Ever since Facebook arrived on the scene in Cambridge, Mass in 2004 (yes, that far back), it has been surrounded with controversy and detractors. Anything that has such a wide reach throughout the fabric of society is bound to. Much of the criticism is valid.
Facebook has provided not only a platform for social interaction, but also for government surveillance of citizens and for opportunists looking to exploit or steal your personal data. I have also written about the phenomenon of “Facebook Jail” – a place to which you are banished if you violate Facebook’s “Community Standards”, make too many friend requests in too short a time, make too many postings with too much frequency and lastly, are ratted on by someone who has it in for you.
Facebook Pirates – how they get control of your account
In this article, we are going to take a practical approach to the specific issue of how cyber criminals are exploiting people’s Facebook accounts and measures you can take to prevent their doing so. We’ll also point you to resources to recover your account if it is hacked.
Once you understand how cyber criminals are breaking into and taking over Facebook accounts, you can map out a defensive strategy. So let’s look at how they typically do it.
Phishing and Keyloggers
Paul Cucu of Heimdal Security advises that hackers use a malicious software (malware) called a “keylogger”. Keyloggers capture your login information.
But how do they install that malware on your computer or smart phone? Cucu explains that they most always employ one of three tactics:
- Send you a phishing email with a malicious attachment, meaning the keylogger.
- Infect a website with malicious code so that it automatically downloads malicious software on your device, these are so called “drive-by-downloads”.
- Trick you into clicking a malicious link on a pop-up or website that approves a malicious download.
I discussed the threat of ‘phishing’ in greater specifics on my recent article about ransomware. In that article I disclose the telltale signs that should alert you that you are looking at a phishing attempt.
The main difference between ransomware and hijacking your Facebook account is that the bounty is not you paying them to get your files and data back (ransomware) – but instead the objective is your personal information and your identity profile. While your account is in control of these individuals, they also use it to spread more malware.
Passwords – the cardinal entry point of hacking
First – after you have educated yourself to not succumb to phishing – is your Facebook account password. Although all accounts must have one – some folks are using passwords that would be child’s play for a hacker to break. This is what weak passwords look like:
Keep in mind, the hackers are not sitting and punching in letters and numbers, but instead using software based algorithms, known as “Brute Force” attacks to discover your password. It’s all automated and very powerful. But there is something even more powerful – a strong password.
Some people are of the notion that long passwords are necessarily strong passwords, but that is not universally true. It is instead, how you structure that password. Strong passwords involve not only letters and numbers (alpha-numerics), but include large caps and small caps and special characters. Here is a random example:
Just 17 characters there. You could throw in 3 more for good measure or you could whittle it down to 10, but in either event, if you use this technique in building yours, hackers will be long dead before they ever break your password. The above example is good for at least 198 years of brute force attempts.
Another password related risk factor – using the same password for all your logins. Why this is a problem, is that if the crooks get one of your passwords – that key unlocks all the rest of your accounts. A good option to consider is a password manager like “True Key” that maintains password and login security from the cloud. True Key came standard with all Windows 10 installations, but there are other providers you can evaluate here.
Public and unsecured Wi-Fi hotspots
How else can someone intrude upon your private data and / or effect an account takeover? One of the big no-nos is using public Wi-Fi to log into any password protected website. Unless you know for an absolute certainty that the Wi-Fi at the coffee shop or restaurant is WPA2 encrypted – don’t do it! And don’t rely on the employees knowing the difference between unsecure and secure Wi-Fi. You also need to be certain that your home router is firewalled.
Another way of hacking you is – believe it or not, is people calling you on the phone and for example, claiming to be a bank employee or representative of Visa or Mastercard – telling you that there is a problem with your account and they need your username and password to get it “straightened out for you”. Yeah – I didn’t believe it was possible either.
Anti-virus, security updates and browser updates
Other important precautions include protecting your computer with a good anti-virus program such as Avira, Webroot or ESET – and scheduling automatic security updates and patches for your Windows operating system. You should also make sure you have the most recent version of your web browser.
Unfortunately there are other types of attacks that you can do little to defend against, but they are considerably less common. What to do if despite your best efforts, your account still gets hacked? Go to the “Facebook Hacked” page directly, and they will walk you through the process.
In the follow up to this report, we will talk about privacy. Specifically, options you can take advantage of when you configure your Facebook account that will permit you to control the amount of information certain people like employers, past associates and strangers can see on your Facebook account.