Facebook Messenger Spoofed

[easysurfer]

I got a FB messenger message yesterday from a friend how definitely got her messenger spoofed. The messages are pretty obvious that it wasn't the actual friend but some imposter pretending to be the friend. One of those, "click here, see attachment" type of deals.

A couple of questions:

1) How does a FB messenger user get spoofed in the first place? I'm familiar with knowing how a phone number gets spoofed, but not so much FB messenger.

2) If a person replies to the spoofed message, then does the spoofer get the message or the real person?

I had a different occasion where a "friend" (account spoofed) wished me a Happy Halloween so I replied saying "Happy Halloween", then the real replied and said "That's not me, I got hacked".

 

[COcheesehead]

The entire entire account probably got hacked.
I’ve gotten those as well and they came from someone who got their FB account hacked.

 

[easysurfer]

I was going to reply and say "Hey, I think your account got hacked." But then, if the hacker get's the message instead of the account owner, the reply is sort of self-defeating. Which is why I asked, who sees a reply? The spoofer or legit account holder?

 

[njhowie]

Obviously if the account is hacked, then the spoofer is logged in as your friend and you are chatting directly with the spoofer.

Pick up the phone and call your friend, or send an email to them at their primary email address not on Facebook.

 

[mountainsoft]

I was going to reply and say "Hey, I think your account got hacked." But then, if the hacker get's the message instead of the account owner, the reply is sort of self-defeating. Which is why I asked, who sees a reply? The spoofer or legit account holder?

Generally when an account gets "hacked" it just means a third party has acquired your login name and password. This allows the hacker to login and do anything the original account owner would do.

The original owner would still have access to the account "unless" the hacker changes the password (easy since the hacker is logged in as the user). In that case the hacker can do whatever they want and the original owner would no longer have access. The original owner can usually contact the organization running the site and solve the problem as long as you have documentation to verify you are the actual owner. Of course, by then it may be too late, especially if the account is a financial one (banking, credit cards, etc.). The hacker may have already transferred money out of the account.

I had someone hack into my Netflix account a couple years ago. Since Netflix always sends me an email when I log in, I caught it quickly as I knew I hadn't logged in. No real damage done, other than the hacker added a few stupid shows to My List.

I took that opportunity to go through all of my online accounts and change the passwords to more complex passwords that were unique to each site (so if a hacker acquires your password they can't log in to all of the sites you use it with). Of course, you basically need a password manager to keep track of dozens of long cryptic passwords.

 

[easysurfer]

Obviously if the account is hacked, then the spoofer is logged in as your friend and you are chatting directly with the spoofer.

Pick up the phone and call your friend, or send an email to them at their primary email address not on Facebook.

Yes, that's the common sense thing. Unfortunately, I don't don't have the friends other form of contact. Just FB messenger.

My hunch is I'm not alone in getting a message from the hacker and expect other friends (who are closer) to let her know that she's been hacked.

 

[bobandsherry]

People need to set up two factor authentication and problem is solved. Even if hacker has username and password they can't get access.

https://m.facebook.com/help/148233965247823

 

[Aerides]

I've seen this but the account wasn't hacked. I think it works probably somewhat like where emails get spoofed. The account is fine - not hacked - but the faker somehow copies the real person's identify for the purpose of sending spam via messenger.

I don't know the tech specs on how it's done. And in any case I'd still want to know and change my PW.

 

[Rianne]

This happened to me a few years back on FB Messenger. I canceled FB and never went back. My DH cousin, we used messenger often, chatting on the side. Clicked and her avatar picture with her husband was there. I sent pictures, chatting along. After awhile her responses seemed curt and short with questions that seemed unusual. I text her later about the conversation and she had no memory of it.

I don't trust FB, never will. My niece has pictures in front of her house with her kids, the restaurants used to go to, maps to places. Why not post the history of your life with your birthday, address, work place, party life and all the details everyone wants to know? Then wonder why you didn't get the job you interviewed for, got fired from the job you have and question who broke into your house?


Sorry, not meaning to offend anyone on FB. Just my humble opinion.