On July 2nd, 2011 I encountered my first (known) online identity theft. Someone successfully hacked into my Facebook account using a Mountainview, CA IP address and proceeded to impersonate me using my Facebook messaging and posting to Facebook friend's walls. They also setup a fake Yahoo email account using my name in the email address and solicited Facebook friends whose email addresses were available from their Facebook profile.
The solicitation emails claimed that I was injured in a car accident while attending a conference on climate change in London, my cell phone was lost in the accident and I needed money for hospital bills and airfare to return home.
Fortunately no one that I know of fell for the scam, however one person did engage in a conversation using Facebook messaging in an approach towards responding out of concern for me. Some Facebook friends saw it immediately for what it was and responded very firmly telling the hacker to get lost, knowing that I would never send an email solicitation like that.
Facebook security locked my account within 1 hour of the occurrence and required that I use their security system to verify my ownership of the account before I could get control back.
Here are 7 lessons I learned that you might find helpful:
- If this ever happens to you, immediately change the password to any email account that you have associated with your Facebook account. Hackers usually gain access to your email first and then move on to your Facebook account.
- Verify that your forwarding rules have not been changed in your email account. Hackers who gain control often change the forwarding rules so that they can access your incoming emails.
- Setup and adhere to a regular schedule for changing your on-line passwords.
- Use alphanumeric passwords whenever possible.
- Use different passwords for email accounts and social networking sites.
- Be wary of 3rd party applications that connect to your Facebook or other social networking accounts in order to share information on your wall. Some of these applications may in fact disclose your password to cyber criminals.
- Hide your email address(es) on your Facebook information tab. Hackers who gain entry to your Facebook Friend's accounts will be able to harvest your email address to use in their cyber criminal efforts.