Listen to the Podcast
16 Apr 2021 - Podcast #739 - (18:31)
It's Like NPR on the Web
If you find the information TechByter Worldwide provides useful or interesting, please consider a contribution.
If you find the information TechByter Worldwide provides useful or interesting, please consider a contribution.
If you think your Facebook account has been hacked, it probably hasn't been. But it might have been cloned. Getting rid of a Facebook cloner is relatively easy, and you can avoid having it happen again.
It's worth taking a moment to understand the difference between "hacked" and "cloned", and maybe even to consider the difference between "hacked" and "cracked". In the past, "hackers" weren't evil. Hackers wrote code and their primary goal was to learn about systems. Crackers were people who broke in to system with evil intent. Somehow hacker and cracker were conflated over time and "hackers" are now seen as evil. There's no way to change that, so let's leave it alone.
So has your account been "hacked" or "cloned":
The person whose account is cloned is not the cloner's victim, but only an unwitting accessory. The crook uses the cloned account to fool the user's friends into accepting friend request. But what's the point of that? When the phony account has enough friends, the crook can use it to scam the friends. Here's just one example: The cloned account sends messages to each friend, claiming to be stranded somewhere — drove to another city, had the car stolen, and wallet was in the car. Need $500 to cover expenses. Will pay you back as soon as they're back in town. It's an easy scam, and one that all too many people fall for.
Click any small image for a full-size view. To dismiss the larger image, press ESC or tap outside the image.
If you think your account has been cloned, let your friends know.
A friend of mine had his account cloned several weeks ago and he immediately posted a message to let people know that something was amiss.
It was easy to find the cloned account. When I searched for his name, I expected to find one of two types of accounts in addition to his: Either a second account that used his profile photo or an account with his name but no picture.
What I found was an account with no photo and one friend, who I recognized as one of my friend's friends. Clearly that person had receive a friend request and had accepted it.
People accept these phony friend requests because they think that they may have accidentally unfriended someone or that the person has created a new account. Maybe we're too trusting. If I receive a friend request from someone I'm already friends with, I send an email or private message to confirm that the sender has actually created a new account. That has happened exactly once. In every other case, the person's account had been cloned.
Before accepting any friend request, I visit the profile to find out what I can about the person. Do we have any friends in common? Is the account new or does it have a reasonable history of posts? Identifying a phony account isn't difficult.
The victim can report the cloned account, but friends can also report it. When I found the account with my friend's name, no posts, and one friend that I recognized from his real account, I reported the phony account to Facebook. Facebook's automated process immediately responded by closing my request and contacting the friend. The sooner a cloned account can be eliminated, the less damage the cloner can do.
The most effective way to avoid having your account cloned is to make it less attractive to cloners by making it impossible for anyone but you to see your friends list.
To make the friends list private, click the Facebook menu button, the down-pointing triangle in the upper right corner of the Facebook site, and choose (1) Settings & Privacy from the menu. Click (2) Settings on the next menu, and then choose (3) Privacy on the settings page.
Scroll down to How People Find and Contact You, then change Who can see your friends list? to Only me.
That is the single most important change you can make. It's the one that tells cloners they won't find much joy in your account, but there are other steps that you should consider. Return to the Settings & Privacy menu and click Privacy Checkup. Work through each of the menu items on the Privacy Checkup page. Read the descriptions and decide what safeguards you'd like to establish. Plan to spend some time on this, reading the explanations and considering the alternatives.
Making your account undesirable to cloners will protect your account.
If someone has actually gained access to your account, they can post as if they are you. If you think this may be what happened, return to the Settings page and choose the Security and Login tab. Expand the Where You're Logged In list and look for any entries you don't recognize.
You may find a long list of when your login credentials have been used, from which device, and from what location. Some devices may appear as "device type unknown" but if the location is familiar, it probably doesn't indicate access by a crook. You can click the three vertical dots at the right side of the listing and log that device out, and definitely log out any devices you don't recognize from unexpected locations.
