Those of us who live in the world of Facebook often see posts from our friends that say, “I’ve been hacked! Don’t accept any new friend requests from me!”
Well, Tuesday night, I found myself on the other end of that phenomenon as several of my Facebook friends sent me messages saying they thought I’d been hacked because they were getting new friend requests from me. Once I realized what was happening, I posted a message on Facebook asking people not to accept friend requests from me, as I had been hacked. I also changed my Facebook password.
I began to wonder what it means to be hacked and what information a hacker could glean from creating a fake Facebook page and attaching my photo, which was the case here.
Who would do that and why? What could he or she do with that page?
The next day, Wednesday, I called Waterville’s deputy police chief, Bill Bonney, who referred me to Sgt. Chris Tupper of the Maine State Police Computer Crimes Unit.
Tupper was a treasure trove of information, answered many of my questions and offered tips on how people can protect themselves online.
I asked Tupper why someone would create a page in another person’s likeness. I told him it looked as if, by Wednesday, the fake page for me had been taken down, either by Facebook, which was notified of the issue, or the perpetrator.
Tupper said such a page could be used to solicit images in a criminal way, harass or stalk someone or possibly use a person’s name to get money for a fake benefit, for example.
“They could use your good name to ask people to contribute to a cause and it could be totally bogus,” he said.
There is a difference between someone’s creating a fake Facebook page and hacking someone’s page. Though people commonly used the word “hacking” to refer to someone’s having created a false page in another’s image, hacking really refers to someone infiltrating another’s computer or actual Facebook page to try to take over administrative rights of that page, according to Tupper.
“To hack into a computer means I’d have access to what you see on your screen,” he said.
If a fake page is created for someone, he or she should keep an eye on other things that may occur in tandem with that, such as receiving threatening or harassing emails or suspicious junk mail, which could mean a person is being stalked, according to Tupper. If that happens, it is wise to call police.
“The totality may change the scenario,” he said.
Tupper says it is important people realize that whatever they put out on the internet can be taken by others, including photos and the physical location of where a person is. They should be aware of their security settings and consider whether they want their Facebook page to be public or available only to “friends” they know, he said.
“Once you accept them, they can see everything that you’re putting on that page. Are you exposing anything in your life that could come back and bite you? If I can see your friends and I’ve got a beef with you, how hard is it going to be to find you? Be aware that information you’re putting out there can be used against you, and do you want the whole world to see it or just people you care about?”
Since we were talking about Facebook, I thought I’d ask Tupper about the dangers associated with using email as well.
“You have to be very careful with emails you open,” he said. “If you get a lot of spam, are you opening a virus that opens up everything on your computer to the bad guy? I only open emails I recognize the address for. If I don’t recognize the address, I delete it.”
Emails to watch for include those that say something like, “Your order is ready; please verify your address,” according to Tupper. He likened the situation to one in which a telephone caller who claims to be from Microsoft says he has detected a virus in the person’s computer and it can be cleared up if the person pays a fee or allows him to get into the computer. The caller says he will send the person a link to click on and then the caller gets access to the computer, according to Tupper. He also advised people to keep anti-virus software updated.
“Before opening email or letting somebody into their computer, they should really be sure they’re dealing with who they think they are, is my best advice,” Tupper said, “and don’t be afraid to call your local police.”
I thanked Tupper for sharing his knowledge and tips. He acknowledged there’s a fine line between educating the bad guys and protecting the innocent when he dispenses such information.
Tupper’s computer crimes unit is a small one that comprises four detectives whose primary mission is to investigate internet crimes against children or child exploitation. The detectives help teach law enforcement agencies all over the state how to navigate such cases, as the crime unit is too small to handle the large volume.
We talked about skimming cases, where people put a reader on or inside a gasoline pump so when a person pumps gas and slides a debit card through and enters a pin number, the perpetrator comes back later, removes the reader and gets the information. Tupper said people pumping gas should watch for signs of readers on pumps.
“If it’s poorly done, you will say, ‘What is that thing hanging off the gas pump?’ and if it’s internal, you never know.”
Consumers really must be diligent with credit cards and especially debit cards attached to checking or savings accounts, he said. One should always check bank statements to make sure the purchases listed are the ones made, he said.
Tupper’s final advice was for parents to monitor what their children do online.
We both acknowledged there are a lot of devious people out there capable of using technology to commit all sorts of crimes and we need to be vigilant. He added a chilling note:
“It’s going to get more complex, and it’s going to get more challenging for us to investigate.”