Oh boy was yesterday afternoon fun. I made a pretty big and stupid mistake because I was distracted and paid for it for a couple of hours.
Yesterday, I fell for a Facebook phishing scam. And I thought I knew better. But, as usually happens with excessive pride, it got smashed into the dust. Obviously, I don’t know better and even those of us who are more tech savvy can get taken.
What was most intriguing/annoying was the display of reactions that I got from this … interesting study in psychology actually. But, first, I should step back and explain what happened.
What Happened
Yesterday a Facebook phishing scam occurred where an email was sent from a facebook friend with a link in it. The link took you to a site that looked just like facebook and asked for you to login.
I received one of these emails and clicked the link. I was at work (2 more days to go) and right after I clicked the link my employer asked me to come into his office and help him with Windows Media Player or something. I was in his office for awhile and then went back to my desk.
I then stupidly thought I had been logged out of facebook and logged in. But this wasn’t facebook, it was the phishing site. Once I did that almost all of my facebook friends received the same email with the phishing link which appeared to be from me.
I didn’t immediately realize what had happened but all of a sudden I started getting a flurry of emails from facebook (my facebook messages are sent to me in emails). As soon as I opened the first email, I realized what had happened and quickly changed my password and security question.
But the phishing emails had already gone out, people were sending me messages, writing on my wall, and things got a little out of control.
And since this is my last week at work and I have a ton of work to do I really didn’t have time to deal with it. One could argue then I don’t have time to be using facebook at work in the first place. That’s a valid point but I consider it to be a quick diversionary break.
Reactions
One person wrote on my wall saying – “you’re spamming my facebook page – been hacked” – that is not exact quote because the wall post was later deleted but is close enough. I found that accusatory and probably should have been sent privately. I stated that publicly ;-) Others were more helpful – “it looks like your account has been hacked, change your password”.
About 20% of my friends sent me a facebook message asking what the link was about. While the number of them was annoying to deal with I felt like they trusted me and even though it looked like spam were giving me the benefit of the doubt and that is why there were asking me about it.
3 or 4 people responded with a “hi, how’s it going message”. Those were very strange – I send a bizarro link and you start talking about brewing blueberry ale. Huh?
And then there were the majority who knew it was a phishing scam and knew I never would have sent something like that. They quietly and politely deleted the message and went on with their day. Thanks to those of you by the way.
I though that I should warn my facebook friend what had happened but didn’t want to send the message through facebook – “oh great. another bogus link from Kim” ;-) So, I emailed people from my email account. I had about 40% of the email addresses and decided to leave it at that. I got more messages back but they were all friendly. “Thanks for the warning.” “Oh shit, how did that happen?” “I knew that couldn’t have been from you”.
Almost Finished
As I mentioned I was intrigued by the variety of reactions and how they were related to personality or at least online scam experience. My reaction was panicky too – probably mostly because I didn’t want to look like a dumbass ;-) But people reacted with hostility, (or at least that was my interpretation) confusion, disinterest, and as a chance to reconnect. And most of all curiosity – isn’t that what got me to click on the link in the first place?
So, my extreme distraction and lack of multi-tasking skills are the primary cause of this. As well as just plain stupidity. But be cautious online, watch what your doing and change your password frequently.
photo credit: tarotastic
See how much we trust you ;-)
I have to admit that I hardly give Facebook any notice at all. I login every once in a while and click on stuff. If it’s interesting, great. If not, I move on.
Because you’re sending me your nice blog readers I’ll forgive you. Have a great second last day (I think?)
Dave´s last blog post – Thesis revisited
Hi Dave,
Well, I am trustworthy ;-) I like Facebook more than I used to – it’s a really good way to stay in touch with some people. But I rarely send a message through it and when I do it’s usually to one of my relatives.
Most of the readers here are awesome – just don’t steal them permanently.
Well i was among the silent ones. I got the email about your message so i tried to visit the link. Facebook although had already blocked the site. Plus i was biased to begin with since i know you wouldn’t contact me through facebook anyways (that’s what we have twitter for :P ). As soon as i realized what happened i thought you caught some kind of trojan and i was like “oh-oh poor Kim. Busy day ahead!”. Good it was just fishing… Anyways as we always say “Check the address before entering login credentials” but i recon i would have fallen for it if i returned and found it opened on my screen…
stratosg´s last blog post – Interview with Madhur Kapoor
Hi Stratos – The site got blocked really fast. By the time a lot of people got the spam email from me it was blocked and they said, hey I can’t access that link you sent me.
I’m glad you were quiet – I was afraid about getting a Stratos security lecture ;-)
I should have known better but I was doing too many things at the same time yesterday.
Well it happens… No worries… Just make sure you check out next time ;)
stratosg´s last blog post – Interview with Madhur Kapoor
There really not be a next time ;-)
Hilariously enough when I went to click the link Facebook already had banned it or something as a dangerous link so then I googled to see what was up.
But yeah.. it’s like “oh phishing” and I deleted it.
