This message came to my Facebook account from musician Neil Conti:
I'm not usually the type to send out annoying mass mailings but I decided to send this because it might help you all avoid the nightmare I went though last week so please do give this 5 minutes....
I had my facebook account taken over for two days last week by a hacker who then sent messages to friends of mine saying that I was in urgent need of money. I won't bang on in too much detail but the basic result was that lots if my pals got badly hassled and two people are out of pocket by about 400 pounds. (Full transcript of the message that he sent out is posted at the end of this )
Now, I have always been very careful about internet security, believing that I would never get caught out. I always thought it happened to 'that other lot who don't know much about computers/firewalls/internet security'. So if it can happen to me then...well you get the message. This was quite a shock actually - it ain't a nice feeling being locked out of your Facebook account while someone rummages around inside all your messages, details etc
So - to get to the point.... be very aware of the following tips. I've had some feedback from the Facebook Security team on this and believe me when I say that they are having real trouble keeping these hackers out of the system.
1. Never reply to a message from someone you don't know - even if it's to say 'who are you'. By replying you give them limited access to your friends list etc. That's how my trouble all started (he was called Afzaal Ahmad by the way)
2.Use a different password on Facebook to any other internet sites. Apparently these hackers are paying big money to some commerce sites/forums for email/password combinations and then trying them on Facebook to get into people's accounts.
3. Never click on a Facebook link that it is in an email. Always access Facebook from the www.facebook.com homepage.
4. If you do get caught and locked out there is no Facebook emergency phone number. Call one of your FB friends and tell them to click on 'report' on your FB page, fill in the details while you are on the phone and send it. The account gets stopped and you get a new password sent to another email address that you have stated in the report. Facebook won't give you a new password unless you have correctly answered your security question.....see 5 >>>
5. Make absolutely sure that you have created a security question/answer in your Account settings page. If your account has to be stopped, you will never get it back without being able to answer this security question.