Technology
When a Facebook friend request turns into a hacker’s trap
Are you as fed up as I am with the seemingly endless number of scams flooding Facebook? You know, the ones I’m talking about — the messages that make you stop and think, “Is this for real?”
Whether you’re new to Facebook or you’ve been scrolling for years, these scams can catch anyone off guard. But don’t worry.
I’ve got your back with some great tips to keep your Facebook account (and your sanity) safe. By the time we wrap this up, you’ll be well-prepared to spot these digital fraudsters from a mile away.
GET SECURITY ALERTS, EXPERT TIPS – SIGN UP FOR KURT’S NEWSLETTER – THE CYBERGUY REPORT HERE
A real-life Facebook scam story
Before we dive in, let me share a recent email I received from Cheryl in Buna, Texas. Her experience highlights just how sneaky these scammers can be:
“I had a hacker tell me, posing as a friend, that they received another friend request from me on Facebook. The hacker then, posing as a friend, told me they had had this problem and gave me a contact number for the Facebook official who had helped them. I called the number, but the hacker had limited information about me because a red flag was raised eventually. The hacker got access to my email, which I’ve had for 20 years, and had all kinds of confidential information in it.”
Cheryl’s story is a perfect example of how these scams can unfold. Let’s break it down and learn how to protect ourselves.
SCAMMERS EXPLOIT GRIEF WITH FAKE FUNERAL STREAMING ON FACEBOOK
The cloned account ruse
Scammers frequently initiate their schemes by posing as a friend through a cloned account. They may claim that they have received a duplicate friend request from you, creating the illusion that your account has been compromised. This tactic is designed to instill a sense of urgency and panic, prompting you to act without thinking.
In Cheryl’s case, the scammer, masquerading as her friend via a cloned account, provided a phone number for a supposed “Facebook official.” This is a classic maneuver intended to gain your trust and lower your defenses. The scammer provided the phone number as part of a deceptive strategy, claiming it was for a “Facebook official” who could help resolve an alleged security issue with Cheryl’s account.
This tactic creates urgency and trust, prompting victims to act quickly without verifying the information. Cheryl called the number because she felt compelled to address what she believed was a serious issue regarding her account security. Scammers often exploit such feelings of urgency, making victims more likely to engage without proper caution. It’s crucial to remember that Facebook will never ask you to call a number for assistance with your account.
When Cheryl called the number, the scammer attempted to extract personal information from her. Fortunately, she recognized some red flags and remained cautious. However, the hacker still managed to access her email, which contained years of sensitive information. Always be vigilant when receiving unexpected friend requests or messages from friends because they may not be who they claim to be.
Double-check before accepting
When faced with such a request, follow these steps:
- Don’t accept immediately: Resist the urge to automatically approve the request, even if it appears to be from a close friend or family member.
- Contact the person directly: Reach out to your friend through a different communication channel, such as a phone call, text message, or email, to verify if they’ve actually sent you a new friend request.
- Compare profiles: If possible, compare the new profile with the existing one. Look for discrepancies in photos, information or recent activity.
- Check mutual friends: A cloned account is unlikely to have the same mutual friends as the original profile.
Potential risks
If you accept a friend request from a cloned account, the scammer may:
- Send malicious links or attachments
- Request money or personal information under false pretenses
- Exploit your trust to scam others in your network
Reporting suspicious activity
If you confirm that the request is from a cloned account:
- Report the fake profile to Facebook immediately
- Inform your friend about the cloned account
- Alert your mutual friends to be cautious of any suspicious requests or messages
CLONED ON FACEBOOK? HERE’S HOW TO TAKE BACK CONTROL
Getting back on track
Recovering compromised Facebook accounts can be a hassle. Cheryl mentioned in her email to us that it took her a while to regain access to her Facebook and email. This is often the case, as scammers may change login information or enable two-factor authentication to lock you out. However, I have a step-by-step guide on how to recover a hacked Facebook account.
Once you’ve recovered your Facebook account, I recommend that you make it private and add two-factor authentication. Here’s how you can go about that process.
HOW TO REMOVE FACEBOOK ACCESS TO YOUR PHOTOS
How to spot Facebook scams
To avoid falling victim to these scams, keep an eye out for these red flags:
1. Generic greetings in messages: Legitimate Facebook communications will address you by name. If you receive a message starting with “Dear User” or “Hello Facebook Member,” it’s likely a scam.
