This scam isn’t new. It doesn’t look like it’s going away anytime soon either.
As the app developers patch the security loop-holes, hackers are already working on new ways to get in.
This is a long running scam that appears to get smarter with every wave and phase.
The Facebook Messenger hack scam explained.
Time needed: 10 minutes.
What To Do When Facebook Messenger Is Hacked
- Don’t Panic
This is a bot attack. It can be easily managed.
- Alert Your Friends
In order to break the chain, alert your contacts “not to open message attachments from you”.
- Change Your Password
This is purely a precaution and gives you piece of mind.
- Check Activity
Follow the instructions below to check the account login history for the last 12 months.
What To Watch For ( Prevention)
If you receive a message on Facebook Messenger from a contact that doesn’t usually message you on there…. STOP! Do not open the attachment.
When I use the term “do not open the attachment”, that means do not tap on the video, the picture or the link.
We are all pretty well drilled about opening attachments in emails in case they contain virus’s, but in Facebook Messenger, these “attachments” may come in the form of a video, a link or an image.
Opening the attachment (such as viewing the video) runs a piece of code that will execute on your account (not on your iPad, PC or mobile – on your account). So deleting the app from your phone does nothing. It will forward the message to all of your contacts in your account.
What To Do If Your Account Is Hacked
- Alert your friends.
- Change your password
- Check your Facebook account activity for unusual logins.
Alert Your Friends
Once the message has been sent from your device to all of your contacts, really the first thing to do is attempt to break the chain and limit the damage.
Post something on your Facebook timeline warning your friends not to open the video sent from you. Unfortunately many will have opened it before seeing your post but this will reduce the spread.
Change Your Password
Change your password. What this will do is show you whether your Facebook account has really been hacked. When you attempt to change the password, it will ask for your existing password before you can proceed. If Facebook doesn’t accept this, it’s time to retake control of your account.
How To Retake Control Of A Hacked Facebook Account
Firstly use a different device. Another phone, another iPad, PC, etc.
Go to the webpage on the browser, www.facebook.com and instead of logging in normally, click “Forgot Password”.
This will take you through to the verification console which will get you to confirm your identity by entering in a code that they send to your email or text to your mobile. Once this code has been submitted you will be asked to create a new password.
If you are logged in to your Facebook account go to Settings / Settings & Privacy / Security & Login.
From here have a look at the log to see which devices were recently used to access your account. You will recognise them by device type & geographical location. If any look suspicious, select the menu (3 dots) next to them and select “Not You”.
From here by following the same steps, you can log out of other devices.
Received A Hacked Message But Didn’t Open It
If you have received a phishing message from one of your contacts but didn’t open the attachment, you should be OK. However there is no harm in changing your password.
It might be worth deleting the conversation thread. On most mobiles, in order to do this, go to the main index in messenger and swipe to delete the affected thread.
Why Do They Do It?
This is a question that many people ask. Why? What do they gain by implanting these “pointless” hacks? What is the point?
The answer is to steal money. To trick you. To scam you…. but how?
It’s all about linking people and accounts together. This was done for years on email platforms. The only difference now is the platform.
These Are Bot Phishing Scams
The first phase of the attack is in the form of linking users, contacts & accounts together. This is known as phishing. Compare this to a sales canvas seller generating leads for the actual trained sales team to move in for the hard sell.
In the scammer world, there are many techniques that are used to create leads and phish for data.
The next phase of the attack is a lot more serious. This is where the human scammers use the information gathered by the bots, go to work.
Quite often the attack is aimed at a larger target. Your employer or your business. The bots can often uncover sensitive data that has been shared on Messenger relating to your work, business or organisation.
Have you ever sent any login credentials to a work colleague via messenger? Can you imagine what damage could be done if that information was compromised?
Well these hacks show that they have the ability to forward fake links to all of your contacts. Likewise they can copy your entire chat history to themselves.
Golden Rules Of Sending Sensitive Data
If you have to send sensitive data such as financial data or account login credentials, never send together.
Most message platforms and email servers use end-to-end encryption. But this encryption method is useless if your password is compromised.
If you have to send login details to someone, send half in an email and text the other half. Much like your new bank card and pin number arriving by post separately.
Use Different Passwords
Use different passwords for everything. Do not use the same old password for all the different things that you sign up for. If one is compromised, you could end up in real trouble.
Here is a link to an article that I wrote a while ago about picking a good password.
Video Version Of This Article
Here are some links with more information about Facebook Messenger Scams.
This article covers the type of thing that can happen once the information has been gathered by the bots.
Some further information on upping your guard & awareness with messaging scams.
Another case of a scam starting on Messenger resulting in victims losing money.