My Facebook account was hacked last week. Not in some high-stakes, sexy cyber-spy way, as seen in the 1992 film Sneakers. My screen didn’t freeze as green text cascaded down in a digital waterfall. My cursor didn’t suddenly move with a mind of its own.
No, everything went on more or less as normal, except “I” sent a message — “Look who died” — with a link to a nonexistent website out to all 1,389 of my contacts.
I was none the wiser until I started getting Facebook messages, texts, and Slack and Twitter DMs to the effect of “Hey, man, I think you’ve been hacked.”
The Commercial Appeal’s Micaela Watts took a screenshot and posted it on my wall with a cheery note: “You done been hacked.” Another friend messaged me to say that getting one’s account hacked is bound to happen these days, “Just like Omicron, I guess.” That’s bleak.
My dear friend Olivia got thrown in Facebook “jail” for a few days because her (perfectly inoffensive) comment didn’t meet with the site’s Community Standards. The people in charge of flagging these things are, I imagine, bored nearly to death, so I’m not sure they make for the most reliable safety net.
I spent the next half hour or so in a flurry of online activity. I posted about the hack, warning my contacts not to click the bogus link. I notified Facebook’s security and privacy team. I haven’t heard back from them yet. I changed my password to something complicated and hard to remember, and I turned on two-factor authentication, so I have to input a code texted to my phone if I log in from an unfamiliar device. I spent the next two days responding to messages about the fishy message “I” had sent out to people. It was embarrassing and time-consuming, and I don’t recommend it as a pastime.
Before long, I noticed that I was logged in on two devices — and that one of them seemed to have an IP address from somewhere in Kentucky. I kicked the device off (you can do that from the Security and Login page, for future reference) before I remembered that Facebook had asked me earlier that day if I had “liked” a photo from Michael Donahue. I don’t remember seeing anything about a Kentucky-based IP address in that message, and since I do “like” many of Donahue’s photos, I didn’t think much of it. Whoever hacked my account must have looked at my recent activity to make sure their first move was one that wouldn’t arouse my suspicions. What a clever cyber criminal!
After the initial alarm, I realized that the fishy message I’d broadcast to everyone I know online was eerily similar to a message I had received a few days ago.
That’s right. I blundered into this cyber scam. Like the best Greek tragedies, it was all down to my hubris. You see, while I prefer email for work communications, I get messages every way you can imagine — snail mail, Twitter, Facebook. So when I received a message from, well, someone rather older than I am, I assumed a local celebrity had died and someone was sending me a tip. Yes, the method of delivery was tactless, and the grammar wasn’t going to make anyone’s high school English teacher proud, but that’s on par with at least half of the messages I’m sent. Besides, I spent six years as a copy editor, which means that I’m primed to expect most people to write poorly. And as a Millennial, I expect anyone older than Gen X to have trouble with PDFs and digital etiquette, just as I expect anyone in Gen Z to be baffled when expected to use a phone to actually call someone.
You see? Hubris.
In all likelihood, the message was garbled because it was written by either a bot or someone in a troll farm in Russia or North Korea. I wonder if some up-and-coming hacker graduated from digital training wheels to more rewarding, high-stakes cyber crime after they successfully duped me.
So yes, this was my fault, but consider how easy it was for me to fall prey to this scam. All it takes is divided attention. We need to treat cyber malfeasance as a threat to national security. Yes, even on social media. Because, while the democratic premise that everyone is entitled to an opinion is a beautiful thing, it also presents an easy-to-hit target. Our ability to reach a consensus is our most fragile point, and I can’t help but feel that everything from vaccination efforts to political discourse would have been less fraught without the influence of social media. It’s here to stay, though, so we’d best get better about navigating it safely.
In the meantime, though, take it from me and don’t be too proud to ask, “Did someone actually die or is this a spam link?”