2. Vague claims of suspicious account activity: Scammers often use vague language about account violations or suspicious activity without providing specific details. Real Facebook notifications would include more precise information.
3. Requests for personal information via email or text: Facebook will never ask for your password or sensitive personal information through unsolicited messages. Any such request is a clear sign of a scam.
4. Demands for payment to recover an account: Facebook doesn’t charge for account recovery. If you’re asked to pay a fee to regain access to your account, it’s definitely a scam.
5. Threatening language or messages with poor grammar: Scammers often use urgent or threatening language to pressure you into action. Additionally, legitimate Facebook communications are professionally written, so poor grammar or spelling errors are red flags.
6. Links to websites not associated with Facebook: Be wary of links that don’t lead to official Facebook domains. Hover over links to check their destination before clicking, and avoid clicking on any link that seems suspicious or unfamiliar. The best way to safeguard yourself from malicious links that install malware, potentially accessing your private information, is to have strong antivirus software installed on all your devices. This protection can also alert you to phishing emails and ransomware scams, keeping your personal information and digital assets safe. Get my picks for the best 2024 antivirus protection winners for your Windows, Mac, Android & iOS devices.
WHAT IS ARTIFICIAL INTELLIGENCE (AI)?
Steps to protect yourself from social media scammers
Here are some steps you need to be aware of so that you can protect yourself from social media scammers.
Beware of friend requests from familiar faces with whom you are already connected: These requests may be from scammers who are trying to impersonate your real friends and trick you in some way. Before you accept any friend request, always check the profile and compare it with the one you already have.
Have strong passwords: Using the same password across multiple platforms will always make you more vulnerable because if one account gets hacked, they all get hacked. Consider using a password manager to generate and store complex passwords for your social media accounts. A password manager will also help you keep track of all your passwords.
Evaluate the source of the link before clicking it: If it is an unknown website or news source, be cautious. Scammers may use phishing links in DMs, emails, posts or text messages to infect your device with malware or capture your login credentials.
Install strong antivirus software: Having reliable antivirus software is crucial. If a cloned friend sends you a link, your antivirus can help prevent malware infections by scanning links and files before you click on them. This added layer of protection can alert you to potential threats, ensuring your device remains secure.
The best way to safeguard yourself from malicious links that install malware, potentially accessing your private information, is to have antivirus software installed on all your devices. This protection can also alert you to phishing emails and ransomware scams, keeping your personal information and digital assets safe. Get my picks for the best 2024 antivirus protection winners for your Windows, Mac, Android & iOS devices.
Be careful of anyone asking you for money, even if they claim to be a friend or family member: Scammers may try to impersonate someone you know to trick you into sending them money or personal information.
Closely evaluate sensational claims such as for a cure or treatment, a great prize or gift card or a job offer that sounds too good to be true. Scammers may use these tactics to lure you into giving them your personal information or paying them a fee.
Watch out for posts with poor spelling and grammatical mistakes: These may indicate that the post is not from a legitimate source.
Watch out for sparse profiles: Scammers often create sparse profiles to impersonate someone else or to lure you into giving them information. They may use a photo of a celebrity, a friend or a stranger that they found online. They may also use a name that sounds familiar or appealing. However, if you look closely at their profile, you will notice that they have no other details or activity on their social media.
Limit what you share about yourself online: Scammers may use your personal details, photos and videos to create fake social media accounts and impersonate you. Scammers can also use this information to steal your identity or access your online accounts.
Report fake social media accounts whenever you find them: if you suspect a fake account, report it to the social media platform and warn your friends about it. You can also block or unfriend people who send you suspicious messages or requests.
Remove your personal information from the internet: This is crucial because Facebook scammers often use publicly available information to make their schemes more convincing. By limiting the information available, you reduce the risk of scammers cross-referencing data from breaches with information they might find on the dark web.
While no service can guarantee the complete removal of your data from the internet, a data removal service is really a smart choice. They aren’t cheap, and neither is your privacy. These services do all the work for you by actively monitoring and systematically erasing your personal information from hundreds of websites. It’s what gives me peace of mind and has proven to be the most effective way to erase your personal data from the internet.
By limiting the information available, you reduce the risk of scammers cross-referencing data from breaches with the information they might find on the dark web, making it harder for them to target you. Check out my top picks for data removal services here.
