THE Scottish Government’s Facebook page for promoting the country was hijacked and filled with spam after an official was duped.
The embarrassing blunder means that 185,000 users who “liked” the site were potentially vulnerable to having their own own online security breached.
The About Scotland page helps to promote the country as “a great place to visit, live, work, study or call home.”
But a government official working on the page was taken in by a “phishing scam” and accidentally provided the login details to hackers.
The phishers then blocked the Scottish Government from accessing its own site for nine hours before filling the page with “clickbait” links.
They included “10 horrible torture techniques from Medieval times”, “16 most gigantic insects in the world” and “10 of the most extreme body modifications”.
The IT disaster was revealed by a panicked Scottish Government official who wrote on the site: “This account has been hacked – we are trying our best to get this fixed ASAP.”
The same official, in a separate post on her private social media page, pleaded with friends: “Can anyone help? The Facebook page I run at work has been hacked and I’ve been removed as an admin, anyone had this happen?
“Trying to find a way to report it but Facebook are useless!”
Explaining how the page was hacked she said: “It’s been through a direct message that…looked like it was from Facebook about copyright infringement.”
The phishing message is made to look like it has been sent by the “Facebook Support Team” regarding complaints over copyright violations.
It then provides the user with a link to click on in order to address the complaints – and it warns them “if within 48 hours, you have not verified your page on our link, then you have ignored out notifications and your page will be suspended.”
The link takes users to a page asking for their login details and password, but if the user enters their details – as the government official seemingly did – they surrender control of their page to the hackers.
The hack completely baffled users of the page, including Andrew Swanston, who posted: “Sigh…. It’s sad to see About Scotland turn to this idiotic clickbait nonsense.”
Another asked: “What have these got to do with Scotland?”
Michael Phillips added: “What the f*** does this have to do with Scotland?”
But few of the people using the page would have realised that their own cyber security was being compromised.
Anyone clicking on the one of the links could have fallen victim to a similar phishing scam designed to snare their login details. It could also have resulted in the material being posted to their own Facebook page.
The page was hijacked at about 11pm on Thursday night and was not restored until 9.30 this morning.
The incident will be a major embarrassment to the Scottish Government which has recently been investing in, and campaigning on, the importance of cyber security.
In November they announced a “Cyber Resilience Strategy for Scotland” – preaching their “commitment to building cyber resilience amongst our communities, our businesses and our public services”.