Cloned, Not Hacked

As some of our wise Scotts Bluff County Scanner followers have noticed, there have been some fishy (or should I say phishy) things going on with one of our recent Scanner Facebook posts.

No, we were not ‘hacked’, but yes there is someone posting as if they were Scotts Bluff County Scanner. More specifically, we had someone posting from several cloned accounts. This made it appear that we were commenting on our own post.

Your safety is important to us, including your information! Rest assured, we have taken every precaution to report the false page, hide any spam type comments and report these pages accordingly.

There is more to the bad side of the internet world than just hacking, so I wanted to take a moment to go over the several ways you or your loved ones can be tricked into giving your information away.

Ghost Accounts

Ghost accounts are inactive or unused online accounts that have not been deleted by the user. They shapeshift–from a neglected, forgotten or no longer accessible social media profile to an abandoned email account. 

Most people have an account they no longer use. But while abandoned accounts may seem irrelevant to the user, they can be a jackpot for hackers. Their dormant status grants quick and easy access for hackers interested in exploiting personal data in the commission of a cybercrime.

Cyberattacks that leverage ghost accounts are often referred to as Account Takeover Attacks (ATAs).

A hacker commonly executes an ATA for financial gain. After breaching a dormant account, the hacker may make large purchases. They will typically do this quickly before the victim notices the crime. ATAs result in billions of dollars of fraudulent activity every year. 

It’s important to note that these attacks often result from poor password hygiene, specifically password reuse. It’s not unusual to provide minimal personal information on an account (think free trials). The value to the hacker is when the credentials used on the free trial match your bank login credentials.

Profile Cloning

Account cloning is a simple scam – but it’s easy to be fooled by it. A cloned account is a copy, that uses your profile photo and other public information to trick your friends into giving up their information. It may seem like a harmless prank, but these clones can cause real damage. A cloned account may convince your friends to send them money, collect passwords or other information, or dupe them into other scams.

Account cloning isn’t a hack or an exploit – it’s just a result of clever scammers using your publicly available information to fool your friends. Pretending to be you, the cloned account could message your friend saying they need cash to handle some emergency – for example, being mugged and needing funds to get back home. You may think your friends are too smart to fall for a scam like that, but because these requests come from you, they may respond without thinking.

Web Scrapers

Web scraping, or crawling, is a huge data mining operation that both crooks and legitimate operators use to get hold of every personal detail about you that they can.

Automated “bots” or “crawlers” constantly search web pages, especially on social media and online forums, for names and information — and there’s plenty of it to find. Then they drop the data into spreadsheets, gradually building up a detailed profile of you and your family.

It’s perfectly legal if the information these people harvest is publicly available. Price comparison sites, for example, use crawlers to gather their info, which, as we know, can be extremely useful.

But there are other much more dubious scraping activities. For instance, even though only your friends may be able to see your Facebook posts (if you’ve used the right security settings), anyone else who visits your page can usually see certain information posted in the “Intro” section.

How do I avoid these monsters?

The first and most important thing to remember is that every single word or picture you ever post, any likes and preferences you show, any “friend” you follow and any social media group you belong to, is potentially vulnerable to scrapers and hackers. Think before you post, “like,” share, or answer questions.

Second, use privacy settings to the fullest wherever they’re available. Opting, for instance, to allow only friends and followers to see your Facebook posts is not enough. Run a full Facebook privacy check and do the same with every site you regularly visit.

Other actions you can take include:

• Changing your profile name if you currently use your real one on social media sites.
• Using up to date security software to block botnet malware.
• Blocking “friend” requests from people you don’t know.
• Considering software and services that offer to remove information about you on the internet.
• Learning what the sites that you use do to protect against data harvesting.

Things to watch out for

• People you don’t know personally asking for money.
• Anyone asking you to pay a fee to apply for a job.
• Un-verified Pages claiming to represent a large organization or public figure.
• People asking you to move your conversation off the platform to a less public or less secure setting, such as a separate email.
• People asking you to send them money or gift cards to receive a reward.
• Anyone claiming to be a friend or relative in an emergency.
• People who misrepresent where they are located.
• Messages or posts with poor spelling and grammar.
• People or accounts directing you to claim a prize.

Report any profile or page that doesn’t look legitimate.

If you see a profile or Page that’s pretending to be you, someone you know or a public figure (example: celebrity, politician), we encourage you to let the platform (Facebook, Twitter, Instagram, etc) know. You can report potentially impersonating profiles or pages to us even if you don’t have an account on that platform.

How can I avoid Facebook account cloning?

Start by hiding your Facebook friends list. Anyone who clones your account will use your friends list as a list of targets, but if your friends list is private, it’s much harder for them to find anyone who will fall for their scams. Fortunately, hiding your friends list only takes a few quick clicks:

1. Open Facebook from your web browser.
2. Click the triangle in the upper right to open the menu, then select “Settings & privacy.”
3. Select “Settings.”
4. Click “Privacy” in the left-hand column.
5. In the “How people find and contact you” section, check to see who you have selected as being able to see your friends list. If it’s “Public” or you want to change who can see your friends list, move on to step 6.
6. Click on “Edit” next to “Who can see your friends list?”
7. In the drop-down menu, select who you would like to see your friends list.

And while you’re looking at your Facebook settings, it’s never a bad time to review your privacy settings. Keeping your information locked down is the best way to keep yourself safe, so take a minute to review your other settings.

In the end, just remember to protect your information, including numbers, email, address and passwords as well as your connections with family and friends.

“Keep it secret, Keep it safe!”

So, What Does Hacked Mean?

Hacking, in respect to Facebook, is the act of gaining access to your legitimate account. This is worst case scenario.

There are a number of ways you can get hacked on Facebook, both voluntarily and/ or unknowingly, usually the former.

A great way to get hacked is to leave yourself logged in on a public computer, an office computer or someone else’s pc. The next person to use that computer will be acting as you, and can leave yourself open to trouble. Always log out!

Another popular way to get hacked is when a ‘friend’ messages you out of the blue asking for your help getting into their account. They want you to send them a code (the key to full access to your entire life on facebook). NEVER do this. Facebook will never send a code to a THIRD party. If they cannot get into THEIR account, Facebook will send THEM (and them only) the code they need. Never fall for this, you may never recover ftom it.

If you need help securing your account, or have questions, Hale Multimedia has been helping people with this kinda stuff since Brian started programming Apple computers in 1978. Give us a call 940-224-6315 or 308-635-7271.