Hacker News new | past | comments | ask | show | jobs | submit login
Ask HN: My mother and her friends keep getting hacked on Facebook
11 points by throwawayfbsec 3 months ago | hide | past | web | favorite | 10 comments
Hello, I keep facing this situation in which my mother (60s) and her friends (aprox. same age) keep getting hacked on facebook.

The attacker somehow enter their account and send message to random people telling a long story about being in debt and asks for money (not a large sum, something like 500 US dollars (I am from Brazil)). My mother and her friends do not transfer the money of course because they know each other, but somewhat distant friends do. In fact I am quite happy/surprised about how people can be this helpful/naive.

They are quite oblivious about technology as a whole and use facebook/instagram etc just like whatsapp, for messaging. I've ran the obvious measures (changing passwords, locking content etc) and taught them the basics about how the www works and security etc. But not only the hacking continues (even with new passwords and 2FA) but now it is appearing in a new form: they simply clone the profile with public photo and name and starts a new conversation. It is even worse in Instagram since: 1 - they don't usually message there so there is no older conversation not appearing 2 - there is not the concept of friends, just followers.

I've gone to the police multiple times by now, since they cannot explain to the officers what is happening. Using the bank account provided by the hacker they found some guys, but apparently these guys were hacked too and the hacker(s) is(are) using their account as a proxy.

I don't know what to do, really. I am a techie (CS MS, 10+ years of experience, worked in several areas, including networks) but I am feeling powerless. Every 2 weeks something happens over the realm of Facebook/Instagram.

What can I do?

Sounds like their computers are compromised.... key loggers, malware maybe??

How are the bad actors getting the 2FA code? Are the phones hacked too? Are the phones on a rogue tower? Why is someone spending time messing with old ladies? There has to be a reason why they are a target for someone to spend this much energy.. Good luck!

>Are the phones hacked too? Possibly! my mother uses Iphone (5 I think) the others I don't really remember >Are the phones on a rogue tower? Never thought about it! How can I check? wireshark?

>Why is someone spending time messing with old ladies? Can't tell, they are by no means rich

From the information given the reason why is likely money laundering.

For the second scenario, I always recommend to the people around me, if someone messages you and doesn't have a lot of the friends you know, then don't respond. That becomes challenging when the person being asked for help doesn't know your friends circle. Also, try to call them anyways before you do something. I.e. message them on WhatsApp or another chat application. It's similar to the old email scam that used to run asking for help with an email address which was changed by one word. It was not that prevalent though.

This is really a crazy thing, would love to see what others can come up with.

if someone messages you and doesn't have a lot of the friends you know, then don't respond. then don't respond, agree. because it's one way

Are they sharing a computer somewhere?

they were using the work computer to use facebook, but said that stopped doing that once the attacks started. They do not work at the same place but all are school teachers.

They are getting past 2fa though? That complicates things.

It didn't sound to me like the attackers were getting past 2FA, but rather that they were setting up new accounts with the same profile picture. That wouldn't require an attack or compromise at all.

Maybe I'm reading it wrong though.

Facebook has a trusted devices feature where logins from that device will not require 2FA login. Maybe the hacker is using such a device. Could be an sold smartphone/laptop or maybe a public computer.

You can remove these in your Facebook settings

Applications are open for YC Summer 2019

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact