Most of you know that Facebook has been fighting an ongoing war with spammers and hackers, and while Facebook has done a relatively good job at stopping the spam, I was sent one of the most clever hacks earlier this morning.
Nikki Ferris was a relatively unsuspecting victim. A friend on Facebook was talking with her on Facebook chat and sent her a message which stated, “Hey, I’m bored off my ass and am doing a survey. I’m down to the last two questions and it says I have to ask someone on my Facebook friends list with the initials NF. You think you could help me out?” Like any good friend who has a few extra minutes, Nikki decided to take the survey. One of the questions was “Pets names?”
As Nikki told us in an email, “Well, I don’t currently have any pets, so I gave her names of pets I used to have. I didn’t make the connection right away, but I had just given her the answers to my security questions on my Gmail account.” Yikes! The hacker has now proceeded to message all of Nikki’s friends in an attempt to grab their passwords as well. There’s no doubt that the hacker will get other peoples’ passwords, but what this hacker will do with those accounts is unknown.
Having a mini army of hacked accounts is never a bad thing for a scammer though. So far Facebook hasn’t responded to Nikki’s pleas to disable her account or monitor the profile. One thing that I personally can’t figure out is how Nikki was able to get back in to her Gmail, the address she messaged us from, however this clever technique seems like a legitimate way to steal accounts. This reminds me of the previous article we wrote about How to steal your friends’ Facebook passwords.
Anyways, the lesson is pretty clear: don’t give away the answers to security questions if your apparent friends ask for them via a chat conversation.