This story was first published on October 12, 2012
According to yet another dubious “security alert” on Facebook, users should avoid clicking links couched as requests for profile information from Mitt Romney.
The messages suggest that these requests are the work of “Obama Nation hackers” who can use the replies to hack and block user accounts. The message claims that large numbers of people have already had their accounts compromised in this manner. A second part of the message further warns users not to respond to “security check” messages because they are also sent by hackers.
Alas, like many others of its ilk, this message is simply too vague and confused to have any genuine merit as a security warning. There are no credible security reports about a current phishing or malware attack that uses fake profile requests purporting to be from Mitt Romney. Moreover, the message provides no details about how this supposed “hacker” tactic actually works. Do the links in these alleged hacker messages open a phishing website that tries to trick users into divulging account login information? Or do the links lead to a site that harbours information-stealing malware that can be installed on the victim’s computer? How are the supposed scam messages actually worded? The “alert” does not bother to include any of these important details, nor does it reference any source where users can find more information about the supposed threat.
Rather confusingly, the latter part of the message apparently attempts to describe a second aspect of the “hacker” attack in which people receive bogus “security check” messages. The wording of the alert suggests that such messages may come from the accounts hijacked in the initial “Romney” profile request attacks. Again, the warning message provides no detailed information about how this “security check” attack actually works.
In fact, the “security check” part of the warning may be a garbled reference to a long running criminal tactic by which Facebook users are tricked into divulging their account login details in response to messages that falsely claim to come from “Facebook Security”. These bogus Facebook security messages are often sent out via accounts that have already been hijacked in earlier incarnations of the same type of phishing scam. But, in its current form the above “security alert” is just too confused and lacking in detail to be an effective warning about these Facebook Security phishing scams.
The message finishes by advising people to check their privacy settings. But, it gives no information whatsoever about which settings people should check or how changing privacy settings could help them avoid becoming victims of phishing or malware attacks. Again, the information in the alert is vague to the point of uselessness.
Of course, the underlying generic advice in the message – be cautious of clicking links in unsolicited messages and beware of “security” messages asking you to verify account information – is worth heeding. And scammers often use the promise of news or gossip about current events such as elections and key players such as Obama and Romney as the bait to entice people to click their links. Nevertheless, to have any real validity, computer security alerts must contain accurate, up-to-date information about the perceived threat and provide enough details so that recipients can recognize and avoid the attack described. Vague and garbled security alerts – even those with an underlying grain of truth – are likely to confuse and mislead users and will do nothing to help increase their online safety.
An example of the hoax warning:
Security alert : OBAMA NATION hackers are asking you to click on a ROMNEY request for your profile etc … a large number of our friends accounts have been hacked and blocked , do not respond to their messages for “security” checks .. both requests are hackers : pass it on to your groups and friends : recheck your privacy settings :
Importance NoticeAfter considerable thought and with an ache in my heart, I have decided that the time has come to close down the Hoax-Slayer website.
These days, the site does not generate enough revenue to cover expenses, and I do not have the financial resources to sustain it going forward.
Moreover, I now work long hours in a full-time and physically taxing job, so maintaining and managing the website and publishing new material has become difficult for me.
And finally, after 18 years of writing about scams and hoaxes, I feel that it is time for me to take my fingers off the keyboard and focus on other projects and pastimes.
When I first started Hoax-Slayer, I never dreamed that I would still be working on the project all these years later or that it would become such an important part of my life. It's been a fantastic and engaging experience and one that I will always treasure.
I hope that my work over the years has helped to make the Internet a little safer and thwarted the activities of at least a few scammers and malicious pranksters.
A Big Thank YouI would also like to thank all of those wonderful people who have supported the project by sharing information from the site, contributing examples of scams and hoaxes, offering suggestions, donating funds, or helping behind the scenes.
I would especially like to thank David White for his tireless contribution to the Hoax-Slayer Facebook Page over many years. David's support has been invaluable, and I can not thank him enough.
Closing DateHoax-Slayer will still be around for a few weeks while I wind things down. The site will go offline on May 31, 2021. While I will not be publishing any new posts, you can still access existing material on the site until the date of closure.
Thank you, one and all!