If you find a login from an unexpected location, it's time to change your password in addition to logging that device out. And if you haven't enabled two-factor authentication for Facebook, doing that is a security step that virtually assures your account cannot be breached. While you're on the Security and Login Settings tab, scroll down to Get alerts about unrecognized logins and specify at least one email where Facebook can reach you. I recommend turning on notifications and also sending alerts to Messenger when Facebook detects a login from a new device.
To make sure that you can recover your account if you get logged out, you can also specify three to five friends who can help you restore access.
If you're wondering how scammers obtain the user name and password for a Facebook account, or for just about any other account, it's easy. The crook sends an email message that looks like it came from Facebook, or your bank, or a medical provider, or Google, or Amazon . . . . The list is really quite long. The message will explain that unusual activity has been detected or that your account is locked or some other seemingly legitimate issue.
The message will then ask you to confirm your user name and password. That is the clue that the message is an attempt to steal your credentials. No legitimate service or organization will ever send a message like this, so don't click any links in the message. If you're concerned that the account mentioned has been compromised, open a web browser and visit the site the way you normally do. If something really is amiss, you'll be notified when you try to log in.
Just be sure not to use any link in the email. Defeating scammers and crooks isn't really difficult. It just requires a bit of critical thinking, caution, and maybe just a bit of paranoia.
Would you be surprised to learn that scammers target people who follow a police department's Facebook page? That seems like something that should be a surprise, but of course it isn't. Let's investigate.
Tim Cotton, a lieutenant with the Bangor Police Department, runs the department's Facebook page. Having never met him, I don't know if Cotton is a good police officer, but I suspect he is. I know that he's a good writer with a sense of humor that varies from subtle to ironic to sarcastic. He writes about policing in Bangor, Maine. It's a town with 33,039 residents, but the police department's Facebook page has nearly 326,000 followers.
Any page that's poplar enough to attract a lot of followers and a lot of comments is likely to be seen as fertile ground for scammery, even if it's a police department page. So shortly before April Fool's Day, Cotton offered some cautionary hints.
"In recent weeks, we have been infested by perverts and scam artists. I can't control them. The internet is a vast wasteland of dipstickery," he wrote. The problem is that anyone can openly exchange commentary and information on Facebook and, he said, "the key word is ANYONE." (OK, so "scammery" is my word; "dipstickery" is the lieutenant's.)
What's the problem? "Some very pleasant ladies who follow our page are being propositioned by handsome lads with impressive Facebook credentials," Cotton writes. "Doctors, lawyers, oil company executives — you know, just the type of guys who need to come to a police department Facebook page to find the love of their life."
The scammers offer, among other things, first-class tickets to places like Abu Dhabi. There are lots of other enticements, of course, because scammers are nothing if not clever.
Cotton says he does try to block the "scamming perverts", but it's just him against a legion of them. So he says that if someone tries to friend you in the comments section of the Bangor PD page, you should just ignore them. He will eventually "see their repeated attempts at using our platform as a clean and family-friendly Tinder substitute" and delete them.
At this juncture, he helpfully points out that those who don't know what Tinder is shouldn't search for it. "You will find that it makes our page look like Disneyland in 1965."
What is a bit unusual about the Bangor Police page is that women are the most common targets of the scammers. On many sites, the reverse it true. When someone who is, or pretends to be, female and attempts to get a man to be her friend, it's called "catfishing" (or maybe "catphishing"). Perhaps the term is a one-size-fits-all word regardless of the sex of the intended victim, or maybe it has a special name like "dogphishing" when the intended victim is a woman. Cotton says "not many of the men who comment here are being propositioned by imaginary ladies."
"Please don't answer the scammers," he says. "Just ignore them.... They do not have your best interest in mind, and I hate them just as much as you do."
Cotton offers two points in closing: First, the usual "Keep your hands to yourself, leave other people's things alone, and be kind to one another." Second, "We are trying to make Facebook a safe space, but in reality, we'd all be better off deleting the app. Yes, Zuck, I said it."
Even though I've included a lot of the Cotton's Facebook post here, you can read the whole thing on the Bangor Police Department's Facebook page.
