Here is an example:
The profile thief posts a message, status update, or comment containing a Flash file. It might be disguised as a game. But in reality, it’s just a trap to steal your profile. Without you realising it, the Flash file automatically redirects (using a MITB attack vector) you to a different website where the fraudster has set up a copycat of of Facebook.
You may suddenly wonder that Facebook logged you out…. so you enter your username and password, and bingo — they just stole your username and password! Since you were on a copycat site, it didn’t log you in. It just stored the email and password you entered (usually in a text file on your system or SQL database on the copycat site), and now the profile thief is going to use your account to spam your Facebook friends with a malicious URL.
But the danger doesn’t end there. The person who stole your Facebook profile knows that you can always change your password and lock them out of your account. So now, they try to take over your profile entirely. If they see your email address ends in yahoo.com or hotmail.com, they go to your email login page and try to log in to your email account with the same password. Many people use the same password for their email account and their Facebook account, and if you’re one of those people, now the thief has access to your email, too.
Once they have access to your email, they can start sending lost password requests to PayPal, AIM, Yahoo Messenger, eBay, or anywhere else you might have an account, and they can now reset your passwords on other systems, and even change the email address on your social network profile to their own address so you can never log in again!
Don’t be fooled into thinking that Facebook will let you back in to your profile once it gets stolen and you can no longer log in (some of my readers will know just how difficult it is to get Facebook to reset a user account even if it has been hijacked). If this happens, Facebook may ask you to send a digital picture of yourself so they can see if you are pictured in the account that you say was stolen – they will also ask you for other personal details. If the spammer has deleted all of the face/image pictures in your profile (which they usually do), then Facebook won’t do anything at all because you have no way to prove the profile is really yours. However I suggest you use this TIP: Facebook Report Abuse or Policy Violations
But if they see your picture in the account you say was stolen, the social network site still won’t give you access to the account — they’ll just DELETE IT. And now the spammer can’t use it anymore, but you will have lost all of your messages, photos, and comments and you’ll have to start all over again!
Here’s how you can protect yourself from profile thieves:
- Change the password to your email address right now. It’s no good just changing your Facebook password, because if they can get into your email account, they can still steal your profile. IMPORTANT: Make sure your new email password and your new social network website password aren’t the same!
- Never click on a link in a message, status update or comment that looks suspicious. It’s probably a trap to steal your profile.
If it ever looks like Facebook has logged you out, don’t enter your email and password. Instead, type the full Internet address i.e. http://www.facebook.com in the address bar and hit enter to make sure you are still on the real website and not a copycat site.
If you see weird status updates showing up from your friends, message them right away to tell them their profile might have been stolen and advise them to change BOTH their Facebook passwords and their email account’s passwords. Most people don’t see the status updates their account is posting until it’s too late.
Update: Social network ‘ghosting’ on the other hand, is something that appeared in 2010. This is when someone copies your social network profile, including your name, images, status updates etc and attempts to damage your reputation. Both social network grabbing and ghosting can have a major impact on your life, including destroying your friendships, family and your work life.
Safe surfing folks!