Facebook two-factor authentication, a cautionary tale.
By now you’re probably fed up of being told that passwords are important. You know that right? But I know that many people still use weak passwords, or even worse, use the same password for everything. There might be an attitude of ‘it can’t happen to me’ when it comes to cyber security, but there’s every chance it will be you.
Securing yourself online is fairly easy. You don’t need any special skills, just make sure you use a great password. Yeah it might be an inconvenience when you forget that password but a minor niggle like that is more tolerable than having your online accounts compromised.
Two-factor authentication — what is it and why is it so flippin’ important?
A lot of websites, email providers and social networks now offer something called two-factor authentication. But what is it? Put simply two-factor authentication is a method of logging into a website or online service that requires more than just your username and password. Quite often the second factor is a simple code that is sent to you by sms text message. The logic being that someone can’t pretend to be you unless they happen to have your mobile phone in their possession.
It’s a harsh fact that whenever claims that their account has been ‘hacked’ it’s 99.99% the case that the ‘hacker’ has in fact guessed their password. Nothing more technical or clever than a guess. Each time someone has approached me because they have been ‘hacked’ they will admit to having a password that might be as simple as the name of a family member or favourite sports team. This is BAD security. But if any of these folk had two-factor authentication active their account would probably have remained free of interference from the wronguns.
Today I had a timely reminder why two-factor authentication is important on Facebook. I received a message from one of my mum’s friends. It’s not totally unusual to hear from this person. She writes great letters at Christmas time to tell us what’s going on with her family, and she is the sort of person who might ‘reach out’ every now and then to say hello.
When I saw the messages come through from my mum’s friend I was immediately a little sceptical. Mostly because I work in SEO / Internet Marketing so spotting behaviour patterns is a big part of what I do. So even although this family member is likely to say hello from time to time I wanted to keep the chatter light and airy until I could be sure the person I was talking to was in fact who she claimed to be.
Troll-feeling caveat
Before we get into the breakdown of the conversation that happened next I need to make clear that I very much DO NOT recommend you speak to anyone suspicious at all. Ever. If something odd happens and you get strange message from someone you know then call them. Find out if it is them, if it is then they’ll never mind, if it isn’t them then they’ll know the time has come to change their security details.
Just for fun, here’s my conversation with the Facebook scammer / password guesser
Okay, so the scammer knows my name, that’s not a big shock. My mum is religious, so is her friend, so again, the mention of God is no big surprise. At this point I figure this might actually be who I think it is. It’s nice to hear from her, so I continue.
At this point I should probably point out that myself and the person I am allegedly talking to both live in the same town, in the United Kingdom. Verizon doesn’t operate in the UK. At least I don’t think they do. I still have enough faith that this might be my mum’s friend so I continue. When she said she had something to share I was a bit worried, what could it be?
Then she / he / it mentioned President Trump. That’s not so much an alarm bell ringing as it is an entire church tower of medieval bells falling down.
So I’m now fairly sure this isn’t who I thought it was. Let’s have some fun. What news could she possible have heard? Let’s give her some exciting news. Hmm, what time is it… lunchtime! I know what, I’ll tell her I won a sandwich making competition.
Hey, she’s not interested in my good news after all! It was such a proud moment in my life! What’s interesting here is that scammer actually referenced what I’m saying. I’ve spoken to scammers before and they usually follow a tight script and pretty much ignore any diversions you through at them.
But hey, enough of the past, back to the present! I’m being baited with mention of money now. Let’s have at it!
Ah, here we go; here’s the good stuff! Now even although I risk making it clear to the scammer that I know what’s happening they still choose to persist. I’m particularly pleased with my plans for spending this unexpected windfall.
I’m getting a little bored now but the scammer is sticking loosely to the script and I kinda want to get to the payoff. But as a writer I really struggle to let bad grammar pass me by.
I asked which country this person was in, because even just a few seconds of gawking at the account they have hacked would make the answer abundantly clear.
Switzerland? Really? Bold choice, but it does pose one very obvious question to me. This Facebook messenger chat is getting a little more curious now so let’s chuck in a word that might motive the scammer to up their game. I chucked in ‘exciting’ to give the impression I was now distracted by daydreams of easy money coming my way from President Trump.
At this point I can only assume the hundred Facebook Messenger chats this person must be engaged in are getting distracting. Even my direct questioning is being pretty much ignored. I mean, who ignores the mention of Bobby Crush in any conversation?
In all the years I’ve been working online (roughly twenty!) I’ve never spoken to a scammer who was a native English speaker. They definitely exist, but I’m yet to meet one.
Usually when chatting merrily to fraudsters (like during this phone conversation) there is a slight pause when I say something deliberately odd.
Or when chatting on an Instant Messaging platform my odd comments just get ignored. To be fair that sometimes happens when I’m talking to my friends and family. But it’s time to move on, this scammer clearly isn’t interested in the history of civil unrest in Fangorn Forest.
Well lummy, just look at that classic portrait. Now there’s a face and a link I can trust! I’m pretty sure the scammer has tuned out now, although they don’t usually last this long when I start chatting about topics like feline taxidermy. He / she / it didn’t even enquire as to whether the cat has been poorly, which is just band manners.
I’ve had a few message after this one asking if I’ve clicked the link yet. But instead of clicking the link I called my parents to get the landline for my mum’s friend.
Conclusion — the serious bit.
Use two-factor authentication. Seriously. Please. It’s free and very easy to set up. In facebook click the down-facing triangle on the far right of the blue top bar. Then click settings. Then click on the ‘security and login’ option on the left hand menu. From there scroll down till you find the ‘Two-factor authentication’ section. Click the ‘edit’ or ‘switch on’ button and follow the instructions.
Leaving any of your social accounts or any online account without two-factor authentication activated is a little bit like leaving your home without locking the front door. Now you know. Go fix it!
And finally…
If you enjoyed this article I heartily recommend you take a look and a listen at my Podcast…
