I'll bet you're all wondering what I've been doing for the last several days. Well, let me tell you.
I finished up my Christmas shopping on Sunday, which is the most important thing, but not really what I'm here to talk about. I'm just really, really happy to be done with that.
Last Thursday night I happened to be on Facebook late when I noticed in that little ticker on the right side of the screen that one of my clients was posting comments on his friends' walls. At first I was really happy to see this, because this particular client is a bit shy when it comes to using Facebook, but then my excitement quickly turned to panic when I saw what kind of comments these were. They were poorly spelled (my client is a very good writer and typist), repetitive (this client was supposedly posting the exact same comment on everyone's wall), and they included a rather dubious-looking link.
Uh, oh. This client had been hacked. What should I do?
I had to act quickly to minimize the damage (i.e. - this client's friends clicking on the link and spreading the virus that way), and embarrassment to my client. Fortunately, I sometimes help this person with Facebook, so I had access to the profile account. I signed in and immediately checked to see if there were any suspicious apps that had recently been added or used. There weren't.
The other common way this virus gains access to a person's profile is if that person sees such a link somewhere on Facebook (or perhaps in the e-mail notifications) and clicks on the link while signed in to Facebook. I later spoke to my client, who informed me that had not happened, either, so we still don't know how the virus attacked this profile.
I immediately changed the password, and requested my client to log out of Facebook everywhere - home, work, mobile, etc., then sign back in as needed using the new password. We then started the damage control, by deleting every post we could find with that link. That is time-consuming, but not nearly as much so as answering a bunch of e-mails and explaining repeatedly to numerous clients and friends would have been. Fortunately, within a couple of hours, Facebook had blocked that particular virus, and the last posting we saw of it on anyone's account was about midnight Central Standard Time on Thursday night / Friday morning. We think we have all of the offending posts deleted. Fortunately, these types of viruses usually infect only the Facebook profile, and not the computers used to access the profile.
The moral of the story? I think we all know this, but considering these nasty viruses are still going around, a reminder might be in order:
1) Don't click on any "weird" links, that go to a domain name you don't recognize, or that look out of character for the friend who sent you the link or supposedly posted it.
2) If you do manage to get a spam virus, immediately change your password, and log out of Facebook on all of your computers and mobile devices. You can log back in when you need to with the new password.
3) As much as possible, delete the offending posts, so your friends and their friends and their friends don't click on them and spread the virus far and wide. If it is not possible (i.e., you have 5,000 friends on Facebook), then do what you can to alert everyone and apologize. For example, you might send a message to your friends, and/or post a note to your profile warning everyone about the link.
Above all, don't act as if it's the end of the world. It's not. It happens to most of us at least once, and more than that if we spend a lot of time online. Just do what you can to minimize the damage, and get back on that proverbial virtual horse. Happy (safe) Facebooking!