Circulating message warns that there is a ‘new hack on Facebook’ in which the perpetrators ‘arise’ between comments and are thus able to post offensive material that looks like it came from you.
The message is so garbled and misleading that it has no value whatsoever as a security warning and will likely just mislead and confuse Facebook users. There are indeed various security threats that can allow malicious users to hijack your Facebook account and post content in your name. However, this warning does not clearly or accurately describe such threats and copying and pasting it to your wall is therefore counterproductive (Refer to the Detailed Analysis below for more information).
There is a new hack on FB. It includes a hurtful phrase coming from you. It is usually very dirty and appears that you have written it.
YOU will NOT see it, but your friends will. This creates many misunderstandings.
So to all of my contacts. If anything shocking, inappropriate, or indecent ever appears on my timeline, Please know it did NOT come from me.
Please immediately advise me of such a post.
These hackers can also take your pictures.
You may wish to copy this to your wall.
According to this would-be warning message, there is a new hack on Facebook that you need to be aware of. The warning claims that dastardly hackers can somehow ‘arise between the comments’ of posts made by your Facebook friends and post offensive comments and porn pictures that appear to come from you. It claims that you won’t be able to see these comments but your friends will, thereby causing ‘many offensive misunderstandings’. It asks that you copy and paste the warning on Facebook so that others will be aware of the supposed threat and will understand that any insulting or malicious messages that come up in your name are not really from you.
But, alas, the message is so convoluted, misleading, and inaccurate that it has no value as a security warning and will likely just cause confusion among many Facebook users who encounter it.
Of course, criminals do use various methods to hijack the accounts of unsuspecting Facebook users. They may trick people into installing rogue Facebook apps. Or, they may trick users into revealing their Facebook account login credentials via phishing messages. Or, they may trick people into installing malware that can steal account login information. If they do manage to take control of your Facebook account using one of these methods, criminals may indeed post ‘offensive’ material – including spam and links to porn, scam, or malware sites – that appears to come from you.
But, this ‘warning’ message does not accurately or clearly describe any of these genuine security threats in any meaningful way. Nor does it provide any information that might help users avoid such traps in the first place.
The message implies that these attackers can magically ‘hack’ into your account at will or somehow inject comments with your name on them in-between other comments on a post. But, even the cleverest criminals cannot just take over a Facebook account whenever they feel the urge. As noted, to successfully hijack an account, they must either trick people into giving up their account login credentials via phishing or malware attacks, or get them to install a rogue app that can post on their behalf.
Criminals may also create a fake account using publicly available images and material stolen from your Facebook Profile and trick some of your friends into accepting friend requests from the fake account. Via this cloned account, they may then be able to post material or add comments that some of your friends might think comes from your real account. But, again, the warning does not accurately describe such cloning attacks. And cloning can not be described as hacking in any case.
The strange wording of the original post suggests that it may have been rather artlessly translated from another language. In fact, the warning is clearly derived from earlier and equally misleading ‘hacker’ warnings that have circulated on Facebook in various forms for years.
A later version corrects some of the strange and unusual grammar found in the original post. But, while the newer version may be more readable, it is still just as useless as a security warning.
It is also worth noting that cybercriminals are usually intent on getting your money or sensitive personal information. Generally speaking, they probably don’t want to hijack your Facebook account just so they can post nasty comments to your friends.
Thus, while its creator may have been well-intentioned, posting this garbled ‘warning’ will help nobody.