Facebook was hit on Tuesday by a well-meaning intruder who took over some of the site's online groups as a way of sending a message: "Think about the safety in your social media life to the same extent you do in your real life."
The social networking site, with more than 300 million users worldwide, has thousands of different groups that members can join, from college alumni to those who support various causes. It's not clear how many of the groups were taken over by an organization calling itself "Control Your Info," but it may have been in the hundreds.
"There has been no hacking and there is no confidential information at risk," a Facebook spokesperson said in a statement. "We are still investigating this situation, but an extremely small number of groups have been affected."
Facebook users may have looked for updates from groups they belonged to, only to find this message:
"Hello, we hereby announce that we have officially hijacked your Facebook group. This means we control a certain part of the information about you on Facebook. If we wanted we could make you appear in a bad way which could damage your image severely. "For example we could rename your group and call it something very inappropriate and nasty, like 'I support pedophile's rights.' But have no fear — we won't. We just renamed it Control Your Info. Because this is really all we want: "Think about the safety in your social media life to the same extent you do in your real life. "Watch the video clip for more information or check out www.controlyour.info for more tips soon! "We promise to restore your group name and leave the group by the end of next week. Don't worry — we won't mess anything up."
It was signed with "best regards," and one of the names attached to Control Your Info on Facebook itself is Burstin Woltan, who shared the missive above on Facebook itself.
Facebook said the groups that were taken over by Control Your Info had been "abandoned by their previous owners, which means any group member has the option to make themselves an administrator in order to continue communication to the group."
Group administrators, Facebook said, "have no access to private user information and group members can leave a group at any time. For small groups, administrators can simply edit a group name or info, moderate discussion, and message group members. The names of large groups cannot be changed nor can anyone message all members.
"In the rare instances when we find that a group has been changed inappropriately, we will disable the group, which is the action we plan for these groups."
On Control Your Info's blog, an introductory posting says that "social media has become a natural part of most people’s daily lives. Unfortunately the security aspects of social media have been more or less neglected.
"We want security matters to become just as obvious in people’s online activities as sharing, posting and connecting."
Phishing attempts continue
As Facebook continues to grow in popularity, the problems associated with social networking have been growing as well. Several times this year the site has been subject to various "phishing" expeditions — attempts to get users to share account information that could be helpful to crooks for accessing bank accounts and other financial data.
Other attempts have included scams where members are contacted by someone using the name of a real friend in need of help — and money.
A new phishing scam in recent days was noted by security firm on its blog.
The company's security experts received e-mail messages "that supposedly came from Facebook. It asks recipients to update their login credentials for security purposes. It then instructs them to click the URL provided in the e-mail message.
"When the user clicks the URL, it points them to a spoofed (fake) Facebook Web site where they are required to input their password only as their e-mail address has been automatically filled up."
Once users hit the log-in button, Trend Micro said, they are redirected "to another fraudulent page where a link to download a suspicious update tool file is provided."
Check e-mails closely
Trend Micro, like Facebook, makes these recommendations in terms of whether to trust an e-mail you receive from or through Facebook:
- "Check the e-mail’s content. Misspellings and grammatical mistakes are very common in spammed messages."
- "Do not click embedded links. If you need to update your log-in credentials, go to the site’s home page and log in from there."
- Check the URL (Web site link) in the message body of the e-mail. "A legitimate Facebook link will not continue beyond .com."
- "Check the time stamps. Facebook has millions of users worldwide so it really is very unlikely that the site’s administrator will send out e-mail messages to all users within the same day."
- Also check the e-mail address of the sender. "A legitimate Facebook e-mail sender will have a Facebook.com and not a Facebookmail.com address."