“Did you get the code?”
I received this message via Facebook Messenger from a friend. I happened to have been corresponding with her only a day or two before, so unsurprisingly sent a “??” reply. When the reply came back “trying to login into my Facebook page my phone and they ask me to find to someone help receive a code for me ? X” my antennae started to twitch and I sent a non-committal reply until I could investigate further.
Once I got home from my day's work with a client, I looked again. There was, indeed, a code on WhatsApp – which is one way that Facebook allows you to re-enter your account if you have, for example, forgotten your password. But the ‘use a friend to help you’ option was discontinued by Facebook (probably because of this sort of scam) a couple of years ago. And when a couple of nagging “send me the code” messages arrived, I knew it wasn’t my friend at the other end.
So what’s going on? Let’s use some fictional names for the way it works: say, Abigail, Brian and Chris.
Brian receives a message like the one above from his work colleague Abigail. Only of course, it isn’t Abigail; she’s been conned in the way described above, and it isn’t her on the message thread. What has happened is that Abigail’s account has been accessed by a third party, her friend list is now visible to the scammer, and s/he has sent messages to some of those friends. They lack the relevant password to get in to Brian’s account, and ask for the reset code to be sent to Brian – but they need that code in order to log in. When Brian, believing he’s talking to Abigail, sends the code, it isn’t Abigail re-accessing her account; it’s the scammer logging into Brian’s account.
At this point, the scammer has free rein with both Abigail’s and Brian’s accounts. If s/he convinces still more of their friends to part with the relevant code, more people are likely to be taken in; and, quite possibly, locked out of their own accounts. Facebook will likely realise that excessive (spam) activity is coming from that account, and block access – both to the scammer and to the real account holder.
At this point, one of Brian’s friends – Chris – realises that something is up. She has received a message from Brian, realises that it’s not his style, recognises errors in grammar and punctuation, and contacts him by other means (direct by phone, for instance) to establish what’s up. Of course, she receives the access code via WhatsApp, but doesn’t pass it on. Brian and Abigail can then be enlightened as to what has happened, and take steps to regain control of their accounts.
If you have been a victim of this, now comes the important bit: kicking the spammer out and re-establishing control. Facebook does recognise this sort of problem, and when you attempt to log in, should take you through a series of questions (and they won’t involve the ‘text a friend’ option) to prove your identity. A code to your mobile phone (which the scammer won’t have in their possession) to access your own account will be what is needed.
Once you have got into the account, you need to check what login details are accepted. Generally, you’ll find the scammer has added a set of their own – and they may have deleted yours. When I helped my friend (the ‘Brian’ of this scenario), our scammer had in fact left ‘Brian’’s real mobile and email in place, simply adding their own email address, which was easily deleted, thus denying them access. After that, change your password.
The links for guidance regarding such situations this change frequently (which is why a Google search doesn’t often help much), but at the time of writing (October 2024), start at https://accountscenter.facebook.com/ while you’re logged in.
Then check Password and Security. I recommend you also add Two-factor authentication, which means that you’ll be asked for the extra code from your phone and/or email if you log in from a device that is not your usual one. Don’t forget to update your account details if you change your email or mobile number.
Also look at Where you’re logged in. Don’t panic if there appear to be a lot of these; it will often simply mean that you’ve used a variety of wifi connections or phone networks to use Facebook. (For instance, mine presently shows a location in the north of the country, because we were there a few weeks ago staying with friends.) But something that’s overseas, or any area you've never been or when you haven’t left your immediate area for weeks, needs deleting.
How do you avoid this happening? Get suspicious. If people are on your friends list, presumably they are really friends (it’s a very bad idea to allow people to ‘friend’ you if you’ve never met them). Stop and think. Does this sound like their style? Would they greet or address you in this way? You’ve probably got other ways of contacting them. Use it. If it’s a real friend, there will be no problem, and you may well be able to stop yet another flood of spamming.
There are many, many scams around on Facebook (and elsewhere in social media). Some are thought to be ‘hackers’, when in fact they are cloning attempts – the perpetrators haven’t actually got past your password, but they have copied all publicly-available information from your account. Have a look here for a useful and detailed article (it saves me writing it all over again!).
The golden rule is: if in doubt, ask. Keep the antennae up. Stop and think. Search on Google. Ask a friendly passing geek (like me). But don’t ever respond in haste, or when you’re busy, or when you’re half-asleep. Stop, count to ten, step back, check, and then act accordingly.