You’re scrolling through your Facebook newsfeed when you notice a post that doesn’t seem right. Why would your grandmother be posting a link to a video of someone doing something offensive? Or maybe a friend has tagged you in a post claiming to have great deals on designer sunglasses.
Most of us are Facebook savvy enough by now to recognize these posts as viruses. And usually, someone will notify the poster that their account has been compromised, followed by the victim posting an apology or explanation for the inappropriate posting. Usually, the situation’s resolved in a matter of minutes and everyone goes about their day.
Yet situations like this usually beg the question “How did this happen? How is it possible for posts to appear as if they come from me when I had nothing to do with them?”
The answer is tag-jacking, and it’s a common — and dangerous — form of cybercrime.
Tag-jacking spreads in the same way that most viruses do: First, one of your Facebook friends downloads a rogue app, usually from a link on someone else’s page. Usually rogue apps promise to do something not currently available on Facebook, such as see who has viewed your profile or unfriended you, claim to be an entry for a prize drawing or simply purport to be something shocking or controversial, thereby relying on social engineering and natural human curiosity to get people to click the link.
Clicking the link and downloading the app doesn’t tell you who was no longer interested in seeing pictures of your cat, though — it installs malware designed to steal your information and your friends’ information. Once the app installs, it posts links on your wall, and then tags everyone on your friends list in the photo to entice them to look. As soon as someone does click on the link and install the app, the cycle continues, as the app now posts to their wall and tags their friends — and the virus spreads.
Protecting your Facebook profile from tag-jacking is actually simple to do.
The first step is to install robust antivirus protection. While it may not be able to keep a rogue app from posting to your social media accounts, it will block the malware from installing on your machine. It will also inform you if a download, such as those you get when you click on links in tag-jacking bait, is harmful so you can block it and let others know.
Second, you can prevent your profile from being tag-jacked by customizing your privacy settings under the “Timeline and Tagging” tab. If you don’t want anyone to see any photos or posts you’re tagged in, change the setting for “Who can see posts you’ve been tagged in on your timeline?” to “Only Me.” This way, you can see (and remove) everything that you’ve been tagged in.
You can also control what posts to your timeline by enabling the option to approve posts in which you are tagged before they appear on your timeline. The drawback to this approach is that you can only approve or block posts from appearing on your timeline, and not from newsfeeds or search. That means that if you have mutual friends with the person who tagged you, they will still see the offending post.
Finally, your best bet is to click carefully. If something looks odd, or too good to be true, don’t click it, and let the poster know that it appeared on your feed and that you have reported it to Facebook. Another trick is to do your own research: If the post is a video, try searching YouTube for it by title. If it’s a scam, it won’t be there.
Help! I Have Been Tag-Jacked!
So you made a mistake and couldn’t resist clicking on a tempting link — and now you’re tag-jacking all of your friends.
The first step is to remove the offending post from your timeline, and notify your friends that it was malware. Then, go into your Facebook app settings and remove the offending app (it should be easy to find). That should take care of the tag-jacking. Don’t forget to report the original post to Facebook! Finally, run a virus scan on your machine to ensure that nothing sneaked in under the radar. In most cases, your antivirus will have blocked the malware and you have nothing more to worry about.
With millions of people using Facebook every day — and the reams of personal information shared on the site — it’s no wonder that scammers and hackers are trying to figure out ways to use if for nefarious purposes. Protect yourself by knowing how they work, and how to block them.