Posted on 30 April, 2009 By 53 Comments

Phishing Scams: My Facebook Experience and Reactions


Big Fish (by tarotastic)

Oh boy was yesterday afternoon fun. I made a pretty big and stupid mistake because I was distracted and paid for it for a couple of hours.

Yesterday, I fell for a Facebook phishing scam. And I thought I knew better. But, as usually happens with excessive pride, it got smashed into the dust. Obviously, I don’t know better and even those of us who are more tech savvy can get taken.

What was most intriguing/annoying was the display of reactions that I got from this … interesting study in psychology actually. But, first, I should step back and explain what happened.

What Happened

Yesterday a Facebook phishing scam occurred where an email was sent from a facebook friend with a link in it. The link took you to a site that looked just like facebook and asked for you to login.

I received one of these emails and clicked the link. I was at work (2 more days to go) and right after I clicked the link my employer asked me to come into his office and help him with Windows Media Player or something. I was in his office for awhile and then went back to my desk.

I then stupidly thought I had been logged out of facebook and logged in. But this wasn’t facebook, it was the phishing site. Once I did that almost all of my facebook friends received the same email with the phishing link which appeared to be from me.

I didn’t immediately realize what had happened but all of a sudden I started getting a flurry of emails from facebook (my facebook messages are sent to me in emails). As soon as I opened the first email, I realized what had happened and quickly changed my password and security question.

But the phishing emails had already gone out, people were sending me messages, writing on my wall, and things got a little out of control.

And since this is my last week at work and I have a ton of work to do I really didn’t have time to deal with it. One could argue then I don’t have time to be using facebook at work in the first place. That’s a valid point but I consider it to be a quick diversionary break.


One person wrote on my wall saying – “you’re spamming my facebook page – been hacked” – that is not exact quote because the wall post was later deleted but is close enough. I found that accusatory and probably should have been sent privately. I stated that publicly ;-) Others were more helpful – “it looks like your account has been hacked, change your password”.

About 20% of my friends sent me a facebook message asking what the link was about. While the number of them was annoying to deal with I felt like they trusted me and even though it looked like spam were giving me the benefit of the doubt and that is why there were asking me about it.

3 or 4 people responded with a “hi, how’s it going message”. Those were very strange – I send a bizarro link and you start talking about brewing blueberry ale. Huh?

And then there were the majority who knew it was a phishing scam and knew I never would have sent something like that. They quietly and politely deleted the message and went on with their day. Thanks to those of you by the way.

I though that I should warn my facebook friend what had happened but didn’t want to send the message through facebook – “oh great. another bogus link from Kim” ;-) So, I emailed people from my email account. I had about 40% of the email addresses and decided to leave it at that. I got more messages back but they were all friendly. “Thanks for the warning.” “Oh shit, how did that happen?” “I knew that couldn’t have been from you”.

Almost Finished

As I mentioned I was intrigued by the variety of reactions and how they were related to personality or at least online scam experience. My reaction was panicky too – probably mostly because I didn’t want to look like a dumbass ;-) But people reacted with hostility, (or at least that was my interpretation) confusion, disinterest, and as a chance to reconnect. And most of all curiosity – isn’t that what got me to click on the link in the first place?

So, my extreme distraction and lack of multi-tasking skills are the primary cause of this. As well as just plain stupidity. But be cautious online, watch what your doing and change your password frequently.

photo credit: tarotastic


Keep Reading:
Posted In : Non WordPress Tips | Social Media

Did you enjoy this article? I can assist you with your WordPress or Facebook project. Contact me and I will provide you with an estimate. You can also connect with me on Facebook or follow me on Twitter. If you are looking for Hosting, WordPress Theme, Newsletter or other recommendations, please view my detailed list.

53 Responses to “Phishing Scams: My Facebook Experience and Reactions”

  • See how much we trust you ;-)

    I have to admit that I hardly give Facebook any notice at all. I login every once in a while and click on stuff. If it’s interesting, great. If not, I move on.

    Because you’re sending me your nice blog readers I’ll forgive you. Have a great second last day (I think?)

    Dave´s last blog post – Thesis revisited

    • Hi Dave,

      Well, I am trustworthy ;-) I like Facebook more than I used to – it’s a really good way to stay in touch with some people. But I rarely send a message through it and when I do it’s usually to one of my relatives.

      Most of the readers here are awesome – just don’t steal them permanently.

