Thursday, December 19, 2013

Help your compromised friends on Twitter and Facebook

Have some of your family and friends on Facebook or Twitter been posting some very strange messages recently? They have lost control of their accounts, possibly by entering their passwords on a phishing site, but more likely by having malware on their computer. At the bottom of this post, you'll find some tips on helping your friends by reporting the strange messages to Facebook and Twitter. You'll want to also advise them to update their anti-virus software and scan their computer for possible malware. Changing all of their passwords would be a Very Good Idea, but if they do it from a compromised computer, the bad guys will learn the new passwords as well.

Here are some details about recognizing compromised accounts for two recent scams -- "help identify the criminal" and "I quite my job, you should too!"

1. Facebook Friends want help identifying criminals

ysterday 4 dudes tried to steal my car. have youguys seen them? Here is their profile

ysterday 2 guys tried to steal my car. have youguys seen them? Here is the vid

ysterday 4 blackguys tried to steal my car. do you guys know them? Here is there pics

2days agos 2 white boys broke in my moms car. does anyone of you know them? Here is there pics

2 days agos 2 dudes tried to steal my car. have youguys seen them? Here is the vid

This morningg 5 dudes broke into my sisters house. have youguys seen them? Here is the vid

ysterday 5 black boys tried to steal my brothers car. does anyone of you know them? Here is the vid

3days agos 2 guys broke into my house. have youguys seen them? Here is their profile

Earlier todayy 3 dudes beat my dad up. have youguys seen them? Here is their profile

What are the odds that poor RS has had 3 guys steal his car, 5 guys break into his sister's car, and 2 dudes break into his brothers house in one week? Poor guy! How can we help him?

2. Facebook Friends quitting their job

From December 10th until yesterday, your friends weren't asking for help with criminals, they were all quitting their jobs! Messages like: I am finally quitting my j ob tomorrow after 14510 days of putting up with my idiot boss i just need to do it. I have no idea why i am workin' there anymore when ive been making about $200 dollars everyday for the past 6 months working at home. I am so happy I found this website http://something-random.tumblr.com/?random -- with YOUR NAME and 21 others

One of my grad students at UAB was the first one to tip me off to this scam after his wife showed him suspicious posts for her friend! Our lesson? If you write malware, don't let it tag people who have family members working for me!

Sometimes the messages were about the dumb boss, idiot boss, childish boss, asss of a boss.

Your friend my have been "generating around" or "making around" some random number of dollars, $100, $200, $250, $300 for some random number of months.

As you can see from SO's page, the same people who have lost control of their accounts for the first scam are also targeted by the second scam:

When I was searching for the unique spelling of "QUIT MY J OB" with the space in the word Job, I noticed the posts were also all over Twitter:



Twitter => Facebook version

If the victim has both a Twitter and a Facebook account, the Twitter account drives traffic to the Facebook account that then sends them on to Tumblr.

Here is one of many dozens of examples where "JJ" had a twitter account that posts a link to a Facebook shortened "fb.me" link where JL has tagged seven of her friends in the message.

Instead of REPORTING THIS AS SUSPICIOUS, Her friend "Liked" the post!!!

AG had the same issue - his Twitter post sends traffic to the Facebook post, that sends to the Tumblr page.


VR's posts go the same way ... Twitter => Facebook => Tumblr


Quite a few other Twitter posts also send visitors to Facebook pages . . .


Twitter => Direct to Tumblr

Today we are seeing more of the Twitter links pointing directly to Tumblr, bypassing the Facebook component of the scam.

Help your Facebook Friends?

If one of your friends has had this happen to them, the best thing to do is to REPORT THE POST TO FACEBOOK, and then send them a message.

First, use the "pull down" arrow at the top right of the message to choose "Report/Mark as Spam"


After you hit "Report", click the WORD "Report" underneath the message to give more context to your report.


Tell them that this is "Spam or Scam" and hit "Continue"


After you get your Thank You from Facebook's Security team, follow the link to "Help Center Security section"


On that link, choose "Hacked Accounts" -- Note: You can share this link with your friends by telling them to visit: HTTPS://WWW.FACEBOOK.COM/HELP/SECURITY/

There are several good sets of information that can help your friend with the hacked account, or help you learn more about helping your friends! Be the Security Expert in your group of friends, share this information with them!


Help your Twitter Friends?

On Twitter, use the ...More button to begin your report

What happens on the TUMBLR Pages?

That part is still a work in progress . . . for now, trust me. Don't go there! I'll update here when I can share more details.