Cranberries, oranges, peaches, lemons, grapefruits, watermelons, pears: such evocative crayon color names, aren’t they?
Yes, they are, but in the case of Crayola’s recently hijacked Facebook page, those terms actually pertained to “types of B00bs” – illustrated with line drawings, of course – in one of quite a few NSFW, off-color posts.
On Sunday, Crayola acknowledged that its official Facebook page had been taken over:
We're aware of the situation on our official FB page, which was hacked today, and making every effort to stop the unauthorized posts.
…and apologized for the juvenile content, which, though it wasn’t pornographic per se, was adult-themed and most certainly not Crayola-sanctioned:
We don't condone the inappropriate & offensive content being posted to the fraudulent Crayola FB page & sincerely apologize to our fans.
The company managed to grab control of the page back within a few hours, posting an apology:
Our sincere apologies to our Facebook community for the inappropriate and offensive posts you may have seen here today. Please be assured the official Crayola page has been restored. We can’t thank our fans enough for the feedback and support we received while working to resolve the issue ... you truly are the best and we look forward to an exciting and creative 2015!
OK, yes, it was mildly amusing, but taking over a social media account is still a crime, and the implications can be all but funny.
This is a Facebook page aimed at parents of little kids, after all.
Even forgetting that children might have seen it, the external sites that the NSFW posts linked to could quite well have been hosting malware or other nasties.
We don’t know how Crayola lost control of its page, but we do know that phishing is one way that cybercrooks chisel account control away from businesses and individuals.
If you’re curious about your own gullibility or lack thereof when it comes to falling for phishing scams, you might want to check out an article we wrote to not only help businesses avoid crafting phishy sounding emails but also to help recipients sniff out the difference between phish and real.
That article is by John Shier, Senior Security Expert at Sophos, and picks apart two real emails from his inbox, both containing links and requests to click on them for fill-in-the-blank goodies, be they yummy Apple rewards, or you-better-do-this-or-you’ll-rot-in-hell-and-lose-your-bank-account threats.
Hopefully, if we all get better at spotting phishy emails, we’ll be less likely to lose control of our Facebook pages or other social media accounts.
Unless we’re purposefully looking for adult content, we want to keep lemons and peaches in the fruit bowl where they belong, as opposed to being associated with female anatomy on the Facebook page for our kids’ crayons.
Follow @NakedSecurity
Image of crayons courtesy of Shutterstock.
Before clicking on any links or downloading any attachments, you can verify many false email messages by just sending a test email to the sending address. If it comes back undelivered, the email was spoofed, as many phishing emails are.
Also, hover your mouse (do not click) over links to see if the written location matches the hover location in your browser (Internet Explorer anyway).
Regards,
RWS
And perish the thought that children should ever see breasts … Oh, hang on, we’re talking about the primary food source for the first year or so of their lives. And somehow that’s offensive?
First off, I haven’t seen the pics. But what’s the deal with “children might have seen it”? Children are people. People have anatomy. What are we trying to shield little people from?
I think the deal is that [a] it’s unauthorised access and [b] it’s unauthorised modification, which are non-trivial criminal offences under the Computer Misuse Act or its equivalent in your country, and we are trying to shield our children from seeing the side-effects of cybercrime and treating it as actually quite snigger-worthy.