Odd Messages on Facebook

I am seeing quite a number of these today in Facebook (see screen capture).

First, it appears as some of my friends status message, and subsequently these friends start spamming my wall with the message. And when I checked back with these friends what’s so interesting about this site, they first expressed surprise and ignorance, before they disavowed of having done so. In fact, in all cases, they are adamant they didn’t log-on to Facebook to send those messages. (i.e. the status will show it was update 30 minutes ago, but this friend hasn’t even log in to Facebook for days!)

Out of curiosity, I clicked on the URL in Firefox and it led me to a site selling some kind of dried plant and I suspect it’s probably some kind of weed like marijuana. However, please refrain from visiting the site (especially with IE), not because of what it is touting, but a simple precaution against any possible ActiveX ‘niceties’ and malware that might be hiding behind it.

Anyway, I am not very sure if those friends’ accounts were hacked to send these messages. The one friend I managed to convince to check out his Facebook account, said his password was not changed and he could still access his Facebook account. For good measure, he changed his password and I see that those messages have stopped. But for some of the others, I see an increasing number of walls of mutual friends getting spammed with this message.

I could think of one possibility how something else can gain access to your password for whatever nefarious purposes. A scam which says it could reveal those blocked you on MSN Live Messenger has been making its rounds on the net previously and many have been fooled. Once a person tried checking on who has blocked them through this site, those on their contact list will receive a message touting this site, or links to dubious and questionable sites at random times. I suspect that if one has used the same ID – usually one’s Hotmail / Microsoft Live Mail email address – and password to sign up to Facebook, and have not changed their password since, then that same information could now be exploited by the same scammers.

Whatever the case is, I would suggest that if you have been using a simple alpha-numeric password to login to any kind of online services, to change it and increase it’s complexity. A password like Passw0rd is definitely not good enough. You might want to consider a complex password like P@s5w0Rd+ instead.

Of course, the most important thing is to remember not to sign on to some completely unrelated site on the wild Internet with a password belonging to another service, simply because the site appears to offer you something in return. In short, if www.kennasai.com says it could reveal to you who has blocked or deleted you on MSN Messenger, it’s simply common sense to ask just how www.kennasai.com is going to obtain that information from one of Microsoft’s servers.