Skip to content
by
  • Products
  • Free Tools
  • Search
  • Free Sophos Home
XG Firewall
Next-Gen Firewall
Intercept X
Next-Gen Endpoint
  • Sophos Cloud Optix
  • Sophos Central
  • Sophos Mobile
  • Intercept X for Server
  • Secure Wi-Fi
  • Phish Threat
  • SafeGuard Encryption
  • Secure Email
  • SG UTM
  • Secure Web Gateway
For Home Users

Sophos Home protects every Mac and PC in your home

Learn More
Free Security Tools
Free Trials
Product Demos
Have you listened to our podcast? Listen now

Crayola’s Facebook page hijacked, redrawn in NSFW style

14 Jan 2015 4 Facebook, Malware, Phishing, Security threats
Crayons. Image courtesy of Shutterstock.

Post navigation

Previous: David Cameron wants to ban encrypted apps like iMessage and Whatsapp
Next: Update Tuesday wrap-up, January 2015 – See? We didn’t use the word “Patch”!
by Lisa Vaas

Cranberries, oranges, peaches, lemons, grapefruits, watermelons, pears: such evocative crayon color names, aren’t they?

Yes, they are, but in the case of Crayola’s recently hijacked Facebook page, those terms actually pertained to “types of B00bs” – illustrated with line drawings, of course – in one of quite a few NSFW, off-color posts.

On Sunday, Crayola acknowledged that its official Facebook page had been taken over:

Crayola Tweet 1

We're aware of the situation on our official FB page, which was hacked today, and making every effort to stop the unauthorized posts.

…and apologized for the juvenile content, which, though it wasn’t pornographic per se, was adult-themed and most certainly not Crayola-sanctioned:

Crayola Tweet 2

We don't condone the inappropriate & offensive content being posted to the fraudulent Crayola FB page & sincerely apologize to our fans.

The company managed to grab control of the page back within a few hours, posting an apology:

Crayola Facebook apology

Our sincere apologies to our Facebook community for the inappropriate and offensive posts you may have seen here today. Please be assured the official Crayola page has been restored. We can’t thank our fans enough for the feedback and support we received while working to resolve the issue ... you truly are the best and we look forward to an exciting and creative 2015!

OK, yes, it was mildly amusing, but taking over a social media account is still a crime, and the implications can be all but funny.

This is a Facebook page aimed at parents of little kids, after all.

Even forgetting that children might have seen it, the external sites that the NSFW posts linked to could quite well have been hosting malware or other nasties.

We don’t know how Crayola lost control of its page, but we do know that phishing is one way that cybercrooks chisel account control away from businesses and individuals.

If you’re curious about your own gullibility or lack thereof when it comes to falling for phishing scams, you might want to check out an article we wrote to not only help businesses avoid crafting phishy sounding emails but also to help recipients sniff out the difference between phish and real.

That article is by John Shier, Senior Security Expert at Sophos, and picks apart two real emails from his inbox, both containing links and requests to click on them for fill-in-the-blank goodies, be they yummy Apple rewards, or you-better-do-this-or-you’ll-rot-in-hell-and-lose-your-bank-account threats.

Hopefully, if we all get better at spotting phishy emails, we’ll be less likely to lose control of our Facebook pages or other social media accounts.

Unless we’re purposefully looking for adult content, we want to keep lemons and peaches in the fruit bowl where they belong, as opposed to being associated with female anatomy on the Facebook page for our kids’ crayons.

Image of crayons courtesy of Shutterstock.

  • Follow @NakedSecurity on Twitter for the latest computer security news.

  • Follow @NakedSecurity on Instagram for exclusive pics, gifs, vids and LOLs!

Free tools

Sophos Firewall Home Edition

Boost your home network security.

Sophos Scan & Clean

Free second-opinion scanner for PCs.

Sophos Cloud Optix

Monitor 25 cloud assets for free.

Post navigation

Previous: David Cameron wants to ban encrypted apps like iMessage and Whatsapp
Next: Update Tuesday wrap-up, January 2015 – See? We didn’t use the word “Patch”!

4 comments on “Crayola’s Facebook page hijacked, redrawn in NSFW style”

  1. GuitarBob says:
    January 14, 2015 at 4:13 pm

    Before clicking on any links or downloading any attachments, you can verify many false email messages by just sending a test email to the sending address. If it comes back undelivered, the email was spoofed, as many phishing emails are.

    Also, hover your mouse (do not click) over links to see if the written location matches the hover location in your browser (Internet Explorer anyway).

    Regards,

    RWS

    Reply
  2. Simon says:
    January 14, 2015 at 9:40 pm

    And perish the thought that children should ever see breasts … Oh, hang on, we’re talking about the primary food source for the first year or so of their lives. And somehow that’s offensive?

    Reply
  3. Paul says:
    January 14, 2015 at 9:50 pm

    First off, I haven’t seen the pics. But what’s the deal with “children might have seen it”? Children are people. People have anatomy. What are we trying to shield little people from?

    Reply
    • Paul Ducklin says:
      January 15, 2015 at 7:31 am

      I think the deal is that [a] it’s unauthorised access and [b] it’s unauthorised modification, which are non-trivial criminal offences under the Computer Misuse Act or its equivalent in your country, and we are trying to shield our children from seeing the side-effects of cybercrime and treating it as actually quite snigger-worthy.

      Reply

What do you think? Cancel reply

Recommended reads

Jan27
by Naked Security writer
0

Hive ransomware servers shut down at last, says FBI

Nov07
by Paul Ducklin
2

Public URL scanning tools – when security leads to insecurity

Nov16
by Paul Ducklin
5

Firefox fixes fullscreen fakery flaw – get the update now!

  • About Naked Security
  • About Sophos
  • Send us a tip
  • Cookies
  • Privacy
  • Legal
  • Intercept X
  • Intercept X for Server
  • Intercept X for Mobile
  • XG Firewall
  • Sophos Email
  • Sophos Wireless
  • Managed Threat Response
  • Cloud Optix
  • Phish Threat
© 1997 - 2023 Sophos Ltd. All rights reserved. Powered by WordPress VIP