Someone left a message on my answer phone the other night, and I really have no idea how to respond.
Take a listen and see what you think. I’ve subtly edited the recording to remove any of their personal information.
Hi Graham Cluley, this is [redacted] umm.. I was trying to figure out, like, how to hack a Facebook account. I’ve been trying so many ways to do it and it’s just not working, so I know you’re the right guy to y’know do these kind of things and just help me out here. But you can call me back at [binary solo] the number I called you from, but I just really needed your help. I emailed you, I called you like five times but you didn’t answer I’m pretty sure you’re probably busy, but just give me a call back please. This is your biggest fan, I really need your help. thanks
Basically, they think I can tell them how to hack a Facebook account. This is even though I have previously told lots of other people that I wouldn’t be able to answer their written requests either.
But now, it seems, some of them are even making transatlantic phone calls.
If you have a good suggestion as to how I should respond please leave a comment below.
And, if you are on Facebook, and want to be kept updated with news about security and privacy risks, and tips on how to protect yourself online, join the Graham Cluley Security News Facebook page.
Found this article interesting? Follow Graham Cluley on Twitter or Mastodon to read more of the exclusive content we post.
16 comments on ““How to hack a Facebook account…” – how on earth should I answer this voicemail?”
Brilliant! In terms of your response I think that's already handled with your post above. As your biggest fan (I'm sure that's always a scary phrase to hear) she will no doubt read the post and any subsequent comments you might make by way of clarification. Who knows, this thread could turn into a fascinating debate on the ethics of hacking.
Coincidentally, I had an almost identical request from a colleague a few weeks ago. She said she wanted to talk to me about "something personal", and once we were alone explained she needed to find out how to hack into a Facebook account "for her sister" who used to have her boyfriend's password, but no longer had access since he had changed it.
I did laugh involuntarily prior to asking if she actually understood what my role entails (i.e. I am not the organisation's blackhat hacker in residence) – she was shocked and disappointed; explaining that what she was suggesting was illegal and could result in a criminal conviction; and suggested that perhaps her "sister" should consider getting out of the relationship where trust levels were clearly so low…
By the way, very much enjoyed your talk on the Art of Malware at RANT last week. :)
So, glad I'm not the only one that has dodgy people contacting me! Rafiki gave a brilliant answer to his colleague, I also simply state that it is illegal, that usually is enough to stop the conversation.
Is it just me or was anyone else immediately reminded of Stan by Eminem?
I've tried writing, calling and I'm your biggest fan… All sounds very familiar.
I would avoid calling them back at all. There is too much crazy written all over this one. Even responding to tell them it's illegal and saying no is probably enough for them to suddenly start delclaring that you're best friends.
Make a funky dance tune out of it, like the musician BT (Brian Transeau) did with Movement in Still Life.
Maybe this is an attempt to prank you. If so, then 'why' is anybodys guess.
Reply: "My standard fee for that service is $10,000,000. Payment must be accompanied by written permission from Facebook and the account holder authorizing me to perform the hack, including a full release from all legal liability."
End of problem.
Tell them to make a huge donation to a charity of your choice and once done get back in touch!
I would reply for her call you ( use a PC headset internet phone service with a number you can delete later) and then open up her PC remote assistance so you can go in see what the problem is. Look around inside real good, then claim to find a legitimate tracking spyware program running from Facebook security that that you cannot stop that has already been tracking her hacking attempts. Tell her they can prosecute, fine $25,000 and ban her for life, and put her on an international criminal hacking list if she is successful at hacking any Facebook account and advise her stop immediately.
THAT should squash the little bugger!
Tell her that in order to hack into someone else's Facebook account you will need her login details. When she gives them to you then leave her a message on her Facebook page explaining how easy it was.
I used to get these types of requests but in the 90s (so no facebook). A friend (that I lost contact with and probably also got requests as well) had a nice suggestion (I didn't respond so didn't feel the urge to care beyond that… gave them a laugh and that's all that matters. I did respond to other requests though, in not so nice ways. Unfortunately I got a lot of them). Any way, his idea was something along the lines of (changing for your example)…
"One of the easiest ways to hack a facebook account is when the victim is a complete idiot… Take for instance the last facebook account I hacked… [name of person requesting how-to]…"
Of course, the fact I don't use facebook combined with stuff going on here (house renovations of sorts), I won't be supplying any suggestions for this (at least a specific example but I think the thing I will suggest is more relevant anyway), either… But in general: the best response is one that throws them off completely, making them think what the …. and/or making them silent (because they are shown to be as dense as they really are). If you're quick witted (I generally am very much so, but see above) then you can take the exact circumstances and have a nice laugh at their expense. I think that is the only thing to keep in mind. It will always differ in some way or another. So the only answer to the question is to not answer at all (I could not resist that!) or use satire and/or sarcasm (there is never too much of those, as far as I am concerned, much like puns).
Edit: as an aside, you’re WAY too nice. You redacting that info would never have happened with me (and I know others in the security field who do similar to my way). But well I have little patience and I also hate when people are insincere/take things for granted/etc.
Where some of the above refers to trolling the poor kid, probably this post is enough to thwart them. Unless of course they see this as a sign to contact you even more.
Am I the only one thinking this was a young male? Sounded like a 10 year old to me.
Didn't listen and my hearing is not that great (I struggle to follow movies, to be honest). But no, cruel responses won't really change anything. I know because I used to do exactly that when I got requests quite often. On the other hand, you might be indirectly correct on them contacting more. Some (not all) might be try even harder to get information. But that's for their own agenda and not because you scold them (or whatever else you do).
I just received a request for a date on LinkedIn – what I believed was a professional network. The person left me name and phone number. The best response I had (and it worked) was no reply; no acknowledgement; no return contact info or remark of any sort. I guess for a phone call such as the one you received Mr. Cluely – block that number; no reply to her of any sort; send the email to spam reports; and any one of a number of security precautions you probably have at your disposal.
As an afterthought – perhaps it was a test of your integrity from another organization?
The world is too crazy and insecure. Hackers can get very personal information that they need by hacking. Sometimes, they can even find out the password using special hack tools. It's worth mentioning that hack can be very useful in certain condition. A child of my neighborhood behaved erratically some time ago, her parents used Micro keylogger to get her FB password to find that someone was trying to tempt her into taking drugs. That is terrible.
If this child's parents had acted responsibly in the first place by setting up their child's FB account themselves and locking it they would have already had the password.
Parents who don't use parental control filters or monitor and filter their child's internet activity are asking for trouble. You are right about the world being crazy.
Best possible response:
"What are you wearing?"