Securing your Facebook Account from Hackers
Author: George Barrett
May of us use Facebook not just for personal use but for also running a business page or a group page. I've heard horrors stories of people losing access to their Facebook business account pages after falling prey to an attack by hackers usually in the form of a spam phishing email.
What is a Phishing attack?
A phishing attack is a type of cyber attack where an attacker poses as a trusted entity to trick individuals into revealing sensitive information, such as usernames, passwords, credit card details, or other personal data. This is often done by sending deceptive messages (usually emails, but also text messages, social media messages, or phone calls) that appear to come from legitimate sources, like a bank, social media platform, or even a known contact.
How Phishing Attacks Work
-
Deceptive Message: The attacker sends a message that appears to be from a legitimate source. It might use branding, logos, and even look-alike email addresses to seem authentic.
-
You inadvertently log into the Facebook website thinking you are on Facebook.com website.
-
You are then directed to the real Facebook website and your log in information may be passed on to log you into the real Facebook. At this point you are unaware you have just logged into a fake website and sent the attacker your email address and password.
-
The attacker then logs into your profile and changes your phone number, email address and password. At this point you are now locked out and will have great difficulty regaining access.
What are different types of Facebook attacks?
Urgency or Fear Tactics
Phishing messages often contain language that encourages immediate action, such as claiming there’s a security breach, account suspension, or an unclaimed reward. The goal is to prompt the user to act quickly without questioning the legitimacy.
Example of a fake phishing email that I received. Notice the email is from a Google mail account.
Link to a Fake Website
A popular scam lately has been profiles posing as legitimate Facebook administrators. They often say you are in violation of Facebook standards or that your account has been reported for racism etc. The message often includes a link that leads to a fraudulent website designed to look like a legitimate one. The user is prompted to enter personal information, which the attacker then collects.
Example of a fake phishing Facebook message that I received.
Data Harvesting
When users enter their information, it is sent directly to the attacker, who can then use it to access accounts, steal money, or commit identity theft.
How to secure your facebook from such attacks?
Two Factor Authentication
Two-factor authentication is a security feature that helps protect your Facebook account and your password. If you set up two-factor authentication, you'll be asked to enter a special login code or confirm your login attempt each time someone tries accessing Facebook from a browser or mobile device that we don't recognize.
How to Turn on or manage two-factor authentication
- Click on your profile picture in the top right, then click Settings and privacy.
- Click Settings.
- Click Accounts Centre, then click Password and security.
- Click Two-factor authentication, then click on the account that you'd like to update.
- Choose the security method that you want to add and follow the on-screen instructions.
When you set up two-factor authentication on Facebook, you'll be asked to choose one of three security methods:
- Tapping your security key on a compatible device.
- Login codes from a third-party authentication app.
- Text message (SMS) codes from your mobile phone.
Once you've turned on two-factor authentication, you can get ten recovery login codes to use when you're unable to use your phone. Learn how to set up recovery codes.
Authenticator Apps
If you want to use an authenticator app you can choose something like Google Authenticator
SMS authentication is also a good option.
In Conclusion
The original hack I described would not have been possible had two factor authentication had been turned on. The hacker would have gotten access to the email address and password but as soong as he would go to change the email address to his own he could have been prompted to enter a two factor authentication code.
Always be wary of emails no matter who they appear to come from and safe browsing.
See Previous Blog Post:
Websites made with Google Business Profiles will be turned off in March 2024Latest Posts
- Securing your Facebook Account from Hackers
- Websites made with Google Business Profiles will be turned off in March 2024
- Understanding the Impact of User Experience ( UX ) on Websites Success
- Digital Storefront: A beginners look at E-commerce Platforms
- A Step-by-Step Guide to Setting Up Your Google Business Profile
- 2 Easy Methods To Link Instagram to Your Facebook Page
- Five Reasons your Small Business Needs a Website
- Custom Coded Websites vs Page Builders. Which are Better?
- The Importance of Updating Your Wordpress Website
- 6 Reasons you should use a Static Site Generated Website
- Web Developer from Clonmel Co. Tipperary