Dear Lifehacker, One of my friends recently sent some pretty suspicious links to his entire address book and his friends on Facebook. He sent another message later to say he didn't do it, but doesn't know how it happened, and to tell everyone not to open links from him. How can I help him get his computer straight, and make sure notes I get from him are safe to click? Sincerely, Concerned Clicker
Title image remixed using Dimec (Shutterstock).
Dear Concerned Clicker,
It's admirable of you to actually take an interest in helping your friend fix this problem, especially after you've been on the business end of whatever is going on with his system. Thankfully, it's not too difficult to fix them up without getting caught up in the quagmire of being someone's in-pocket computer support person. If you care enough to lend a helping hand, here's how you can do it.
Make Sure There's Actually A Problem First
First of all, make sure your friend has actually asked for your help. Offer it if you want, but if they turn you down, don't press and focus on your own security. If your friend's address has been spoofed by spammers, there may be nothing anyone can do about it except relax and know that it'll all blow over. If your friend is inadvertently sending Facebook messages to friends, there may be a bigger problem or their account may be hacked. Here are a couple of ways you can make sure there's actually something to help your friend with before you stick your nose in:
- Check the offending emails to see if your friend is the source. If suspicious email is the problem, check the mail headers to make sure the email actually came from your friend, and not someone who's spoofing their name or email address. How you do this varies among email apps, but we cover most of the big ones here. Keep in mind that even if your friend isn't the source, that doesn't mean they're in the clear. Photo by Jeffrey Beall.
- Ask your friend how they found out about the problem. Make sure "address book" and "all Facebook friends" doesn't translate to "one person." Ask them to check their Sent Items and Sent Messages on Facebook to see if the messages were sent from their account versus some other application somewhere else. Ask them when the last time they've changed their passwords are, or whether they use different passwords for different services. That could be the problem right there — but before you go telling them to change their passwords, we have some more work to do first.
Clean Up Your Friend's Computer (and Behaviour!)
Buckle up, we're going malware hunting. The first step is to wrangle all of the computers your friend uses, scrub them clean, and review their commonly used web apps and web services to make sure they're not compromised. You can walk your friend through these steps, or if you're not nearby or want to hold their hand a bit, grab your favourite screen-sharing or remote desktop tool and connect to their computer directly. Make sure to talk them through this though — you're teaching them to fish, not giving them one.
Find out how many computers your friend uses, and where they've logged in to the offending services. If your friend is sending IMs with spam links in them, find out where they use that screen name. If the problem is Facebook messages, ask them out where they log in to Facebook, or better yet, direct them to Facebook's account security page and ask them to review their active sessions for any unfamiliar locations. You may also want to have them turn on two-factor authentication and login approvals, so every time someone tries to log in at a new location, they'll have to authorise it. If they're a Gmail user, Gmail can show you where you logged in last as well. If you or your friend see anything unusual, go ahead and log them all out.
- Scan the offending computers for malware. How you go about this is up to you, but we love Microsoft Security Essentials for Windows. If your friend is using a Mac, they probably don't have virus protection, but you'll need some to scan their email and avoid sending malware to others. Scan anyway, just to be sure. Finally, even if the issue isn't a virus or trojan of some kind, it could be some other malware or adware that requires a different scanner to remove. Make sure you scrub that system nice and clean, and show your friend how to use and update their antivirus and anti-malware tools if they haven't been.
- Once the system is clean, start changing passwords (or better yet, get a password manager!) Only after you've made sure your friend's computer is good and clean and free of any malware that may be watching what he's doing should you encourage them to change their passwords and practice good password hygiene. At this point, it's most important to change the passwords to the services they're having problems with — whether it's AIM, their email account, their Facebook account, or whatever other service is sending out spam or malware under their name. Push them to strong, separate passwords for different services, two-factor authentication wherever possible, and, if they're overwhelmed by all of the rules, suggest a password manager like LastPass or Dashlane that makes it easy to audit, reset and manage passwords for multiple services on multiple devices.
- Watch carefully. OK, so we have added security enabled on web apps and services, a clean computer,and freshly changed (and now secure, separate) passwords. Now it's time to watch and see if the issue recurs. If it does, make sure you didn't miss a computer somewhere (like a work PC, or a kid's system logged in under their name.) Odds are, it won't — even if the original issue wasn't due to a hack or phishing attempt and was simple, blind spoofing instead, your friend has now vastly improved their personal security, which is a win in our book. Also make sure nothing else suspicious happens — depending on what the root cause was, whether it was a trojan or a hacked account or a keylogger of some kind, whoever has your information may try to use it offline as well. Photo by Jeff Nelson.
The area we haven't really addressed in these steps are mobile devices, and largely because mobile threats are on the rise, but beyond obtaining physical access to your device, the best protection for your mobile are common sense and built-in security tools. There are some options though.
Upgrade Your Own Security Too
You've taken this opportunity to teach your friend how to secure their system, and possibly how to remove a lurking threat that's been with them all along, which is great! Your friend is lucky that the issue was only some spam emails or suspicious IMs or Facebook messages, and not something like wholesale identity theft, or a Mat Honan-scale hack, but eternal vigilence doesn't end with you teaching someone else how to protect themselves. Make sure you're buttoned up too.
Whether you inadvertently clicked on a link your friend sent you or you just noticed it, make sure to take your own good advice and audit your password security, get a password manager that works for you, and that your own antivirus and antimalware tools are up to date and running regular scans. If you choose to fly without a net and you don't have antivirus installed, you can still do with the occasional scan with a web app like Trend Micro's Housecall, and make sure you're keeping apps like Flash and Java up to date to avoid the inevitable holes and 0-day exploits that turn up for them every other week.
With a little effort, you'll have added two users to the pool of users who know how to take care of their security, and who hopefully won't have significant security problems ever again.
Got your own question you want to put to Lifehacker? Send it using our contact tab on the right.