  • Well i was among the silent ones. I got the email about your message so i tried to visit the link. Facebook although had already blocked the site. Plus i was biased to begin with since i know you wouldn’t contact me through facebook anyways (that’s what we have twitter for :P ). As soon as i realized what happened i thought you caught some kind of trojan and i was like “oh-oh poor Kim. Busy day ahead!”. Good it was just fishing… Anyways as we always say “Check the address before entering login credentials” but i recon i would have fallen for it if i returned and found it opened on my screen…

    stratosg´s last blog post – Interview with Madhur Kapoor

  • Hilariously enough when I went to click the link Facebook already had banned it or something as a dangerous link so then I googled to see what was up.

    But yeah.. it’s like “oh phishing” and I deleted it.

    Funnily enough something happened to me on Myspace, though I hadn’t used it or put my password in any site for ages and ages.. but it sent out a message to all my myspace friends.. One friend responded with “hey what’s up join this site: (Why Drink Alone).” I joined and started hanging out with a lot of people I met through the site. Phishing could be fun for the victimt oo!

    ChrissMari´s last blog post – Studying

  • I didn’t get the message. :`-(

    If anything you telling me about it prompted me to get off my butt and change some of my passwords that I hadn’t in a long time. Irrational I know since I didn’t click any of the links.

    And it would take a lot more than this for people to think you’re a dumbass.

    • Hi Jim – That’s bizarre that you didn’t get it – I am in contact with you probably more than anyone. Try not to feel too left out ;-)

      You are just biased – you don’t think I’m a dumbass because I rule at tech support – lol ;-)

  • Oh no! Good thing I was too busy to get your message yesterday.

    About the accusatory message on the wall, I don’t know why people do that. I got sick of people writing “HEEEEELLLLLLPPPPP Site doesn’t work!!!!!!!!!” on my wall (and it turning out to be they forgot their password or something) that I stopped letting people write on my wall. People don’t seem to understand discretion these days.

    These things happen even to the smartest people! Thanks for posting about it and warning us all.

    Tracy´s last blog post – Five Things I’m Addicted To

    • Hi Tracy – I kind of wish now that the conversation hadn’t been removed.

      My brother does it a lot – I’ll send him a message asking why him and his girlfriend broke up and he’ll write on my wall saying because she said “he’s an a**hole”. Please don’t write things like on my wall. lol

  • I am sorry that this happened…it was obviously a pain in the neck, but it could have happened to any of us who live online. The scammers wait for a moment of vulnerability…just like sharks!

    On the other hand, what happened seems to have done some good…people are changing their passwords and paying attention to what comes to them on Facebook.

    That’s how I see this post. I appreciate it because you brought something important to my attention and I will be more careful on Facebook! Thanks:~)

    Sara´s last blog post – Where’s Waldo? Where’s Sara?

  • I too was one of the quiet deleters :) If I remember correctly, the phishing scam meant it look like a facebook-affiliated site dedicated to a philanthropic or otherwise good cause! Luckily I knew facebook wasn’t THAT concerned about the state of the world :P

    Siel´s last blog post – Clicklist: I “love” earth

  • Interesting! I guess it’s a lot about exposure to this type of thing, because as I told you yesterday, the moment I saw that message, I knew it was a scam and that you had nothing to do with it.

    Vered – MomGrind´s last blog post – If You Want To Sell Something To Women, You’d Better Make It Pink

    • Hi Vered – I didn’t mind people asking me what it was about but some of the reactions were a little extreme.

      I also received replies that made no sense so I’m wondering if FB has auto-responders or if people have set that up through their email.

  • Thanks for the heads up about this a couple days ago. I usually know a scam when I see one, but I can see where you’re guard could be let down.

    My business AMEX account was recently hacked online and in addition to a few thousand dollars going on, the email address on the account was changed too.

    The card is always on my person, so the fraud was computer related. Scary.

    carla´s last blog post – Organic Baby & Toddler Clothes – My Little Snuggle Bug

    • Hi Carla – I hope that AMEX issue got resolved. Now if someone is going to be an evil hacker / phisher it makes more sense to me that they do it for credit cards or bank information. What use is facebook or twitter logins really? Other than being a big nuisance.

  • I saw the link and ignored it. It felt like spam and this has been happening a lot on yahoo messenger lately too, so my first reaction was this must be some type of spam.

    Manshu´s last blog post – US 2009 Q1 GDP Numbers

  • Blueberry Ale seems like something I really don’t wish to try…

    Dennis Edell´s last blog post – Who Wants To Sponsor April’s Comment Contest!

  • An honest mistake, and one any of us could make when we’re busy and distracted. Thank you for giving us the details; we all know you to be very technically savvy, and the fact that the phishing scam happened to you is a cautionary tale we need to listen to.

