Why should you worry about protecting Facebook from hacking
Many tend to believe that the security of their social media presence isn’t the first thing worth the effort to work on. You don’t often see a question like ‘How Can I Protect Facebook Account From Being Hacked?’ unless the person making such a request got hacked recently and now seeks the protection based on the bitter experience.
What does a hacker get when they hack FB account of yours? Obviously, criminals get access to all your photos and messaging history, which opens ‘great’ social engineering opportunities. You might have heard stories where close friends ask to borrow some money in a message and, well, many people say ‘Sure, here you go!’ and get scammed. Criminals may also extract much more of other information from your private messages.
Who would like their messages to be read by a stranger at all? There may be some confidential info there. Secrets. Passwords. Nudes? What if all this becomes public? You can ask Jennifer Lawrence about what might happen.
Hackers can ultimately undermine your reputation and make your friends’ private information also vulnerable to publicizing and other manipulations.
But the main thing is that GDPR (General Data Protection Regulation) has now come into force and Facebook allows users to download all private data related to their personal accounts in one click. That means a hacker interloping your profile will be able to do the same.
This article will tell you how to protect Facebook account from being hacked and offer a whole list of Facebook security best practices. Let’s secure your account and keep your private info safe.
— New York Post (@nypost) September 29, 2018
Useful to know: Top 10 Ways Hackers Use To Hack Facebook Accounts
Now let’s get acquainted with a list of Facebook profiles hacking options and find out how to protect Facebook account from being hacked:
|Method||Description||What to do|
|Password phishing||The most popular and fruitful way to get your account data is the creation of full copies of real Facebook pages. Victims enter their emails and passwords to log into a fake page, becoming an easy prey for a scammer.||
|Authentication data saved in the browser||A browser usually offers you to save login and password to automate further authorizations when you enter your Facebook page. If you accidentally launch a hacker resource and allow saving the data, your security gets ultimately undermined.||
|Email breach||Sometimes, it’s easier for scammers to break into your email than hack FB. If you don’t use a strong password to protect access to your email account and don’t activate two-factor authentication in your mailbox, hackers may brute force your password, access your email account and obtain data to gain access to your Facebook page as well as to many more important accounts.|
|Mobile device breach||If a network scammer gets into your phone, he/she immediately gets access to your FB page. They can do this remotely, with the help of such malware apps as Spy Phone Gold, Mobile Spy, etc.||
|Password masks view||Even if your password is masked in a browser with ‘*’, a hacker may view it by customizing browser security settings.||
|Unauthorized access through a USB with harmful software||A hacker may infect your USB drive with a virus that eventually gets into your system and extracts a login and password to your Facebook page.||
|Social engineering||When you set a password consisting of ‘QWERTY’ followed by your birth date, rest assured that you only make your profile easily susceptible to being hacked.||
|Wi-Fi breach||Hackers may also reconfigure the Wi-Fi router to gain access to everything transferred by the network equipment to web and back.||
|Unattended profile on a physical device||This is the most convenient way to get a hold of your personal info and scam you. It may seem to be a pretty unlikely option to forget and leave your phone somewhere with FB open on it of to keep Facebook always open on your workplace, but this happens to people all the time.||
| Read also: 8 Ways to Hack Your Email
1. Use Passwords Wisely
Now for some tips on how to protect Facebook account by properly creating and using a strong password for Facebook.
Use strong hard to guess passwords
Want to know how to protect yourself on Facebook? Take a good care of your password – make it long and difficult.
It doesn’t matter where you register – always try to come up with reliable passwords. Here are some tips:
- don’t use your personal info – date of birth, name, your relatives’ names, their birth dates, etc.;
- don’t use simple words found in any dictionary;
- don’t make passwords that consist of less than 8 symbols;
- try including at least one special symbol in your password like an exclamation mark and use a few uppercase letters.
| Read also: How to Choose and Use Strong Passwords
Change passwords every 6 months or more often
If you update your passwords at least once half a year, you’ll decrease your chances of being hacked on Facebook significantly (the same goes for email, of course). Use a special password manager to keep all passwords safe – LastPass or Dashlane will do.
My Fb account got hacked yesterday. Managed to recover it thanks to email notification. In that short window bloody hacker changed my name and removed a few friends. So, to whom I have removed, apologies. Can’t change until after 60 days. Deactivated mine for safety. pic.twitter.com/NaXvbLGyoi
— Daniel Adam (@jawacina) 27 сентября 2018 г.
