I’ll be the first to tell you that Facebook is NOT intuitive to me. It seems like every time I log in (not that often) the interface is different and finding what I need is difficult. So, like a million others, I pretty much left the settings alone, accepting the defaults that FB sets. It never occurred to me that I was leaving my account wide open to abuse.
Here is what I think happened.
Basically the imposter copied my account by creating a new account using my name and a photo copied from my FB photos. Then – he / she / it? copied all of my friends addresses (easy to do if they are public), and started asking them to “friend” him. Then he proceeded to spam them trying to get them to click on bogus links, hoping that people wouldn’t notice that I don’t usually send out messages like “I just won (something amazing) and you can too! - click here”. I didn’t figure this out on my own. First, my friends alerted me about what was going on and then helped me figure out what to do.
Apparently this sort of thing is fairly common, so I thought I would share what I learned. If this is as new for you as it was for me, my experience might help protect you and your friends.
You start by checking your settings (right now, on my screen it is under the drop down arrow on the right side of the top menu or toolbar).
First, if you think someone has your login info, change your password immediately (it’s in the general settings and right in front of you when you open the setting menu).
The security settings are a great help if someone is actually using your account. Take a look at them and change them as needed.
Also check the apps settings. The impostor might be a program and not a person, so make sure that there are no unfamiliar apps. You can delete apps by clicking on the “x” to the right and get information about activity by clicking on the app name.
Finally, you should also check your activity log, to make sure that the invader has not made changes to your account.
Now, this is all great stuff and important to take care of, but it only applies if someone is actually using your account. In my case it was more like an email spoof where my account info was copied and then used to try to trick others.
So how do you protect your friends? I found the answer here: How Can I Hide My Friends List In Facebook. Basically you open your list of friends, select manage and then set the privacy level. I also turned off the sidebar on the right that shows friends activity.
To see what your page looks like to someone browsing FB, go back to settings and select Timeline and Tagging and then “View As” in the Who can see things on my timeline? option. I found this tidbit in a really excellent article about securing FB accounts here: Secure your Facebook account in six easy steps.
Now I’m trying to figure out how to backup my FB account. I especially don’t want to lose the information on the Kosrae Village page, that timeline goes back 20 years and has scanned photos from the early construction days. We all looked a lot younger then. 
Are there other things I should do to protect my account? Do you know of any backup solutions for Facebook?
Be safe!
Katrina
2 Responses to Lessons Learned or I got Hacked!