    It’s disappointing when people react to such an event in a hostile or hateful manner. It shows a lack of humility and empathy. Perhaps your disappointment in these people is outweighed by the gracious behavior of most of your FaceBook friends.

    • Hi Mike – Thank you! You always say the nicest things :-)

      Most people were awesome and knew I wouldn’t send something like that. The rest were confused and only one really irked me.

      It was a message to me as well – slow down :-)

  • I read about it on Google trends.

    Paulubiadas´s last blog post – Make money online from forum posting

  • Always be cautious when using facebook or any services that contain your personal info :-)

    I blogged about another version called Kromked yesterday too here.

    Really I think during this swine flu season many are also having weird ideas. There were 3 domains in total who were concerned with these phishing stuff yesterday. One that Tech crunch mentioned included.

    I got some friends who also clicked on the facebook links yesterday. Anyway we make mistake to learn :-)

  • Hi Kurt – Kromked is a funny “word”.

    I don’t understand the connection between swine flu and weird ideas … isn’t it just a coincidence?

  • I think it is something that could happen to the best of us, especially if the link is from someone who sends us a variety of links, or ones that are always cloaked with the URL shorteners. I’ve been hacked on Myspace before, and yes, some people will get pissy about it, but the people who are really your friends will understand and move on, because it’s just the day and age where things like that will happen. Thanks for sharing your experience for all of those who do feel really miserable when that sort of thing happens.

    ~ Kristi

    Kikolani´s last blog post – Vacation Proofing Blogs and Social Networks

    • Hi Kristi – Thanks for letting me know that something similar happened to you on myspace and that reactions were similar. Moving on is really the best thing to do.

  • Man, why didn’t I get that email? It would have been perfect to put on my Load Of BS site. I must say that I very rarely click on an email link unless I am sure of it’s origin, and I never log onto a site unless I typed in the url to get there.

    Sire´s last blog post – Using Comments To Double Your Exposure

  • It can happen sometimes. When i received the link from you and opened it, i knew it was a phishing site as it was too similar to facebook, thats why i decided to message you.

    • Hi Madhur – I should have added that to the article – being contacted via twitter. You were the only one who contacted me that way ;-) And privately, which was awesome.

  • The bottom line is never click a link unless in the website the supposed link represents. We’ve done a lot of work in eBay and eBay is notorious for phishing scams. We have learned to login to eBay to make sure the link is legitimate!

    Colleen´s last blog post – Lease to Own Houses

  • I’m glad you sent out that email and alerted your readers about this scam. i had an email with that link from “you” when i got home. i was able to delete it w/o my account being compromised.

    i really don’t know why people waste their time doing evil and stupid stuff like this.

    Natural´s last blog post – Mirror, Mirror on the Blog….

    • Hi Valerie – At first I didn’t want to send the email because I was thinking the last thing people wanted was another message from me but it seemed like the responsible thing to do.

      I agree – the people who do these things are obviously clever – why not use those skills for good?

  • I have experienced exact the same thing two days back but from windows live messenger, I got messages from 4 of my friends all showing a web link which asks me to log into my hotmail account I just ignored them. But for last two days I have been thinking how did it happened . Do you think all those accounts are hacked ?

    • Hi – I suppose all four of them could have clicked on the same link and sent you the message. Or maybe one of them was hacked and it sent the message to each person in their contact lists … that only really makes sense if all four of them know each other though.

  • I heard about the latest phishing attempts but never experienced it… probably because I am not very active on facebook :)

    Ajith Edassery´s last blog post – Blog Scraping – How to deal with it?

  1. (Anti) Social-Lists 5/3/09 | (Anti) Social Development
Leave a Comment
You may use: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong> .


Kim Woodbridge is an accomplished Information and Technical Consultant specializing in the entire implementation of a WordPress based website including installation, theme design, upgrades, unique customizations and ongoing site maintenance.

Recent Comments

    • Property Marbella: Hi Kim, Declaring is not fun, I do a draft and my accountant will take care of the rest, the only thing I hope for is t...
    • Tanya: How could that video not put a smile on your face. Thanks!...
    • Dada Mirada: I also user Worpress , i have a using wordpress a over two years, but my site often maintenance...
    • silicon28: I just read this post (some years after the initial comments) and could not agree more! I also try to help folks on the...
    • Dada Mirada: Beautiful Art a your sharing...

Wordpress Services

  • Installation, upgrades and maintenance
  • Conversion of existing html and css templates
  • Theme and plugin recommendations
  • CSS customizations
  • Troubleshooting and tweaks for unique situations
  • Customization for individual blogging goals and needs
  • Training and advice