Funnily enough something happened to me on Myspace, though I hadn’t used it or put my password in any site for ages and ages.. but it sent out a message to all my myspace friends.. One friend responded with “hey what’s up join this site: (Why Drink Alone).” I joined and started hanging out with a lot of people I met through the site. Phishing could be fun for the victimt oo!
ChrissMari´s last blog post – Studying
Hi ChrissMari – That’s funny about the myspace one – ended up being a good thing.
A lot of people ignored it because they knew it wasn’t me sending it.
I didn’t get the message. :`-(
If anything you telling me about it prompted me to get off my butt and change some of my passwords that I hadn’t in a long time. Irrational I know since I didn’t click any of the links.
And it would take a lot more than this for people to think you’re a dumbass.
Hi Jim – That’s bizarre that you didn’t get it – I am in contact with you probably more than anyone. Try not to feel too left out ;-)
You are just biased – you don’t think I’m a dumbass because I rule at tech support – lol ;-)
Oh no! Good thing I was too busy to get your message yesterday.
About the accusatory message on the wall, I don’t know why people do that. I got sick of people writing “HEEEEELLLLLLPPPPP Site doesn’t work!!!!!!!!!” on my wall (and it turning out to be they forgot their password or something) that I stopped letting people write on my wall. People don’t seem to understand discretion these days.
These things happen even to the smartest people! Thanks for posting about it and warning us all.
Tracy´s last blog post – Five Things I’m Addicted To
Hi Tracy – I kind of wish now that the conversation hadn’t been removed.
My brother does it a lot – I’ll send him a message asking why him and his girlfriend broke up and he’ll write on my wall saying because she said “he’s an a**hole”. Please don’t write things like on my wall. lol
I am sorry that this happened…it was obviously a pain in the neck, but it could have happened to any of us who live online. The scammers wait for a moment of vulnerability…just like sharks!
On the other hand, what happened seems to have done some good…people are changing their passwords and paying attention to what comes to them on Facebook.
That’s how I see this post. I appreciate it because you brought something important to my attention and I will be more careful on Facebook! Thanks:~)
Sara´s last blog post – Where’s Waldo? Where’s Sara?
Hi Sara – Thanks! It was a hassle but at least it was only FB. And I guess the plus side is people will be more vigilant about security.
I too was one of the quiet deleters :) If I remember correctly, the phishing scam meant it look like a facebook-affiliated site dedicated to a philanthropic or otherwise good cause! Luckily I knew facebook wasn’t THAT concerned about the state of the world :P
Siel´s last blog post – Clicklist: I “love” earth
Hi Siel – LOL – No, I don’t think FB really does care.
Interesting! I guess it’s a lot about exposure to this type of thing, because as I told you yesterday, the moment I saw that message, I knew it was a scam and that you had nothing to do with it.
Vered – MomGrind´s last blog post – If You Want To Sell Something To Women, You’d Better Make It Pink
Hi Vered – I didn’t mind people asking me what it was about but some of the reactions were a little extreme.
I also received replies that made no sense so I’m wondering if FB has auto-responders or if people have set that up through their email.
Thanks for the heads up about this a couple days ago. I usually know a scam when I see one, but I can see where you’re guard could be let down.
My business AMEX account was recently hacked online and in addition to a few thousand dollars going on, the email address on the account was changed too.
The card is always on my person, so the fraud was computer related. Scary.
carla´s last blog post – Organic Baby & Toddler Clothes – My Little Snuggle Bug
Hi Carla – I hope that AMEX issue got resolved. Now if someone is going to be an evil hacker / phisher it makes more sense to me that they do it for credit cards or bank information. What use is facebook or twitter logins really? Other than being a big nuisance.
I saw the link and ignored it. It felt like spam and this has been happening a lot on yahoo messenger lately too, so my first reaction was this must be some type of spam.
Manshu´s last blog post – US 2009 Q1 GDP Numbers
Hi Manshu – I think most people ignored it. Plus I don’t really contact people through facebook – well, except for some of my relatives.
Blueberry Ale seems like something I really don’t wish to try…
Dennis Edell´s last blog post – Who Wants To Sponsor April’s Comment Contest!
Hi Dennis – LOL – I wish I had a prize to give away – I was SO hoping someone would mention the blueberry ale ;-)
LOL glad you liked it. I usually get raked with a comment like, “that WHOLE post and THAT’S what you focus on?!” LOL
If you do wish to sponsor, shoot me an email, I’m sure we can come up with something. ;)
Dennis Edell´s last blog post – Who Wants To Sponsor May’s Comment Contest!
Dennis – Sorry – I meant a prize for mentioning blueberry ale, not
the comment contest …
Oh my bad. Then I’m SURE we can think of something. LOL
Dennis Edell´s last blog post – May Top Commenter Contest Begins – April Winners Announced!
An honest mistake, and one any of us could make when we’re busy and distracted. Thank you for giving us the details; we all know you to be very technically savvy, and the fact that the phishing scam happened to you is a cautionary tale we need to listen to.
