Recently there has been a large outbreak of spam & scams. There have even been hackers posing as support agents on the Zynga support site, asking people to “confirm their accounts” when in reality the links lead to a phishing scam. Confused about how to protect yourself & tell what is & isn’t real? Well we have some tips for you to avoid falling for scams & recover accounts if you already have. Check out the details below and please do share with friends if you find the post helpful.
First an instructional video by our founder Locke Michaels on how to spot, report and avoid the Zynga support security scam.
First of all an explanation of what a scam is. They are posts on well known websites such as Facebook or Zynga Support that mimic well known companies in an effort to con you into clicking them. They can do this by claiming to offer something for free which you will never get (like the recent Samsung Galaxy S4 & Wal-Mart Gift Card scams) or with threats & coercion (like the hackers on the Zynga support site telling you you need to confirm your account. ) Scams like these can harm your computer or lock you out of your accounts. Worst case scenario they can be very costly if the hackers access your banking or credit card information.
A Phishing Scam is a scam that redirects you to a false website that looks like one you have an account with (Like Facebook or Gmail) & tries to get you to enter your login credentials for the real site so the hackers can take over your account. The current scam that is prevalent on the Zynga support site is a phishing scam.
There are some things you can look for to identify a phishing scam. First of all, anything that seems too good to be true (Like the free state of the art smart phones & $1,000 gift cards) generally is. Clicking on them will only bring you trouble, not goodies. Secondly, reputable companies like Zynga, Facebook or Google will never ask you to enter your password anywhere but their main site. You can visit the Dirt Farmer Facebook Fan Page Here to view a statement from Zynga, regarding what their employees will and will not ask for.
Below are some examples of how hackers & scammers trick you into giving them your information. All of the below examples are from following links posted by the hackers on the Zynga Player Support Site.
In this example we see the hackers have faked the logos of well known antivirus & security companies as well as Zynga’s support page to lull you into a false sense of security. Always pay close attention to the URL in your address bar. If you follow the arrow here and read the url, you will see that this is not a Zynga site, as it is not a Zynga url.
In this example the hackers have resorted to using threats to try to intimidate you into giving up your personal information by claiming that there is suspicious activity on your account. Again if you follow the arrow, the url points to an app. Never enter your Facebook password if the url says ANYTHING BUT www.facebook.com. While this url is well faked & appears authentic, anyone with a Facebook account can create their own app. The apps at the beginning of the url gives away that this is not real. This one is particularly sinister. It asks you to log in with your email or phone, which is information the hackers can use to gain control of other accounts that you have. It also has multiple steps asking you to confirm your account & webmail so they can gain control of BOTH accounts.
In this example the Facebook Security scam comes into play, this too is to try to hack your Facebook & email accounts. Again if you follow the arrows, you will notice this is just an app, not Facebook itself and as such has no right to your password. It is a hacking site. Also note that the word “support” has been misspelled – a common tactic that hackers use to mimic legitimate sites.
Securing a Compromised Facebook Account
It is very important to be careful not to click on or give information to scam sites to avoid losing control of your accounts. Email addresses, mobile phone numbers & passwords can also give hackers access to stored credit card information on various sites and even to your bank accounts if you bank online. If you have fallen victim to a scam here are some tips to get your Facebook & email accounts back under your control.
If you can access your compromised Facebook Account
First go into Account Settings
Then change your password by clicking edit beside password
Then click on security and active sessions. End any active sessions that you do not recognize
Then click on apps and remove any that you have not intentionally installed/ appear spammy/suspicious by clicking the x next to edit and following the prompts in the confirmation screen.
If you find anything suspicious in active sessions or apps, you will need to change your password again once they have been removed. Never use the same password for different accounts on the web.
Also go to your timeline & make sure that the EMAIL ADDRESSES & MOBILE PHONE NUMBER if any associated with your account have not been altered & if they have change them back.
It is also a good idea to run an antivirus and anti spyware scan. If you do not have anti virus or anti spyware, there are some very good programs available free like AVG Free for viruses and Super Anti Spyware for spyware.
If you CANNOT access your compromised Facebook account
You will need to click here to contact Facebook & wait for their reply/ follow their instructions to prove the account is yours. Unfortunately, this is generally not a fast process.
Securing a Compromised Email Account
Recovery of email accounts varies by the account provider. There are some general steps to follow for all though.
If you can access your compromised email account
- Change your PASSWORD.
- If you have a MOBILE PHONE NUMBER associated with your account, make sure that it has not been changed. If you do not have one associated with your account make sure none has been added.
- Make sure that your SECURITY QUESTIONS have not been altered. Change all of them to new ones.
- Check for changes to AUTO RESPONSE or AWAY MESSAGES that could send spam links to your friends & remove any that you find.
- Make sure any ALTERNATE EMAIL ADDRESSES that you use for password resets have not been changed. If you do not use any, make sure none have been added.
- Make sure your SIGNATURE has not been altered to include spam links
- Check any OTHER ACCOUNTS that you log into with that email address, change the passwords & make certain that they have not been compromised.
If you CANNOT access your compromised email account
You will need to contact the provider of that account and follow their directions to prove that the account is yours. You can contact Google here for Gmail or Yahoo here.