Debunking email hoaxes and exposing Internet scams since 2003!


Hoax-Slayer Logo Hoax-Slayer Logo

DividerDivider
Home    About    New Articles    RSS Feed    Subscriptions    Contact
DividerDivider
Bookmark and Share









Dubious Facebook 'Security Alert' - Obama Nation Hackers

Outline
"Security alert" circulating rapidly on Facebook warns users that "Obama Nation hackers" are taking control of people's accounts by tricking them into clicking Romney requests for profile information or responding to security check requests.



Brief Analysis
The message is simply too vague to be of any real value as a security warning. There are currently no credible reports about a "hacker" attack involving an Obama Nation group or bogus Romney profile requests. The second part of the "alert" may be a garbled reference to an ongoing phishing tactic in which scammers send bogus messages purporting to be from Facebook Security. Passing on vague and potentially misleading "security alerts" will do nothing whatsoever to help keep people safe online and will only serve to clutter social networks with even more useless information.

Bookmark and Share





Last updated: October 12, 2012
First published: October 12, 2012
Article written by Brett M. Christensen
About Brett Christensen and Hoax-Slayer


Example
Security alert : OBAMA NATION hackers are asking you to click on a ROMNEY request for your profile etc ... a large number of our friends accounts have been hacked and blocked , do not respond to their messages for "security" checks .. both requests are hackers : pass it on to your groups and friends : recheck your privacy settings :

Obama Nation Security Alert




Detailed Analysis
According to yet another dubious "security alert" that is currently gaining momentum on Facebook, users should avoid clicking links couched as requests for profile information from Mitt Romney. The messages suggest that these requests are the work of "Obama Nation hackers" who can use the replies to hack and block user accounts. The message claims that large numbers of people have already had their accounts compromised in this manner. A second part of the message further warns users not to respond to "security check" messages because they are also sent by hackers.

Alas, like many others of its ilk, this message is simply too vague and confused to have any genuine merit as a security warning. There are no credible security reports about a current phishing or malware attack that uses fake profile requests purporting to be from Mitt Romney. Moreover, the message provides no details about how this supposed "hacker" tactic actually works. Do the links in these alleged hacker messages open a phishing website that tries to trick users into divulging account login information? Or do the links lead to a site that harbours information-stealing malware that can be installed on the victim's computer? How are the supposed scam messages actually worded? The "alert" does not bother to include any of these important details, nor does it reference any source where users can find more information about the supposed threat.

Rather confusingly, the latter part of the message apparently attempts to describe a second aspect of the "hacker" attack in which people receive bogus "security check" messages. The wording of the alert suggests that such messages may come from the accounts hijacked in the initial "Romney" profile request attacks. Again, the warning message provides no detailed information about how this "security check" attack actually works.

In fact, the "security check" part of the warning may be a garbled reference to a long running criminal tactic by which Facebook users are tricked into divulging their account login details in response to messages that falsely claim to come from "Facebook Security". These bogus Facebook security messages are often sent out via accounts that have already been hijacked in earlier incarnations of the same type of phishing scam. But, in its current form the above "security alert" is just too confused and lacking in detail to be an effective warning about these Facebook Security phishing scams.

The message finishes by advising people to check their privacy settings. But, it gives no information whatsoever about which settings people should check or how changing privacy settings could help them avoid becoming victims of phishing or malware attacks. Again, the information in the alert is vague to the point of uselessness.

Of course, the underlying generic advice in the message - be cautious of clicking links in unsolicited messages and beware of "security" messages asking you to verify account information - is worth heeding. And scammers often use the promise of news or gossip about current events such as elections and key players such as Obama and Romney as the bait to entice people to click their links. Nevertheless, to have any real validity, computer security alerts must contain accurate, up-to-date information about the perceived threat and provide enough details so that recipients can recognize and avoid the attack described. Vague and garbled security alerts - even those with a underlying grain of truth - are likely to confuse and mislead users and will do nothing to help increase their online safety.

Bookmark and Share

References
Alert From Facebook Security Team Phishing Scam
Facebook Account Reported Phishing Scam

Last updated: October 12, 2012
First published: October 12, 2012
Article written by Brett M. Christensen
About Brett Christensen and Hoax-Slayer