Securing your Facebook Account from Hackers
Author: George Barrett
Learn how to avoid losing access to your Facebook account and business profile
Many of us use Facebook not just for personal use but also for running a business page or a group page. I've heard horror stories of people losing access to their Facebook business account pages after falling prey to an attack by hackers usually in the form of a spam phishing email.
What is a Phishing attack?
A phishing attack is a cyber attack where an attacker poses as a trusted entity to trick individuals into revealing sensitive information, such as usernames, passwords, credit card details, or other personal data. This is often done by sending deceptive messages (usually emails, but also text messages, social media messages, or phone calls) that appear to come from legitimate sources, like a bank, social media platform, or even a known contact.
How Phishing Attacks Work
-
Deceptive Message: The attacker sends a message that appears to be from a legitimate source. It might use branding, logos, and even look-alike email addresses to seem authentic.
-
You inadvertently log into the Facebook website thinking you are on Facebook.com website.
-
You are then directed to the real Facebook website and your login information may be passed on to log you into the real Facebook. At this point, you are unaware you have just logged into a fake website and sent the attacker your email address and password.
-
The attacker then logs into your profile and changes your phone number, email address and password. You are now locked out and will have great difficulty regaining access.
What are the different types of Facebook attacks?
Urgency or Fear Tactics
Phishing messages often contain language that encourages immediate action, such as claiming there’s a security breach, account suspension, or an unclaimed reward. The goal is to prompt the user to act quickly without questioning the legitimacy.
Example of a fake phishing email that I received. Notice the email is from a Google mail account.
Link to a Fake Website
Lately, a popular scam has been profiles posing as legitimate Facebook administrators. They often direct message you saying you are in violation of Facebook standards or that your account has been reported for racism etc. The message often includes a link that leads to a fraudulent website designed to look like a legitimate one. The user is prompted to enter personal information, which the attacker then collects.
Example of a fake phishing Facebook message that I received.
Data Harvesting
When users enter their information, it is sent directly to the attacker, who can then use it to access accounts, steal money, or commit identity theft.
How to secure your Facebook from such attacks?
Two Factor Authentication
Two-factor authentication is a security feature that helps protect your Facebook account and your password. If you set up two-factor authentication, you'll be asked to enter a special login code or confirm your login attempt each time someone tries accessing Facebook from a browser or mobile device that we don't recognize.
How to Turn on or manage two-factor authentication
- Click on your profile picture in the top right, then click Settings and Privacy.
- Click Settings.
- Click Accounts Centre, then click Password and Security.
- Click Two-factor authentication, then click on the account that you'd like to update.
- Choose the security method that you want to add and follow the on-screen instructions.
When you set up two-factor authentication on Facebook, you'll be asked to choose one of three security methods:
- Tap your security key on a compatible device.
- Login codes from a third-party authentication app.
- Text message (SMS) codes from your mobile phone.
Once you've turned on two-factor authentication, you can get ten recovery login codes to use when you're unable to use your phone. Learn how to set up recovery codes.
Authenticator Apps
If you want to use an authenticator app you can choose something like Google Authenticator
SMS authentication is also a good option.
In Conclusion
The original hack I described would not have been possible had two-factor authentication been turned on. The hacker would have gotten access to the email address and password but as soon as they go to change the email address to their own they would be prompted to enter a two-factor authentication code.
Always be wary of emails no matter who they appear to come from and safe browsing.
See Previous Blog Post:
Websites made with Google Business Profiles will be turned off in March 2024Latest Posts
- Securing your Facebook Account from Hackers
- Websites made with Google Business Profiles will be turned off in March 2024
- The Impact of User Experience ( UX ) on Websites Success
- Digital Storefront: A beginners look at E-commerce Platforms
- A Step-by-Step Guide to Setting Up Your Google Business Profile
- 2 Easy Methods To Link Instagram to Your Facebook Page
- Five Reasons your Small Business Needs a Website
- Custom Coded Websites vs Page Builders. Which are Better?
- The Importance of Updating Your Wordpress Website
- 6 Reasons you should use a Static Site Generated Website
- Web Developer from Clonmel Co. Tipperary