A few weeks ago, I wrote a blog post about how to avoid Facebook scams. What I failed to mention is what to do if you have been affected by a Facebook scam.
In most cases, when you’re affected by a Facebook scam, some posts could appear on your profile, or be sent to others through chat and other things. The first thing to do would be to remove any apps you accidentally “allowed” to post to your profile. To do this, go to Account, located in the upper right corner of each Facebook page, and click on Privacy Settings in the drop down list. On that page, you should see an “Apps and Websites” section. Click “Edit Settings” under that section. On that page, you’ll have the option to remove spammy or unwanted apps. Do that, and remove any apps you don’t remember adding. Note, some apps are cleverly named to think they are related to a certain feature of Facebook. For example, this past week I found an example of such an app. It was called “Chat.” However, the app actually sent spam messages and then when a user who received that message clicked on the link, it would ask them to authourize that fake “Chat” app to access Facebook Chat, which in turn sent the same link to all their friends, and so the chain continues. You should remove any apps there named “Chat” or anything similar (“Photos”, “Messages” etc) because these features do not show up in the Apps section. Instead, they are integrated with Facebook (You can’t remove the actual “Photo” app, etc).
Another good idea is to change your password. I’ve seen some users on Facebook asking about a message apparently sent from Facebook. It told the user was engaging in abusive behaviour and needed the user to confirm their login details. This led them to a fake app that looks like an official page (to those who don’t know what to look for) and asks them for their login details, which are then sent to the hacker who uses the login details to take over the account or what not.
If the hacker changed your login details, you should have been sent an email saying that they were changed. Clicking the link starts a verification process to verify that the account belongs to you.