Hacked by Facebook spam: Changing your password is not enough

| | Comments (3) | TrackBacks (0)

Time for a public service announcement. Seems like this comes up about once a month, so I'm putting it here on BatesLine, so that I can easily "refer the honourable gentleman to the answer I gave some moments ago."

Yet another rash of Facebook spam should serve as a reminder to clean up any suspicious Facebook apps, games, quizzes that you may have authorized to access your account.

When you take a quiz or play a game on Facebook, you give the application permission to do things as you on Facebook.

A seemingly benign app may be hijacked later to post spammy wall messages or comments AS YOU. A Facebook app DOES NOT HAVE your password and DOES NOT NEED your password to do all this, so changing your password will not stop it.

Many rogue apps are designed to exploit your curiosity. You see a post on a friend's wall:

  • Find out who's been looking at your account!
  • I can't believe you're in this video!
  • ZOMG! LOL! You have to watch this!
  • Famous Corporation is having a special promotion. Click this link to sign up.

When you click the accompanying link, you're asked to grant the app permission to access your account, your friends' list, your wall, your Facebook email, and many people click yes without thinking.

At this point, you've given the app the master key to your Facebook account.

So you've fallen victim to Facebook spam -- how to clean up the mess and protect your friends from a similar trap?

How to clean up Facebook spam

You need to go to the application settings section of your Facebook privacy settings. There are two ways to get there, as of August 1, 2011. (The next Facebook redesign may change everything.)

Here's the long way: Click "Account" in the top right of the Facebook page, then, from the drop-down menu, click "Privacy Settings," then on the lower left of the Privacy Settings page, click the "Edit your settings" link under "Apps and Websites." On the Apps, Games, and Websites page, click the first Edit Settings button, on the same row as "Apps You Use."

Here's the short way: This link will take you directly to your Facebook application settings.

Once there, remove (click the X on the right) any applications that look suspicious or that you no longer need. For the apps you decide to keep, you can edit settings for that app to limit what it can do in your name. Clicking the Edit link will also show you what the app has recently done with the access you've granted it.

If you get rid of a spammy app, be sure to clean up the spam it left on your wall as soon as possible, lest your friends get taken in by it as well.

MORE: Mashable has a detailed discussion of how to avoid and prevent Facebook spam and what to do when you've been hit. Key points:

A few things to keep in mind about these types of spam app attacks:
  • Beware of short links that accompany text on your wall from people who don't normally post links.
  • Investigate or research any app that seems too good to be true before agreeing to install it.
  • Pay attention to what apps you authorize to post to your wall.

You don't need to use URL shorteners like bit.ly, ow.ly, or goo.gl on Facebook, so a shortened link attached to a wall post should be regarded as suspicious.

RELATED: You can change your Facebook settings to use secure mode. This encrypts the messages between your browser and the Facebook server. Go to Account Settings, select Account Security and check the Secure Browsing option. This link will take you straight to the Secure Browsing setting.

Funny because it's so near reality: The IT Crowd spoof ad for "Friendface"

0 TrackBacks

Listed below are links to blogs that reference this entry: Hacked by Facebook spam: Changing your password is not enough.

TrackBack URL for this entry: http://www.batesline.com/cgi-bin/mt/mt-tb.cgi/6069

3 Comments

This is also frustrating for those of us who've written legitimate apps which people won't trust because of all the spammers. I expected my Virtual 911 Memorial FB app would take off considering the 10th anniversary is approaching, but months after launching it it barely has a dozen users.

Of course, the sure-fire way to not get app-spam is to not have a Facebook account.

This was one of the earliest reasons I left Facebook. I don't want to have to concentrate like I'm studying for a trig test to figure out if something is spam or legit.

But, of course, Facebook is a way millions of people connect, so the public service is welcome. I've sent this to my mom. :)

Ginger Shepherd said:

Mike-
Thanks for the info and the tips. Didn't know about the secure browsing setting and I really appreciate that tip!
g

About this Entry

This page contains a single entry by Michael Bates published on August 1, 2011 10:33 PM.

Sullivan on Boehner Plan plus Balanced Budget Amendment was the previous entry in this blog.

Council-suer, SOT member announce picks for City Council (UPDATED) is the next entry in this blog.

Find recent content on the main index or look in the archives to find all content.

Contact

Feeds

Subscribe to feed Subscribe to this blog's feed:
Atom
RSS
[What is this?]