Hacked by Facebook spam: Changing your password is not enough

Time for a public service announcement. Seems like this comes up about once a month, so I'm putting it here on BatesLine, so that I can easily "refer the honourable gentleman to the answer I gave some moments ago."

Yet another rash of Facebook spam should serve as a reminder to clean up any suspicious Facebook apps, games, quizzes that you may have authorized to access your account.

When you take a quiz or play a game on Facebook, you give the application permission to do things as you on Facebook.

A seemingly benign app may be hijacked later to post spammy wall messages or comments AS YOU. A Facebook app DOES NOT HAVE your password and DOES NOT NEED your password to do all this, so changing your password will not stop it.

Many rogue apps are designed to exploit your curiosity. You see a post on a friend's wall:

• Find out who's been looking at your account!
• I can't believe you're in this video!
• ZOMG! LOL! You have to watch this!
• Famous Corporation is having a special promotion. Click this link to sign up.

When you click the accompanying link, you're asked to grant the app permission to access your account, your friends' list, your wall, your Facebook email, and many people click yes without thinking.

At this point, you've given the app the master key to your Facebook account.

So you've fallen victim to Facebook spam -- how to clean up the mess and protect your friends from a similar trap?

How to clean up Facebook spam

You need to go to the application settings section of your Facebook privacy settings. There are two ways to get there, as of August 1, 2011. (The next Facebook redesign may change everything.)

Here's the long way: Click "Account" in the top right of the Facebook page, then, from the drop-down menu, click "Privacy Settings," then on the lower left of the Privacy Settings page, click the "Edit your settings" link under "Apps and Websites." On the Apps, Games, and Websites page, click the first Edit Settings button, on the same row as "Apps You Use."

Here's the short way: This link will take you directly to your Facebook application settings.

Once there, remove (click the X on the right) any applications that look suspicious or that you no longer need. For the apps you decide to keep, you can edit settings for that app to limit what it can do in your name. Clicking the Edit link will also show you what the app has recently done with the access you've granted it.

If you get rid of a spammy app, be sure to clean up the spam it left on your wall as soon as possible, lest your friends get taken in by it as well.

MORE: Mashable has a detailed discussion of how to avoid and prevent Facebook spam and what to do when you've been hit. Key points:

A few things to keep in mind about these types of spam app attacks:

• Beware of short links that accompany text on your wall from people who don't normally post links.
• Investigate or research any app that seems too good to be true before agreeing to install it.
• Pay attention to what apps you authorize to post to your wall.

You don't need to use URL shorteners like bit.ly, ow.ly, or goo.gl on Facebook, so a shortened link attached to a wall post should be regarded as suspicious.

RELATED: You can change your Facebook settings to use secure mode. This encrypts the messages between your browser and the Facebook server. Go to Account Settings, select Account Security and check the Secure Browsing option. This link will take you straight to the Secure Browsing setting.

Funny because it's so near reality: The IT Crowd spoof ad for "Friendface"