Don’t save passwords on public devices
As we’ve already mentioned, try to not leave any of your account data on ‘third-party’ devices that can be accessed by strangers. For instance, your office PC might not be the best place to set up an auto filling browser feature for immediately entering social networking login and password.
| Read also: The Worst Passwords of 2015
2. Use Two-factor authentication
Two-factor authentication (2FA) is one of the highly-reliable means of user login protection that offers an additional identity check stage on top of the standard login-password combination verification. After entering your standard login and password you also have to enter the one-time password (OTP) valid only for a minute. Usually, you get this one-time password via SMS or a call on your phone number, or use an app or special device – hardware OTP token – to generate OTP password. Thus, you confirm that you not only know the login and password but also own the phone or hardware OTP token.
In Facebook you can add a phone number to secure account with two-factor authentication, connect a 2-factor authentication app or order and connect a hardware OTP token instead of an app, which is the most secure practice.
Text Messages is the easiest way to get one-time passwords. You need only to add your phone number to Facebook. But it’s the least safe 2-factor authentication method because of the risk of SIM card replacement, cellular network vulnerabilities, and mobile viruses that make use of open access to SMS messages on smartphones to intercept one-time passwords.
Recently Reddit was hacked because their employees used SMS authentication. Read more about the Reddit hack and why SMS authentication is weak in our article “Reddit was hacked: how it happened, who the victims were, and why SMS authentication failed”.
Many users tend to prefer third-party apps to generate Facebook security codes – Google Authenticator, Duo, Protectimus Smart. Such solutions provide a higher level of security as opposed to SMS verifications.
Nevertheless, this still may not be the ultimate way to gain a good protection online. The thing is, any applications can be infected with harmful software. Moreover, if you delete an authenticator app from your device, all the tokens it generated previously will also be deleted and you will lose access to the respective resources. That’s exactly why modern online security experts strongly recommend using hardware tokens, which we will discuss below.
If you use Google Authenticator or any other 2FA app, read how to make sure that you won’t lose all your tokens if something happens with your phone in our article “How to Backup Google Authenticator or Transfer It to a New Phone”.
Hardware OTP token
Protectimus Slim NFC is configured via NFC on any Android-based device with NFC support. You’ll need it one time just to configure the token. Then it works autonomously and can’t be infected with any virus as well as nobody can intercept the OTP password which is not transferred anywhere.
Yubikey implies connecting tokens through a USB port which might be highly inaccessible to mobile users and leaves a slight possibility to reach the device for some viruses or hackers.
3. Be Careful with Other Devices
Want to find out how to avoid being hacked on Facebook when you have to access your profile through a stranger’s device?
Log out of other devices and don’t use a ‘Keep me logged in’ option
Always remember to exit your Facebook account, email, and any other online user profiles once you’ve done browsing them on a side device. This is the #1 online security rule for publicly accessed devices. If you access FB through your personal device, quitting pages is also recommended.
Check Active Sessions
The built-in Facebook protection looks after users’ privacy on a pretty decent level. If you open Account settings->Security in your profile, you’ll see the list of all devices, through which your page has been accessed. Active sessions are highlighted there. If you discover new, unfamiliar devices or unusual locations there, select ‘End Activity’ to immediately deauthorize any suspicious activity. If you come across such a situation, your account has probably already been hacked.
Enable Account Login Notifications
One of the very useful Facebook security options is enabling notifications upon entering your Facebook user profile. You get notifications to your email and a message to your Facebook indicating the device and location of authorization.
4. Care about privacy
Personal data disclosed in social networks can be used against you in various ways – for social engineering, doxing, password identification, opinion manipulation, etc. Even regular thieves can use it in their interests, to find out, for instance, at what time you won’t be at home (you undermine your home safety with each social networking post featuring a photo from the airport attached).
In particular, use the Privacy tab in your FB account to configure the following privacy settings on the Facebook page:
- Who can see my stuff? – define a scope of users who are able to see content on your page – your photos, posts, etc.
- Who can contact me? – specify who is allowed and who isn’t allowed to invite you to their friend list and send you messages.
