Posts Tagged ‘this sucks’

I’ve been Facejacked!!!

November 24, 2009

It started innocently enough last Saturday.  I’m running out the door to my son’s soccer game, and I notice that there is a message on my home phone.  It’s from my buddy Evan S., who leaves a message to the effect that, “Hey Jabin, this is going to sound weird, but I just chatted on Facebook with someone who claimed to be you and said they were held up at gunpoint in London and needed me to wire money.”  I immediately called him back and got details, although they were sketchy since he, too, was on his way to his son’s soccer game (there is something funny and sad about that, but not the point right now), and he was driving while talking on a cell phone in New Jersey, which is a legal no-no.  Suffice it to say that he tricked the person pretending to be me by asking if my kids were involved, and then he said “Josephine and Stevie must have been freaked out.” When the other person bit (those are most certainly NOT my kids’ names), he knew it wasn’t me.  Pretty quick thinking on Evan’s part.  He also said the language didn’t sound like me.

I went to my computer and tried to log into my Facebook account to see what was up, and lo and behold, it wouldn’t take my password. I had indeed been the victim of a Facebook hijacking, or Facejacking (I have no idea if that’s a real term or not, but it sounded good). The person had changed my password and Email address associated with the account, so not only was he/she claiming to be me, he/she had locked me out of the account to prevent me from stopping this.

Pretty easily I found a listing on the Facebook help page for an FAQ about this happening, and I filled out a form telling them what happened.  But time being what it was, I had to go to my son’s soccer game.

I had my cell phone with me, but was involved during the game coaching and couldn’t answer any calls.  When the game was over, I had 6-7 messages from people who had a similar experience to Evan’s.  This scumbag was basically chatting with any of my friends who were online and giving the same story, that I had been robbed at gunpoint in London, and could they please wire me money (seems like he varied between $600 and $900), and most people were just calling to see if I was ok/let me know what was going on.  I don’t know anyone who was actually taken in by this ruse, hopefully because the language the guy (or gal?) used was, at best, broken English.  He claimed my wife was “hurt on the head pretty good” and that he would “definitely ref the money most quickly.”  That seemed to be enough of a red flag for most people.  One quick-thinking friend, like Evan, asked the fake “me” to provide my home phone number.  When they couldn’t, he immediately ended the chat.

The good news — by the time I got back from the soccer game, Facebook had suspended my account, so no more “chat” damage could be done and my Facebook friends would be spared this annoyance or worse. But for roughly 5-6 hours (that’s a guess, as I’m not sure when this started Saturday morning) there was someone claiming to be me hitting up my Facebook friends for money. Not the best feeling in the world — I feel like I owe all my Facebook friends a HUGE apology.

The bad news — this whole situation has left me feeling pretty violated, and in need of a shower. The feelings are a mixture of guilt, insecurity, embarrassment, and rage that some scumbag out there could do this. Now I’m not naive, I know computer hacking is about as rare as the common cold, but to see it so up close and personal like this is a bit unsettling.  I’m no luddite — my Facebook password was alpha-numeric, and different from any other password that I use, and they still got me.  But as I write this on Tuesday, I still can’t log into my Facebook page (this is probably a good thing, as Facebook is taking all the necessary steps to ensure that it is me).

But I am thinking when I do have access again, I’m going to post a message saying that I’m back, I’m fine, I was not robbed at gunpoint, and thanks for all the concern. Then I’m going to cancel my Facebook account.  It’s just not worth it.  I know this might seem extreme, but balancing the advantages of having an online profile vs. the exposure to something like this is pretty easy math.  I’ve got my own home page (shameless plug – www.jabin.com), so the necessity of a Facebook page for an online identity is lessened.

Could I have taken any steps to prevent this? Sure. I could have had a more secure password — you are supposed to use special characters in your passwords, and I didn’t do that, so I deserve a share of the blame. But I am putting some of this on Facebook as well (clearly most of it goes to the scumbag perpetrator), because this just seemed too easy to me. I know it’s difficult to fend off all attacks like this, and expecting Facebook to be 100% secure is ridiculous. So absent that expectation, I think the best course of action is to close the account.

Now, if you need me, I’ll be curled up in the fetal position in my basement bunker.  Send food and water.

Advertisements