Thwarting Facebook Scammers: Use 2FA!
I wrote this on my mom’s Facebook account today:
Hi, this is Marlene’s son, Lee Sonko, writing on Marlene’s account. Someone broke into Marlene’s account a few weeks ago. If you got a friend request from “me”, please report that account as fraudulent and unfriend them!
They were amazingly sneaky. The only notice we got that something nefarious was happening was an email that Marlene’s password had changed. I’ve seen this before and the thieves plan was to let the account sit for 30 days with the new password and then lock Marlene out of her own account. A good friend of mine got completely locked out of her account forever with this scam!
Here’s what to do to make sure this doesn’t happen to you: Set up two-factor authentication for all your important apps. Just install the Authy app on your phone and then follow these instructions https://authy.com/guides/facebook/ Now you’ll need your phone when logging in with a new device. It’s not a bother and it will save you!
Also, don’t ignore odd emails from Facebook, like if they say your password has changed.
Here’s another message I was using
This is Marlene’s son, Lee writing from her account.
Recently you got a friend request ostensibly from Marlene but it isn’t her! It is someone pretending to be her! Could you please do a few things:
First, please report and unfriend that new, Bad Marlene . Go to this page: https://www.facebook.com/marlene.sonko.9 , and in the upper right corner just below “Friends and “Messege” click the “…” and click “Find support or report”. Please report this account!
Second, please make sure that all of your accounts have 2 factor authentication using an authentication app like Authy.com or Google Authenticator to secure your account! Here’s a pretty good video showing how to do this https://www.youtube.com/watch?v=vcKnAjTTXYg
My mom’s account got hacked even though we had just set up SMS-based 2-factor-authentication! It was a bother to set up the authentication app but it was WAY more of a bother to recover Marlene’s account from the bad people. Seriously.
Third, if you ever get an email from Facebook saying your password has changed, or you get locked out of Facebook for an unknown reason, don’t ignore the problem! You’ve got 30 days to undo problems or be locked out of your account FOREVER.
Sorry for such a long message. Best regards – Lee Sonko for my mom, Marlene.
PS Feel free to call my mom or me (I’m at xxx-xxx-xxxx) and verify all of this!
Here are some more details. I didn’t share all of this with all her friends on Facebook but it’s worth mentioning!
The thieves did a very elegant switch-a-roo! My mom only uses Facebook on her iphone. She reported that app had starting looking “weird”. We figured out that her login had been switched to a new, fake account! I didn’t have her phone in my hands but it was apparent that the thieves were able to log her in to the new, fake account that looked similar (maybe using the old login credentials, where they switched her legitimate account to using new credentials that we never had access to)
On this fake account, she could see her friends but not interact with them. Maybe what they did was something like this:
- hack her legit account
- create a fake account, Making friend requests to all of her Friends on her legit account
- change the phone number and password on her legit account to something else
- change the phone number and password on her fake account to her original credentials
- (her iphone app magically switches to using the fake account)