WARNING OVER NEW FACEBOOK AND APPLE EMAIL SCAMS DUELING FOR YOUR ATTENTION
If you suspect you’re a victim of a social media scammer
If you suspect you’re a victim of a social media scammer, you need to take urgent action immediately. Here are some immediate steps to take:
Secure your account: Immediately change your password to lock potential hackers out. If you’re locked out of your account, contact Facebook’s support immediately to recover it.
Inform your contacts: Alert friends and family so they’re aware and won’t be duped by messages or requests coming from your compromised account.
Monitor account activities: Keep an eye on your active sessions, messages sent and any changes made to your account. Any unfamiliar activity should be reported and reversed.
Seek expert help: If you believe your personal information, such as financial data or other sensitive details, has been compromised, consider reaching out to cybersecurity professionals or services that can guide you on further recovery and protection steps.
Use identity theft protection: Social media scammers are constantly looking for ways to steal your personal info and use it for their own benefit. They may send you phishing emails, fake friend requests or malicious links that can compromise your online security.
Theft protection companies can monitor personal information like your home title, Social Security number, phone number and email address and alert you if it is being sold on the dark web or being used to open an account. They can also assist you in freezing your bank and credit card accounts to prevent further unauthorized use by criminals.
One of the best parts of using some services is that they might include identity theft insurance of up to $1 million to cover losses and legal fees and a white glove fraud resolution team where a U.S.-based case manager helps you recover any losses. See my tips and best picks on how to protect yourself from identity theft.
Kurt’s key takeaways
Remember, Facebook and other legitimate organizations will never ask for your password or personal information through unsolicited messages. If you’re ever in doubt, contact Facebook directly through its official help center. By staying informed and skeptical, you can keep your Facebook experience fun and scam-free. Always verify before you trust, use official channels for support and keep your personal info under wraps.
What experiences have you had with Facebook scams, and how did you handle them? Let us know by writing us at Cyberguy.com/Contact
For more of my tech tips and security alerts, subscribe to my free CyberGuy Report Newsletter by heading to Cyberguy.com/Newsletter
Ask Kurt a question or let us know what stories you’d like us to cover
Follow Kurt on his social channels
Answers to the most asked CyberGuy questions:
New from Kurt:
Copyright 2024 CyberGuy.com. All rights reserved.
Technology
Google to court: we’ll change our Apple deal, but please let us keep Chrome
A court found Google liable for unlawfully monopolizing online search, and its remedies are supposed to reset the market, letting rivals fairly compete. Google (obviously) disagrees that it’s running a monopoly, but before it can appeal that underlying conclusion, it’s trying to limit the fallout if it loses.
Google’s justification is that search deals were at the heart of the case, so they’re what a court should target. Under the proposal, Google couldn’t enter deals with Android phone manufacturers that require adding mobile search in exchange for access to other Google apps. It couldn’t require phone makers to exclude rival search engines or third-party browsers. Browser companies like Mozilla would be given more flexibility in setting rival search engines as defaults.
Perhaps the biggest concession is that this agreement would specifically end Google’s long-running multibillion-dollar search deal with Apple. It would bar Google from entering agreements that make Google Search the default engine on any “proprietary Apple feature or functionality, including Siri and Spotlight” in the US — unless the deal lets Apple choose a different default search engine on its browser annually and “expressly permits” it to promote other search engines.
And in a nod to some DOJ concerns about Google locking out rival AI-powered search tools and chatbots, Google proposes it should be disallowed from requiring phone makers to add its Gemini Assistant mobile app in order to access other Google offerings.
The government has proposed ten years of restrictions, but Google’s counterproposal is only three — it argues nothing more is necessary because “the pace of innovation in search has been extraordinary” and regulating a “fast-changing industry” like search would slow innovation.
If the court accepts Google’s streamlined proposal over the DOJ’s, the company could lose out on some lucrative or strategically advantageous deals, but its business would remain intact. It wouldn’t have to spin out its Chrome browser or have the threat of an Android divestment order hanging over it. And it wouldn’t need to share many of the underlying signals that help it figure out how to serve useful search results, so that rivals could catch up and serve as a true competitive pressure, as the DOJ hopes.
Both Google and the DOJ’s proposals are essentially starting points from which the judge can work. But Google is betting it could have an easier time selling a simple proposal that addresses a major, specific problem raised in the trial. It’s positioning the government’s proposals as extreme and reaching beyond the scope of the judge’s earlier decision, perhaps — Google will likely tell the court — even in a way that could get overturned on appeal.
