In the past few hours, I’ve received two Facebook messages with suspicious links. The first one I checked out the link carefully and it prompted me to download a “Flash update”. That message was quickly trashed and I thought nothing more of it. This appeared to be the same virus that surfaced in early August. Moreover, Facebook put in place a “vaccine” that renders the links presumably harmless and it appears to be working.
But this morning I received another suspicious message and I took a closer look (see the image above). The name of the sender looked familiar so I went to her profile and saw that we have 36 friends in common — including a Facebook VP as well as my husband! Upon messaging her, I realized that we had met several times. And she confirmed that her account had been compromised, but we weren’t able to go into details about how.
(Update: I got permission from my friend, Tami Zhu, to mention her. I’ve also included a screenshot of her profile page to the left. Our hope is that her friends and network will be warned and that this will help reclaim her image and reputation.)
This person Tami is not a naive Facebook newbie, but a smart, sophisticated professional who has worked in the online space for a long time — she’s the VP of business development at AOL Truveo. Obviously, her account had been compromised, and it’s unclear how. She put up warning notices on her Facebook profile and is pretty busy today trying to undo the damage.
She’s reached out to her Facebook VP friend, but I haven’t had a chance to find out Facebook’s response. I also sent a request for more information to Facebook’s PR team and Facebook security chief Max Kelly, and I’ll update when I find out more.
But this raises a question — with the multitude of Facebook apps, messages, and friend requests pouring in, how are we supposed to stay safe? If it can happen to this person — a very smart, tech-savvy person — it can happen to you and me. Facebook has some security suggestions, but I don’t think they go far enough.
I’d like to hear from anyone who’s had their Facebook, MySpace, etc. accounts compromised. How did it happen, what did you do about it, and how did the social networking site help you — if at all? If you’d like to contribute anonymously, email me at charlene (at) charleneli (dot) com.
After all, the more we know, the more we can keep each other safe.