They Didn't Ask Me (dr_phil_physics) wrote,
They Didn't Ask Me

Facebook -- You Have A Monumental Security Problem

To All on Facebook: over half a dozen people so far have reported getting Friend requests from an imposter account with my name. Working on getting it dealt with. Meanwhile, I have not unFriended any of you, so you should NOT be getting a spurious Friend request from me. As the real me. Dr. Phil
I drive on the road for most of two hours. I work out with my Physical Therapist, practicing better standing on one leg, come home and take a nap... And all hell breaks out.

Seems my Facebook friends are getting Friend requests... from me? Apparently it's not so unusual -- sometimes people have to reset everything and re-Friend everybody. But still, it's suspicious.

I wasn't hacked. I was imposterized.

Some genius decided to create an account with my name and go through my Friends list and see who bites.

Of course when I looked at the private messages queued up, they look suspicious because they're all the same canned form response:
Hey Philip, it looks like this person is pretending to be you. You should report them for impersonation if you think they are.
Followed by a link to report the offending imposter.

So I click the link. Check the box saying this person is pretending to me. Mind you, there's no information about this imposter account, I am going on the assumption that my friends are right. Or that I am not reporting my own account and about to delete it. Since it has the same name and all.

Now it wants my password. Perfectly reasonable, though the thought crosses my mind that if Facebook itself was hacked, this would be a great phishing lure (ironic-grin), but of course the Kindle logs me in automatically, so I had to look up my password.

Then the kicker.

Please enter a mobile phone number into your Timeline. Say what? You can change who can see your contact information on your Timeline later? Are you fucking kidding me? This in a system designed to deal with lax security on Facebook and you want me to expose my cellphone number? I opened a new tab and went and set the blank phone number fields to let no one read them, entered my number. Now it wants to confirm with a text or voice message. This involves asking Mrs. Dr. Phil to get up and get my phone, which is normally off, and turn it on. Select voice. Phone rings a few seconds later and they give me a four digit confirmation code to input. I do. It's in.

Of course, I had short circuited the previous tab's imposter reporting program, which had asked for my then unsecured phone number. The reporting box was gone and when I tried it again, the imposter reporting system is giving me the message:
Something went wrong. We're working on getting it fixed as soon as we can. Okay?
NO. It's NOT okay. Okay? And what's with ONE choice marked Okay?

I wrote a couple of notes to people and the FB post at the top of this blog post. Now the link to report the offending imposter has changed to the message:
This attachment may have been removed or the person who shared it may not have permission to share it with you.
Attachment? Share? We were talking about a link to a Facebook security system, not some sparkly kitty picture.

This looks like an error. It doesn't inspire confidence.

Meanwhile, another writer and programmer had posted an open comment to FB, asking if they needed help coding a real security system. One which could recognize that Newly Created Name X making Friend requests to everyone on the Same Name X Friends list might be a scam -- and request verification from the original person. That these scams try to get money from people. And that a high profile case on the news could damage the brand and send people to another social media site. I wrote
Exactly. This isn't about annoyance, it's about security of the whole operation. Dr. Phil
What pisses me off the most about my Facebook scammer, who may be deleted now, is NOT ONE WORD FROM FACEBOOK.

Facebook Fail. Big time.

Be careful of friend requests from friends...

Dr. Phil

PS -- On a completely different note, just had Mrs. Dr. Phil get me a new stylus from a 3-pack we'd gotten. The tip on the old one was just starting to wear through. But the new one feels SO much better. (grin)

  • Post a new comment


    default userpic

    Your reply will be screened

    Your IP address will be recorded 

    When you submit the form an invisible reCAPTCHA check will be performed.
    You must follow the Privacy Policy and Google Terms of use.