Facebook does a fairly good job of policing activity and cracking down on inappropriate behavior, but hackers, stalkers, schemers, and scammers have been known to ply their trade on the platform. To protect yourself, your information, and your account from these miscreants, you should be aware of the potential threats and practice some safe Facebook strategies.
Keeping Hackers from Hijacking Your Account
A malicious hacker may be able to hijack your Facebook account and then pose as you. Once they gain access, they can do anything from posting tasteless jokes in your News Feed to emailing your friends requesting a money transfer or credit card information so you can fly back home from Bora Bora, where you’ve been robbed and held captive for 36 hours.
To protect your account and information from hackers, consider practicing the following safeguards:
- Change your password to something that’s difficult for hackers to guess. Include both letters and numbers, and make it fairly long—10 to 14 characters is better than 6 to 8. Use a different password than you use for other online accounts. Remember, passwords are case sensitive. To access the form for changing your password, click Account (in the top menu), Account Settings, and then, across from Password, click Change.
- Change your password every three months or so.
- If other people have access to the computer you use to log in to Facebook, log out whenever you’re done using Facebook. Also, don’t use your browser’s “remember” feature to store your username and password.
- Include as little sensitive information as possible in your Profile; if a hacker does gain access, he won’t have your name, address, phone number, and other potentially sensitive information.
- Don’t give your login information to anyone for any reason. Hackers may pose as Facebook representatives to trick you into passing along your login information.
- Download only programs you fully trust. Hackers can embed code in an otherwise harmless application that captures the keystrokes you press to log in and then sends those keystrokes to the hacker.
- Add a security question to your account, so if it does get hijacked, you’ll have an easier time regaining access to it. To access the form for adding or changing a security question, click Account (in the top menu), click Account Settings, and then click Security Question. (After you enter your security question, this option disappears and is no longer available, so if you don’t see it, that’s probably what happened.)
If your account has been hacked, try logging in to Facebook and changing your password. If the hacker already changed your password so you can’t log in, go to Facebook, click the Forgot your password? link, and follow the on-screen instructions to reset your password. You must have access to one of the email accounts associated with your Facebook account, so Facebook can send you a new password. If you don’t have access to one of those email accounts, you can use your security question/answer to regain access to your Facebook account.
Dodging Phishing Schemes
Phishing scams dangle a line in front of you, hoping you’ll take the bait. In this case, the bait is usually an email alert warning you of some problem with your account. The alert typically contains a link you can click to go to a site where you can learn more and address the issue. The site typically looks official and matches what you expect to see—in this case, a Facebook-like interface. You think you’re on Facebook, but you’re really on a website the phisher created and, before you can fix the problem, you have to log in.
Unfortunately, if you do try to log in, you pass your Facebook login information directly to the phisher, who can then log in to your real Facebook account, change your password, access your Profile information, pose as you, and cause all sorts of trouble.
To defend yourself against phishing schemes, practice the following maneuvers:
- Trust your instincts. If something looks or sounds a little phishy, it probably is.
- Keep in mind that just because something appears to be coming from a friend, it may not be. Your friend’s account may have been hijacked.
- Compare the URL in the link with the one that appears in your browser or email program’s status bar when you rest the mouse pointer on the link. The link may show http://www.facebook.com but take you to an entirely different site. You can tell where a link is really going to take you by hovering the mouse pointer over the link and looking in the status bar.
- Keep in mind that Facebook will never send you an email message asking for your login information. If someone’s asking for it, they’re bad guys.
- If it looks as though someone has hijacked a friend’s account and is posing as him, contact your friend immediately.
- Report any suspected phishing scams to Facebook so management can investigate and shut down the perpetrators. At the top of every message you receive is a Report link you can click to report the suspicious message to Facebook.
Knowing how to protect yourself from phishers and hackers will make your Facebook experience much more enjoyable — and safe!