Scammers, unfortunately, are perennial weeds – they always seem to pop up, no matter what you do to try to get rid of them. One of the newer approaches is to “prove” that they have hacked your accounts by including a snippet of real information – your phone number, or maybe an old password. They then try to blackmail you. They claim they have more information, something damaging, and will reveal it if you don’t pay up.
Don’t fall for it.
First off, you have almost certainly NOT been “hacked” – at least not in a technical sense. There is a lot more “personal” data that is actually public than most people realize.
Remember phone books? (Maybe not). Phone books printed your name, address, and phone number. Their PURPOSE was to make that data publicly available. Today’s easily-accessed online equivalents generally add your age and names of others at, or previously at, that address; this enables legitimate users to tell the hundreds of “John Smith”s apart.
Voter rolls are also public information. You may have to physically go to the town hall to get them, so the data is not quite so easily accessible — but when I worked on a campaign, I was appalled that my name, address, phone, party membership, and voting record (not for whom, just that I did vote) was openly listed. Similarly, property tax data — including a map and description of the property — is a matter of public record, and is often available online.
So don’t be freaked out when a scammer knows information that anyone can get with a simple, legal search.
Sometimes we help the scammers. You know the security questions your bank asks? Be very cautious when using things like mother’s maiden name to verify your identify. Genealogy sites have gotten so popular, that sort of information should almost be considered public. Facebook quizzes should also be considered a voluntary data breech – it’s not hard to figure out the name of your first pet when you’ve announced it on your Facebook page. And games of the “what is your elvish name?” variety simply verify your birthdate, or whatever other information the algorithm uses. Let’s not even get into the “20 things most people don’t know about me” types of quiz games.
“But only ‘friends’ can see my Facebook page” you say. Really? Maybe. But are your ‘friends’ actually your friends? Some might be data-mining bots. Some might be imposters. I periodically get a message from a friend saying “Help! My account has been hacked! Should I change my password”. Chances are, no one has actually broken into their account. Changing their password won’t help. They haven’t been hacked, they’ve been spoofed.
“Spoofing” is simply pretending to be who you aren’t. An email “from” address can be spoofed, so that it seems to be coming from someone else. A phone number can be spoofed; have you ever gotten a call from yourself (according to caller ID), or have called back a number and had it answered by a puzzled person saying they didn’t call you? Their number was spoofed.
On Facebook, scammers can copy your public profile; they “spoof” your account. They may then pretend to be you, and send a friend request to your friends. If YOUR friends accept the request, the scammer now has access to THEIR “friends” list (so they can daisy-chain the scam). The scammers also have access to their pages, which allows them to data-mine.
What can you do to prevent this? Unfortunately, there’s no way to prevent someone from impersonating you. The best you can do is report it and get the account removed.
But you can keep from falling for it. If you get a friend request from someone – anyone – check them out. Go to their page. If you have friends in common, and the page looks legit, fine. Approve the request. But if it is from someone you are already friends with, chances are the new request is from a spoofed account. Report it to Facebook, and tell your real friend there is someone spoofing them. They should also report it to Facebook; their complaint is more likely to be acted on than yours.
If it is someone you don’t know (usually someone of the opposite sex who says they ran across your profile and want to get to know you better), be suspicious. Chances are, their page is a confusing mishmash of contradictory images. Report them, block them, or at least delete the request.
Facebook Messenger requests may also present a danger. When you answer a message, the correspondent is temporarily granted friend status (or at least, this was how it worked a few years ago; it may have changed). The best thing to do (on a computer – I’m not sure you can do this on a phone) is to use the option to “view” but not “open” a message. Go to that person’s FB page. Only if everything seems aboveboard should you actually open and reply to the message.
All this caution is simply to limit what we voluntarily share with scammers. They already know – or can find out – a lot more about us than most people think. Don’t be rattled by disclosure of easily-available public information – and try to keep information that is NOT easily available under wraps.