One of the best things about getting people together for the holidays is the chance to take some great pictures, whether they’re carefully staged for posterity or just candid snapshots of happy times. This opportunity can lead to identity theft, though, if internet users aren’t careful.

The scam works like this: first, hackers access an individual’s social media or email accounts. This is all too easy if the person isn’t using strong, unique passwords, but there are ways in even if the user does everything to protect herself. From there, the hacker accesses her friends’ or followers’ accounts by sending out mass messages to her contacts. The content of the message is simple, and states that there’s a really horrible picture of YOU making its way around the internet.

“Wait, I remember now…I just saw so-and-so at the office Christmas party! She was taking pictures that day!” you think to yourself. The panic starts to rise as you click the link that your friend allegedly shared with you. Of course the photo is on Facebook (more panic, as you realize the entire internet could have seen this photo by now), so when the link tells you to log into your Facebook account to view it, you immediately comply.

STOP! Do not log in!

This is not a new scam, but it still works because of the feelings that users get while trying to see the extent of the damage. The Facebook log in screen that appears when you click the link isn’t real…it only looks like a log in screen. Instead, you just gave scammers your Facebook user name and password. There’s no picture of you (well, probably not, unless your co-workers really can’t be trusted with a camera and you make a habit of embarrassing yourself at office parties), but you were reeled in just the same.

Remember, any time you need to log into your social media accounts, you need to initiate the login through your own browser by accessing the website yourself. Do not follow unknown links to any destination that requires you to log in.

Just in case this photo scenario had been legitimate, here’s how to go about signing in to see it without giving up your information. Close the browser tab where the link and the message appeared—or the entire browser, if you want to be extra cautious—then open a new one and go log in to the required social media site. If you then go back to the original link from your friend and click it after, you should no longer be directed to log in since you’ve already done that step. If you’re still required to log in to see the picture, it’s a fake web portal. Close out of your browser immediately.

It’s also a good idea to warn your friend about the incident. Drop her a line that lets her know her social media account was hacked, and that she needs to change her password immediately. Hopefully she also uses strong, unique passwords, and therefore didn’t give hackers access to all of her accounts!


ITRC Sponsors and Supporters 





Go to top


The TMI Weekly

Breaches here, identity theft there and invasions of privacy everywhere... Should you be worried and, if so, how can you protect yourself? Sign up now to receive The TMI Weekly and get the latest hot topics in identity theft, data breaches and privacy and helpful information on how to protect your information.