It’s disappointing when people react to such an event in a hostile or hateful manner. It shows a lack of humility and empathy. Perhaps your disappointment in these people is outweighed by the gracious behavior of most of your FaceBook friends.
Hi Mike – Thank you! You always say the nicest things :-)
Most people were awesome and knew I wouldn’t send something like that. The rest were confused and only one really irked me.
It was a message to me as well – slow down :-)
I read about it on Google trends.
Paulubiadas´s last blog post – Make money online from forum posting
Hi – I wish I had read about it *before* it happened to me. ;-)
Always be cautious when using facebook or any services that contain your personal info :-)
I blogged about another version called Kromked yesterday too here.
Really I think during this swine flu season many are also having weird ideas. There were 3 domains in total who were concerned with these phishing stuff yesterday. One that Tech crunch mentioned included.
I got some friends who also clicked on the facebook links yesterday. Anyway we make mistake to learn :-)
Hi Kurt – Kromked is a funny “word”.
I don’t understand the connection between swine flu and weird ideas … isn’t it just a coincidence?
I think it is something that could happen to the best of us, especially if the link is from someone who sends us a variety of links, or ones that are always cloaked with the URL shorteners. I’ve been hacked on Myspace before, and yes, some people will get pissy about it, but the people who are really your friends will understand and move on, because it’s just the day and age where things like that will happen. Thanks for sharing your experience for all of those who do feel really miserable when that sort of thing happens.
~ Kristi
Kikolani´s last blog post – Vacation Proofing Blogs and Social Networks
Hi Kristi – Thanks for letting me know that something similar happened to you on myspace and that reactions were similar. Moving on is really the best thing to do.
Man, why didn’t I get that email? It would have been perfect to put on my Load Of BS site. I must say that I very rarely click on an email link unless I am sure of it’s origin, and I never log onto a site unless I typed in the url to get there.
Sire´s last blog post – Using Comments To Double Your Exposure
I know it seems silly that I am replying to myself but it just goes to show what a complete moron I am. It wasn’t half an hour after writing this comment that I discovered I actually did get a scam FaceBook email and I did write a post on it called Beware Facebook Forgery Site Email Scam way back in the end of March. What is worrying is that I forgot all about it. Alzheimer perhaps?
Sire´s last blog post – The 10 Stages Of A Twitterer
Hi Sire – I think that’s a similar but different one. Apparently these things happen all the time.
No worries on the memory issue – I’ll ask my kid something and then 2 minutes later ask her the same exact question. ;-)
Yeah, but that’s probably because he or she didn’t respond the first time.
Sire´s last blog post – Using Comments To Double Your Exposure
No, she did :-) And the second time she says, “Mommy you *just* asked me that.”
OK Kim, I reckon I feel a little better now :D
Sire´s last blog post – There Are Consequences To Being An Ass
It can happen sometimes. When i received the link from you and opened it, i knew it was a phishing site as it was too similar to facebook, thats why i decided to message you.
Hi Madhur – I should have added that to the article – being contacted via twitter. You were the only one who contacted me that way ;-) And privately, which was awesome.
The bottom line is never click a link unless in the website the supposed link represents. We’ve done a lot of work in eBay and eBay is notorious for phishing scams. We have learned to login to eBay to make sure the link is legitimate!
Colleen´s last blog post – Lease to Own Houses
Hi Colleen – Ebay and paypal seem to have a lot of problems. Those types of scams make more sense to me because there is financial information involved – facebook and twitter, not so much.
spoof@ebay.com
spoof@paypal.com
Two valuable email addresses. ANY suspicious emails from either should be forwarded to the respective address…you will get replies.
Dennis Edell´s last blog post – Article Marketing Made Easy
Hi Dennis – Yep – I’ve contacted paypal before at that address. I got an email one time that spam didn’t catch and they did a really good job – it looked valid. And paypal responded quickly.
I’m glad you sent out that email and alerted your readers about this scam. i had an email with that link from “you” when i got home. i was able to delete it w/o my account being compromised.
i really don’t know why people waste their time doing evil and stupid stuff like this.
Natural´s last blog post – Mirror, Mirror on the Blog….
Hi Valerie – At first I didn’t want to send the email because I was thinking the last thing people wanted was another message from me but it seemed like the responsible thing to do.
I agree – the people who do these things are obviously clever – why not use those skills for good?
I have experienced exact the same thing two days back but from windows live messenger, I got messages from 4 of my friends all showing a web link which asks me to log into my hotmail account I just ignored them. But for last two days I have been thinking how did it happened . Do you think all those accounts are hacked ?
Hi – I suppose all four of them could have clicked on the same link and sent you the message. Or maybe one of them was hacked and it sent the message to each person in their contact lists … that only really makes sense if all four of them know each other though.
I heard about the latest phishing attempts but never experienced it… probably because I am not very active on facebook :)
Ajith Edassery´s last blog post – Blog Scraping – How to deal with it?
Hi Ajith – We must not be friends on facebook because you would have received the email from me ;-) That was not a fun day.