This hasn’t been received well by at least one of Google’s rivals, the search engine company DuckDuckGo. “Google’s proposal attempts to maintain the status quo and change as little as possible,” spokesperson Kamyl Bazbaz said in a statement. Both sides will argue their case in a federal court in Washington, DC beginning on April 22.
Technology
More than 910,000 patients at risk after ConnectOnCall health data breach
Data breaches are becoming an alarming trend, and health care incidents stand out for their potentially lifelong consequences. I just reported how a data breach at a physician-led vein center exposed almost half a million people’s data to hackers. And now, another health care data breach has come to light and this one affects even more people. The data breach exposes sensitive personal and medical information belonging to over 910,000 patients through ConnectOnCall, a telehealth platform and after-hours call service owned by Phreesia.
GET SECURITY ALERTS, EXPERT TIPS – SIGN UP FOR KURT’S NEWSLETTER – THE CYBERGUY REPORT HERE
What you need to know
Health care software provider Phreesia has revealed that its ConnectOnCall service was hit by a data breach that lasted from Feb. 16 to May 12, 2024. During this time, an unknown hacker gained access to the platform and pulled data from provider-patient communications. ConnectOnCall helps health care providers handle after-hours communication and automate patient call tracking.
Phreesia, which bought ConnectOnCall in October 2023, discovered the breach on May 12 and says it jumped into action right away. The company brought in external cybersecurity pros to lock down the platform and reported the breach to federal law enforcement.
“On May 12, 2024, ConnectOnCall learned of an issue impacting ConnectOnCall and immediately began an investigation and took steps to secure the product and ensure the overall security of its environment,” the company revealed in a press release.
According to a report filed with the U.S. Department of Health and Human Services, the breach impacted 914,138 patients (via Bleeping Computer). The stolen data includes names, phone numbers, medical record numbers, dates of birth and details about health conditions, treatments or prescriptions. In a few cases, Social Security numbers were also compromised.
Phreesia claims its other services, like the patient intake platform, were not affected. The company has since taken ConnectOnCall offline and is working on bringing it back in a more secure setup.
We reached out to ConnectOnCall for a comment but did not hear back by our deadline.
UNDERSTANDING BRUSHING SCAMS AND HOW TO PROTECT YOURSELF
The risks associated with the ConnectOnCall data breach
The impact of this breach is significant due to the sensitive nature of health care data. Unlike financial breaches, where compromised accounts can be frozen or replaced, health information is permanent and highly sought after on the dark web. Cybercriminals may exploit this data to commit identity theft, including obtaining prescription drugs fraudulently or filing false insurance claims.
Plus, the detailed health information exposed – such as diagnoses, treatments and medications – can be used for targeted phishing attacks. Scammers could exploit victims’ medical histories to create highly convincing schemes, increasing the likelihood of success.
Phreesia has mailed notification letters to all affected individuals for whom health care providers had valid mailing addresses as of Dec. 11, 2024. For those whose Social Security numbers were exposed, the company is offering identity and credit monitoring services.
CYBER SCAMMERS USE AI TO MANIPULATE GOOGLE SEARCH RESULTS
7 ways to keep yourself safe from such data breaches
1) Regularly monitor your financial and medical accounts: Periodically review your medical records and health insurance statements for any unusual or unauthorized activity. This can help you quickly identify and address any discrepancies or fraudulent activities.
Use patient portals provided by health care providers to access your medical records online. These portals often have features that allow you to track your medical history and appointments.
2) Use strong passwords and two-factor authentication (2FA): Create strong, unique passwords for your online accounts, including health care portals. Avoid using easily guessable information like birthdays or common words. Consider using a password manager to generate and store complex passwords.
3) Enable two-factor authentication wherever possible: 2FA adds an extra layer of security by requiring a second form of verification, such as a text message code or authentication app, in addition to your password.
4) Don’t fall for phishing scams; use strong antivirus software: Be mindful of the information you share online and with whom you share it. Avoid providing sensitive personal information, such as Social Security numbers or medical details, unless absolutely necessary. Verify the legitimacy of any requests for personal information. Scammers often pose as health care providers or insurance companies to trick you into revealing sensitive data by asking you to click on links in emails or messages.
