Yesterday, while relaxing at home, B decided to check her Facebook account on her iPad.  She immediately told me that she thought she might have been hacked.  To make sure, she went on her laptop.  Sure enough, I came and saw that she had been locked out.  Not just locked out, though, but locked out due to a virus.

lockout1

Wait… a virus?  Mind you, this was without Facebook having any ability to scan our computer.  Also, this was after being locked out on the iPad.

lockout2

Nice lesson in malware prevention.  Of course, we’re both well versed in the "don’t run programs from sources you don’t trust" rule.  We also have anti-virus software running all the time on our computer just in case anything slips by our "common sense filter".  (Security is all about layers.)  Still, we can just click Continue to re-enable the account and scan using our anti-virus of choice, right?  After all, the next screen does say "you can also remove them yourself."

lockout3

I’d click the "We’ll remove them ourselves, please unlock the account" button, but all I see is a "Download and Run McAfee" button.

At this point, I began to wonder just how valid this notice was.  I didn’t doubt it was from Facebook, but I began to question whether this was just an isolated incident.  So I did what anyone would do: I searched Twitter and Google.  On Twitter, I found numerous people who were locked out due to "virus infections."

Two stood out to me in particular.  First was @grilledcheez.  She responded to one of my tweets with the following:

grilledcheez

If this was an actual virus infection, why weren’t both of the accounts locked out?

And then there was @jason_michael who was locked out of his Facebook page due to a "virus infection"… on a Mac:

jason_michael

This was looking very fishy.  Especially when a Google search turned up a deal between Facebook and McAfee.  Facebook will helpfully "detect" viruses on your computer and offer to clean it for you using McAfee’s software.

Of course, if you don’t want to install McAfee on your system, that’s fine.  You can use your own anti-virus software, as this Facebook post illustrates.  However, there’s a catch.  You first need to agree to the McAfee Scan and Repair Terms of Service.  (That’s why I don’t have a screenshot.  I didn’t want to agree to their TOS.)

I do have one more screenshot, though, from @jason_michael.  Apparently, he got back in without running McAfee.  You see, his third screen didn’t display a "Run McAfee now" message, but this instead:

 lockout-mac

Yes, he was able to simply click to certify that he ran anti-virus software and then was able to get back into his account.  No forced downloads and no required TOS agreements.  So why did he get the optional treatment and we didn’t?  My only guess would be that Mac-Windows difference.  After all, you can’t require a Mac user to install Windows software.  (It’s trivial to detect what operating system you are running.  In fact, I use Google Analytics which does – among other things – just that.  Hello to the 22.25% of TechyDad visitors who used Macs or iOS devices in the past month!)

In the end, after writing almost this entire post, I got back into B’s Facebook account again by using Internet Explorer instead of Chrome.  However, I’m not sure if it was a matter of IE being allowed in where Chrome wasn’t or if the lockout was only for a certain amount of time.  Still, the big red warning bar and only presented choice of running McAfee seems very scammy to me.

It looks like I’ve got yet another reason not to use Facebook.  And, if Facebook insists on pushing McAfee on its users due to "virus infections" that it "finds", they will give many users a good reason to move away from them and to a different social media platform.