Since I made my first plugin for Facebook, I realized it’s enormous potential, and also the fact that many malevolent people are ready to attack it and the accounts that reside on it.
Facebook is still, undoubtedly, the most popular social networking website (even after the recent scandals), with more than 1 billion accounts to date. Due to its popularity, many hackers (or should I say crackers?) are actively involved in hacking Facebook accounts of unsuspecting users. This article outlines the many strategies that such hackers use to gain access to Facebook accounts of hundreds of users each day and how you can stop them from hacking your account.
Email Address Hack
I have always been puzzled by Facebook‘s leniency in this matter. All a hacker needs to do is know your email address and he will be displayed a confirmation showing your name even if he enters the wrong password. How easily a hacker can then hack your Facebook account if he ‘guesses’ your password (if you use a weak password) or answers your security question! This is something I hope Facebook improves on quickly. Until Facebook does so, here are some tricks you can use to protect yourself from this vulnerability.
How to safeguard your Email Address?
Just follow these steps:
- Hide your Email Address from everyone by going to Edit Profile > Contact Information > Clicking on the icon beside your email address > checking ‘Only Me’.
- Change your primary email address to a one that is only known to you by going to Account Settings > Email > and changing your primary email to the new one (known only to you) and removing your previous email address.
- For additional security, when in Account Settings, check ‘Secure browsing’ and ‘Send me an email when a new computer or mobile device logs into this account’ and click Save.
Phishing is one of the easiest ways to trick users into giving out their login credentials. All a hacker does is setup a web page similar in design to that of the Facebook homepage, attach a server sided script to track the username and password entered and store it in a log. Sending people emails stating that someone tagged a photo of them on Facebook in the same format as Facebook and giving a link below to the phishing website further reduces the chances of it being detected as a fake. Sometimes, spam Facebook apps, like those promising to tell who viewed your Facebook profile, automatically post links to phishing websites. A new trend among phishers is creating Facebook look-a-like widgets for stealing user’s login credentials.
How to prevent yourself from being phished?
At all costs, avoid clicking on suspicious links. Moreover, always check the URL in the address bar before signing in. Avoid logging in through various “Facebook widgets” offered by websites and blogs. Instead, use Facebook’s homepage to sign in. Always try to use Safe Search while searching. If you do manage to get phished, report the website so that others may get a warning before visiting it.
Keylogging through Keyloggers
Keylogger is a type of computer virus that tracks key strokes. Keyloggers can be installed remotely on a computer system by a cracker to record all the activity that is going on the victim’s computer. Keylogging gets more easy if the hacker has physical access to the victim’s computer.
How to stop keyloggers?
Install a good antivirus and update it frequently. Do not click on suspicious links and avoid downloading illegal software. Also, avoid installing free toolbars and other such spam software. Always scan third-person’s flash and pen drives before using them on your computer.
Social engineering involves using any trick to fool the user into making himself vulnerable to exploits. This could involve anything from sending spoof emails, pretending to be from Facebook, telling you to change your password to 12345678 to a hacker maliciously getting out the answer to your Security Question in a friendly chat or discussion.
How to prevent yourself from being socially engineered?
Stay aware during chats and discussions. Use a tough security question, preferably one whose answer you would never disclose to anyone. Moreover, Facebook, or any other company for that matter, will never ask you to change your password to 12345678 or do something as silly as asking you to send out your login details to prove that you are an active user. Always think before taking actions and your e-life on Facebook will be safe from hackers looking to hack Facebook accounts.