The best way to safeguard yourself from malicious links is to have antivirus software installed on all your devices. This protection can also alert you to phishing emails and ransomware scams, keeping your personal information and digital assets safe. Get my picks for the best 2024 antivirus protection winners for your Windows, Mac, Android and iOS devices.
5) Use identity theft protection services: Consider enrolling in identity theft protection services that monitor your personal information and alert you to potential threats. These services can help you detect and respond to identity theft more quickly. Some identity theft protection services also offer insurance and assistance with recovering from identity theft, providing additional peace of mind. See my tips and best picks on how to protect yourself from identity theft.
6) Freeze your credit: A credit freeze prevents anyone from opening new credit accounts in your name without your authorization, reducing the risk of identity theft. Contact the major credit bureaus (Experian, Equifax and TransUnion) to request a credit freeze. This is often free and can be temporarily lifted when you need to apply for credit.
7) Remove your personal data from the internet: After being part of a data breach, it’s crucial to minimize your online presence to reduce the risk of future scams. Consider using a personal data removal service that can help you delete your information from various websites and data brokers. This can greatly diminish the chances of your data being used maliciously. Check out my top picks for data removal services here.
DON’T LET SNOOPS NEARBY LISTEN TO YOUR VOICEMAIL WITH THIS QUICK TIP
Kurt’s key takeaway
The ConnectOnCall health data breach highlights the critical need for robust cybersecurity measures within the health care sector, where the stakes are often much higher than in other industries. With over 910,000 patients affected, this incident shows the serious risks posed by cyberattacks on health care platforms. Sensitive data like medical records and Social Security numbers are permanent and can be misused for identity theft and fraud. If you were impacted, stay vigilant by monitoring your accounts, enabling fraud alerts and considering identity theft protection services.
Do you think health care providers should face stricter regulations for protecting sensitive patient information? Let us know by writing us at Cyberguy.com/Contact.
For more of my tech tips and security alerts, subscribe to my free CyberGuy Report Newsletter by heading to Cyberguy.com/Newsletter.
Ask Kurt a question or let us know what stories you’d like us to cover.
Follow Kurt on his social channels:
Answers to the most asked CyberGuy questions: New from Kurt:
Copyright 2024 CyberGuy.com. All rights reserved.
Technology
X raises Premium Plus subscription pricing by almost 40 percent
X has substantially raised the price of its top-tier user subscription in multiple regions to help bolster the platform’s creator payouts. The increase for Premium Plus came into effect on December 21st according to X, raising prices in the US from $16 per month to $22, or from $168 to $229 for annual subscriptions.
Many European countries like France, Germany, and Spain are impacted by a similar increase, taking monthly prices from €16 to €21. Monthly subscribers in Canada (currently paying $20), Australia ($26) and the UK (£16) will also see pricing increased to $26, $35, and £17 respectively. The higher pricing is immediately applicable to new subscribers, with existing users grandfathered into their current rates until January 20th. X’s basic subscription tier remains unaffected.
The pricing changes for US subscribers are the highest increase introduced since Elon Musk purchased the social media platform in 2022. X gave several reasons to justify the price hike, citing that Premium Plus is now completely ad-free — which it described as a “significant enhancement” to the current user experience.
X also references changes made to the X revenue sharing program in October, saying that subscriptions “now more directly fuels” creator payouts to “reward content quality and engagement rather than ad views alone.” Premium Plus subscribers will additionally receive priority user support, access to additional features like X’s Radar trend monitoring tool, and higher limits on the platform’s Grok AI models.
-
Technology1 week ago
OpenAI cofounder Ilya Sutskever says the way AI is built is about to change
-
Politics1 week ago
U.S. Supreme Court will decide if oil industry may sue to block California's zero-emissions goal
-
Business1 week ago
Freddie Freeman's World Series walk-off grand slam baseball sells at auction for $1.56 million
-
Technology1 week ago
Meta’s Instagram boss: who posted something matters more in the AI age
-
News1 week ago
East’s wintry mix could make travel dicey. And yes, that was a tornado in Calif.
-
Technology3 days ago
Google’s counteroffer to the government trying to break it up is unbundling Android apps
-
Politics4 days ago
Illegal immigrant sexually abused child in the U.S. after being removed from the country five times
-
News4 days ago
Novo Nordisk shares tumble as weight-loss drug trial data disappoints