- Who can look me up? – facebook account security settings also allow to let certain people search your profile (e.g. by a telephone number, email address or through external resources).
| Read also: How to Protect Your Privacy on Facebook
5. Be a Smart Internet User
What does it mean to be an advanced Internet user? Use Secure Browsing, watch out for spam links to avoid phishing, remember about social engineering attacks threat, be careful with public Wi-Fi hotspots, and keep your system environment updated & secured.
All these rules help to protect your data on Facebook and any other online account and ultimately answer the question ‘How to secure Facebook account from hackers?’. Let’s discuss each rule in more detail.
Use Secure Browsing
The special Secure Browsing feature allows using the secure HTTPS protocol to connect to web resources (instead of HTTP, used only on outdated or malicious websites since the beginning of 2018). Additionally, it helps to filter out resources that offer automatic registration via FB – you can view the list of those that were approved to fully support this feature.
To enable it, open Account settings->Security->Security Settings in your FB profile. You will see the Secure Browsing feature there (just click Edit and select required security parameters).
For an even higher level of security efforts, you can also use the Private Browsing feature, which allows leaving resources you’ve visited during your Facebook session unregistered (i.e. provides anonymous browsing).
We also strongly recommend checking your web browser for spyware regularly. Just look if there are any suspicious extensions or outdated plugins installed and get rid of them.
— Morgan (@heyyymorgan) September 27, 2018
Watch out for spam links to avoid phishing
Any links and input fields might potentially be phishing means. This means that any data you provide there will be stolen by web scammers and used against you in the future.
To minimize risks of becoming a phishing victim, remember to:
- never share your email address with strangers;
- never open Facebook by shortened or masked links (better enter www.facebook.com manually, bookmark the right URL, or open it through search where you can at least see the address of a resource);
- never use outdated versions of browsers;
- never follow any links from so-called ‘friends’ or a ‘Facebook user support’ if you aren’t confident in the integrity of the source.
Remember about Social Engineering Attacks threat
Any scammer well familiar with the human psychology will make a convincing attempt to acquire your personal data without any virus software or special hacks. Ignore letters marked as ‘spam’ in your email inbox. Keep in mind also that there are no Facebook policies concerning sending letters with recommendations to change the user password.
Be careful with public WiFi Hotspots
Public WiFi is among the favorite pieces of cake for many hackers. Unfortunately, such networks don’t have a sufficient level of security. Connecting to a public WiFi, make sure to use VPN.
Keep your system environment updated & secured
Make sure to use the latest version of OS as well as a tried and tested updated antivirus. This doesn’t mean however that you should install the latest OS versions immediately upon their release. It’s better to wait until it’s tried out in the field by other users (2-4 weeks). You can read reviews then to make sure it can be sufficiently used.
| Read also: Windows Computer Safety Tips
What to do When Your Facebook Account Is Already Hacked
If one day you realize: ‘someone keeps hacking my facebook’, you can do the following to save the situation.
- Change or Reset Your Password. For starters, check – has facebook changed privacy settings without your involvement all of a sudden? That can be a scammer and if they haven’t done that yet, be the first to do that instead. Don’t forget to try and come up with a strong password.
In case if your passwords have already been customized by a criminal, use the Facebook default password restoring feature (it will be restoring your password through your email, that’s why it is recommended to use multiple emails to register in a social network; 2FA can help you keep all your email addresses secure).
- Report Compromised Account. If you conclude that your profile is really hacked, notify the Facebook team about that. They usually help out users in such situations.
- Remove Suspicious Applications. In Settings->Apps, there is a full list of all your installed applications. Delete everything that seems to have a suspicious, indistinct name and make sure that all apps are correctly configured to request your personal data to a healthy extent.
- Do Damage Control. Last but not least, tell your Facebook friends that your profile has been hacked by cybercriminals – that way you might as well save them from potential hacks or scams.
That was our take on the research on ‘How to protect my Facebook account from hackers?’. As you can see, it is possible to make your FB page a safe, protected place if you follow the above-mentioned Facebook security tips. If you have any questions on the subject, feel free to share your mind in the comments.
- Man In The Middle Attack Prevention And Detection
- Phishing, Vishing, Smishing, Pharming – What Is the Difference
- Doxing. What Is It? How to Dox? How to Protect Yourself from Doxing?
- Malvertising: Can It Be Stopped?
- Which messaging apps are trustworthy?
- The Most Common Ways of Credit Card Fraud
- 9 Data Protection Tips for Safe Online Shopping