Don't get hacked
David's View from Cape Town : Newsletter 147, by David Lipschitz BSc (Honours) MBA, Database Engineer (organiser of information)
Dear Colleague
I saw this yesterday for the first time, and today the same Whatsapp arrived in my inbox. The person I helped had been hacked. Luckily she had set up her cell number and email address and (even more luckily she spoke to me, when we met for the first time at a presentation) we were able to restore her access even though the hacker had already changed her password.
Here is the Whatsapp that is doing the rounds.
“Attention!
Your Facebook account has been restricted due to recent unusual activity.
We need to verify that you are the account owner.
The verification period is 24 hours. If you do not verify that you are the account owner, we will permanently disable the account.
Verify account ownership: https : // facebook-meta-business-ubpages-com . pages . net . br / vn-com
Remove restrictions from your business profile the safest way!”
David here, again:
The URL is very cleverly constructed. Note that I've added the spaces so that people can't click on the Link. Facebook removed the post, even though it's a warning message. Maybe people are only half reading the post and clicking the link!!
https : // facebook-meta-business-ubpages-com . pages . net . br / vn-com
If you only look at the first part, it looks legitimate: https://facebook-meta-business
should be .com but a quick look and people might miss -com.
But it is after the .com that is most relevant to the sensitive and sensible recipient:
This is a Brazilian domain.
It is also .pages.net.br, and so it is just designed to mystify people.
And the message tries to panic you ("The verification period is 24 hours").
The main point is:
Never, and I mean never, click on a link in an email to go and change a password, or to log into your banking system. Always type the URL from scratch in your browser, or launch the app directly.
Never, and I really mean never, click on a QRCode, from someone you meet in the street, for example I once met a “photographer” with an expensive camera whilst Whale Watching in Hermanus in South Africa, and he showed me a QRCode, which I scanned, and it asked me to log into something. I immediately voided the entry and cleared that day’s history.
Everyone, please be careful.
Someone could hack your Facebook page, and then send your friends “I’ve got a serious illness; I can’t work; I urgently need R5,000” (or even US$5,000)! If someone asks for money, block them immediately or at least phone them and ask if they are really asking for money.
If you get a message from your domestic worker saying that they urgently need money for their mother’s funeral, phone your domestic worker and ask if their mother has died.
If you get a friend request from someone you are already friendly with, copy the URL and send it to your friend and block the new friend, or at the least check with your (first) real friend if they have a second (Facebook, LinkedIn, Twitter, etc) account.
Be careful out there.
Pretend you are on a yacht at sea. Treacherous waters are around the corner. Be prepared.
Regards,
David