Facebook spam hit thousands Wed night with “Verify My Account” post. How to set your FB as secure
Last night, Wed. May 11, 2011, I was just about to go to bed and doing one last peek at Facebook, when I saw someone posted on my wall. I take a look, and immediately knew it was spam – and that my friend did not send this. We’ve all seen these posts come through many times, I’m sure.
However, this one was different… suddenly, within a matters of seconds, there were over a hundred of this same posting on my wall coming from various friends posting to everyone in their friend list. Since most of my friends are a large local circle, many of us have anywhere from 20 to 100+ common friends amongst us. Therefore when a friend posted to another common friend, it showed on my wall. Within one refresh of my screen, my wall was entirely full of these posts.
The posting stated: “In order to PREVENT SPAM, I ask that you VERIFY YOUR ACCOUNT. Click VERIFY MY ACCOUNT right next to comment below to start the process…”
When the recipient clicks on the ==VERIFY MY ACCOUNT==, they were NOT verifying their account, they went to javascript which then would post this same message on EVERYONE’S wall in their friend list.
I watched in utter amazement last night watching these posts fill my wall and spread faster than the Swine Flu did last year.
This appears to be phishing which is a way of attempting to acquire sensitive information such as usernames, passwords and credit card details by masquerading as a trustworthy entity in an electronic communication. By clicking the the “verify your account”, the sender was then able to acquire your user information, including your password.
Now, I spent a few hours last night stepping my friends through the correct way to change your password on Facebook, especially in this situation. And simply, FIRST (very important)… go to your account / account settings / account security (change) / and click on:
Secure Browsing (https) Browse Facebook on a secure connection (https) whenever possible (make sure this box is checked) (see picture below)
After you have set (or verified) that you have a secure connection… THEN you need to change your password. If you change your password without a secure connection, and you have been phished, then the phisher will have your new password.
Although I have a bit an animosity towards Facebook for allowing something like this through, I do need to commend them on reacting quickly and shutting down this post. At one point, all posts on my wall were gone, and only new posts showed. It appeared as though they somehow stopped these posts, and others in between, from showing. This morning, all was normal.
I love the internet, but some people really need to find something better and more positively constructive to do then cause havoc for complete and total strangers.
Additionally, Facebook will NEVER ask for your credit card. If you get an email or post requesting you for your credit card… Run! “Run, Forrest, Run!”