Just about every week, it seems, a new, breathless ALL CAPS virus or hacker ‘warning’ begins rocketing around Facebook. Generally, these messages are just so vague, misleading and inaccurate that they are virtually worthless as security warnings and should not be reposted.
A core recurring claim in many of these bogus warnings is that hackers can somehow magically hijack Facebook accounts and repost messages without the account holder having taken any action to allow this. The warnings generally claim that, if one of the ‘hacker’ messages appears on your timeline, the clever hacker can then spread it to all of your Facebook friends without you interacting with the message in any way. The suggestion is that, somehow, hackers can gain access to people’s accounts at will and post whatever they like, whenever they like.
However, these claims are simply nonsense. Hackers do not possess supernatural powers that allow them to take over Facebook accounts at will. Regardless of how clever a hacker might be, he cannot randomly access Facebook accounts whenever he likes. To allow such activities to take place, users must have first taken some overt action such as installing a rogue app, opening an attachment or website that harbours malware, or providing personal information via a phishing scam.
Of course, some rogue Facebook apps, if given the necessary permissions by a user during the installation process, may automatically post spam, scam or malware messages on the user’s profile. And, if the user inadvertently divulges Facebook login details via a phishing scam, then Internet criminals could subsequently access the compromised account and post any messages that they wanted to. But, to reiterate, the user must take some action – clicking a link, installing an app, divulging login information – before his or her account can be hijacked or misused.
Keep in mind that, if hackers could hijack accounts as easily as suggested in these silly warnings, then Facebook would have long since been overwhelmed with such hacker activity and would, by now, be virtually unusable.
Whenever I discuss one of these bogus warnings, a number of people dispute my findings. Typically, they claim that I am wrong to state that the messages cannot spread in the ways described in the ‘warnings’ because it happened to them or their friends and they ‘never clicked anything’. This article is likely to invoke more such comments.
But here’s the thing, folks. Perhaps you did not associate the link you clicked or the app you installed with the subsequent nefarious Facebook activities. But, one way or another, you DID take some overt action that allowed the scam or spam messages to be sent to your friends in your name.
If you receive one of the messages or it appears on your Facebook News Feed, then one of your friends has inadvertently allowed this action to take place. Just because they may deny this, it does not mean that it isn’t so. They may well have taken said action without realizing the consequences.