There was a lot of talk about the "paperless office" about the time personal computers started showing up in offices. If anything, most offices used more paper as a result of replacing typewriters with computers; but maybe we're finally making some progress.
In times BC (before computers), correcting a minor error in a letter might have meant the judicious application of Wite-Out, followed by carefully feeding the page back into the typewriter, or possibly just a correction written in by hand. Either of those methods was deemed to be good enough. But when computers arrived, it was easier to just fix the error and reprint the document. Sometimes this was done several times, so a document that might have consumed five pieces of paper on a typewriter took 25 sheets or more on a computer because corrections and modifications were so easy.
Now a lot of normal correspondence is done with email that doesn't have to be printed. Unfortunately, some emails are printed by the recipient for storage instead of just keeping the file on the computer. It's likely that the paperless office will become a reality about the time that the paperless bathroom does. But we're making progress on that front, too.
We're doing a bit better with the cashless society. I still carry cash around, but I've had the same two twenties, a ten, and five ones in my wallet for at least two years, I write about half a dozen checks a year, and virtually all purchases are made with a credit card that gives me a clear indication of where the money went.
Libraries and bookshops still have lots of books you can borrow or buy, but ebooks offer many advantages. Being able to store hundreds of books on a mobile device is one, along with the ability to read on a computer screen, tablet, or phone wherever you are. I had to wait, in a socially distanced way, at an auto dealership for some recall work; being able to read a book while waiting was helpful. As much as I like the smell and feel of a well made book, ebooks are more convenient.
The proliferation of smart, connected devices in the workplace has reduced the need for paper work orders, picking slips, and other types of forms that were routine in the not-so-distant past. Cashless and paperless — they're not yet perfect, but maybe we're making progress.
There may be someone on the planet who doesn't need a password manager, but I have trouble visualizing a situation in which a password manager isn't important, if not essential. One of the more popular password managers, LastPass, has just limited severely the capabilities of its free version.
In mid-March, LastPass owner LogMeIn turned off support for users of the free version and made it impossible for those users to synchronize their passwords between devices. So if you use LastPass on a tablet, a phone, and a computer, you'll need an account for each device and you'll have to enter new or modified passwords on each. The alternative is paying $3 per month for the premium version or $4 per month for a family account. Given LastPass's capabilities, it's hard to argue too much against $36 per year for one account or $48 per year for a family account. All of the paid password managers have roughly equivalent fee structures.
But there are alternatives that are still free. Here are four and a half options:
Last week I explained that Consumer Reports is criticizing Comcast for initiating policies that could cost users up to $100 more every month if they exceed data limits. This week, consider the other side of Comcast. Even the best company sometimes does something bad, and even the worst company occasionally bumbled into doing something beneficial.
Comcast has enrolled more than 10 million people in its Internet Essentials program that offers internet access for low-income families and individuals. At the same time, the company says it will invest $1 billion over the next 10 years to help reduce the digital divide.
Comcast Internet Essentials is limited to low-income families and costs $10 per month. It includes a connection with up to 50 Mbps download speeds and up to 5 Mbps upload speed. Participants can also buy a basic computer at a low price. Comcast provides training programs for those who are unfamiliar with internet basics, and there are no installation fees, activation fees, or equipment rental fees.
For more information or to apply, visit the Internet Essentials website.
I wasn't exactly on the leading edge of those who installed home networks, but by 2001 I said "Anyone who lives in a house with more than one computer and a broadband Internet connection should be thinking about a local area network, a LAN. Home LANs account for a lot of current spending and my prediction is that this technology will really take off in the next year or so because of one big change."
Well, it certainly took off. It's hard to imagine a home with high speed internet access and no network. Back in 2001, I was running Windows Me on younger daughter Kaydee's computer. Windows Me was, without a doubt, The Worst Version of Windows Ever Released. Getting that computer on the network turned out to be a challenge.
Today's Wi-Fi routers are so easy to set up that they do most of the work, depending on humans only to answer a few questions.