exist, including drugs, blackmailing, fraud, scams etc. Rather than dealing with the problem when it happens- which is often too late, why not prevent it from happening in the first place. Whether its being more careful with what you post or taking extra measures to secure whatever it is. It's not a perfect world, you can't have happiness without making a few sacrifices- whether it's worth it is up to you though.
    You can shout victim blaming all you want, but guess what, that won't solve your problem or prevent it from happening to you again in the future. You can't change others but you can change yourself. (You= a general 'you' aka people btw).

    • n3xia on 15/04/2016 - 11:27

      My friend is one of the most careful, probably even paranoid people I know when it comes to her online privacy. She is literally the last person I expected to be a hacking victim. But all it took was one momentary lapse of judgement. This could happen to anyone - especially people who think it won't happen to them.

      The hackers did not ask for money in this scam. They are clearly just trying to humiliate women and collect explicit images.

      Did you not consider that my post warning others of the hackers' strategy is a means of prevention?

      • Ughhh on 15/04/2016 - 11:42

        Not having a dig at your friend, but I wouldn't consider posting sensitive photos on social media as paranoid about online safety. I had a friend who said she was tech savy and knew about scams, yet fell for the fake "Free $500 JB-HIFI gift voucher" scam.

        This could happen to anyone.

        Sorry but I disagree. This is not something thats impossible to avoid. The online world is growing rapidly, we need raise our standards/level of carefulness and educate ourselves. Online businesses are already doing that and are always looking ways to improve, we should too!

        Also, imo, if you do want to post nude or sensitive photos online, never include your face or any identifiable objects such as bedroom, tattoos and birthmarks. That way if those bastards get hold of your photos, well…who knows, it could be anyone, go ahead and share them.

        edit: actually yes, it could happen to anyone, but not everyone will fall for it.

Login or Join to leave a comment
Login Join