Okay, just trying to get your undivided attention as this is serious matter. Coincidentally, after I completed this post, I heard from Channel News Asia that in the first 2 months of this year, there were 6 reported cases of Facebook accounts being hacked and about SGD 20,000 has been stolen.
You received a message purportedly from Facebook claiming that you are violating some Facebook policies and you are required to give or input your password for verification to reactivate your account or face the prospect of Facebook taking down / terminating your account.
DON’T PANIC and DON’T GIVE YOUR PASSWORD! This could be a hoax to obtain your password so as to hack into your account and steal your credit card, personal and other information. And after gaining access, they could then move on to target your friends, families, colleagues, etc. who are connected to you through Facebook (i.e. your Friends).
Or one of your friends is trying to borrow money from you (through Facebook messaging) but not contactable by phones and you have to urgently remit the money to a particular bank account or he / she will be in trouble.
In the article “More than two million web accounts hacked” dated 5th Dec 2013:
More than two million Google, Yahoo, Twitter, Facebook and LinkedIn accounts have been hacked in the past month after malware captured users’ login details, according to a new report.
Hackers have successfully stolen login usernames and passwords across various sites with the help of Pony malware, web security firm Trustwave said.
Users worldwide including in the US, Germany and Singapore have been targeted, with Facebook accounting for around 57 per cent of the compromised accounts.
What are some of the indications that your Facebook account might have been hacked?
- Defacement: Just like the image above, the hackers changed the profile picture and the name of the Facebook user.
- Unrecognisable Newsfeed and Timeline activities: after logging into Facebook and discovering bizarre or unusual Newsfeed and / or Timeline activities (e.g. spam ads) – your account may be compromised.
- Unauthorized purchases: you received notifications of purchases of app, games credit, etc. which you have no recollection of authorizing. Immediately check your credit cards bills for unusual purchases as well as reviewing your Facebook purchase history.
- Unauthorized logins: under the ‘Security’ option, you will find ‘Where You’re Logged In’. Examine in details the locations and devices which were logged or currently logged into Facebook (your current login location and device will also be listed). Take note of any shown locations / devices that you have no recollection of being there. For example, you have never in your life visited say City A in Country B but this is being shown. There is a good possibility that a remote hacker is using your account information in that location. What you can do is to immediately terminate this particular login session by simply clicking ‘End Activity’ (you can find out more in the video under Point 3 below).
Improving your Facebook security
- Look and think carefully. When you receive a request to provide your Facebook account and / or password, don’t hastily give out the information. Just like we won’t open our doors to any stranger, have a good look at the URL carefully to determine that it is legitimate and not phishing. A website or login page could look exactly like Facebook but when you examine the URL carefully, it will give itself away. Also, do not open or download any attachments that looks suspicious or promises things that are too good to be true (e.g. Congratulations, you have won yourself SGD 10,000…the final step to claim this prize is to open the attachment and fill up your particulars)!
- Tighten your Facebook Security settings.
– Secured Browsing: this should be enabled so that a secured connection is established every time you access your Facebook account from your devices. When enabled, you will notice that the URL will be https://www.facebook.com/yourname.
– Login Notifications: you should also enable this so that you will be notified when it looks like someone else is trying to access your account. You can select to receive the notifications either by e-mail or text messages.
– Logins Approvals. This is similar to a two-factor authentication whereby when accessing your Facebook account from an unrecognized device; you will be prompted to enter a verification code that was sent to your mobile phone.
– Code Generator. This will let you get the codes when you require them.
– Trusted Contacts. Trusted contacts are friends that can securely help you if you ever have trouble accessing your account. You can choose between 3 to 5 friends as your trusted contacts.
3. Close all active sessions. For our own convenience (a nicer phrase for being labelled as idle), we usually don’t log out of our Facebook account after accessing it on our mobile phone, tablet and desktop. We could have also accessed our Facebook account using our friends’ devices or a desktop in an internet café without properly signing out. Leaving Facebook without logging or signing out means that you are keeping an active session with Facebook. This is akin to keeping your doors open and anyone can enter your house! Thus, keeping an active session makes you vulnerable to identity theft (i.e. someone posing as you and could potentially be used to create social mischief or fraud) as well as being hacked. Learn more on how to close an active session in this video.
– If you suspect that your account has been hacked but you can still access your account: After accessing your account, from the drop-down menu, click ‘Report a Problem’, choose ‘Abusive Content’ which will then guide you accordingly. The purpose of doing this is to inform Facebook so that through collective feedback, a better decision could be taken (e.g. sending out an alert).
– If you suspect that your account has been hacked and you can’t gain access to your account, then use this link: https://www.facebook.com/hacked or you could use the Trusted Contacts option as stated in Point 2 above.
5. Sharing. If you suspect that your account was hacked after opening a post or attachment shared by one of your friends, inform that friend immediately through other means (e.g. phone or e-mails) and also tell your other friends through phone, e-mails or other means, not to open any suspicious posts from you to stem the wave of further infections. Also, report the affected post/s as spam soonest possible!
6. Password. It’s always a good practice to change your password periodically and this is especially true after you suspect your Facebook account has been compromised. Change your password immediately. Use a strong password by incorporating Capital and small letters, numerals and special symbols.
7. Don’t forget your devices. Make sure the anti-virus programs in your devices are up-to-date and review their capabilities to have an understanding whether they are able to scan your Facebook wall other than files on your laptops and downloaded applications or software are safe or not. If they are able to scan your Facebook wall, switch on this function.
You can find out more information about Facebook Security from https://www.facebook.com/about/security.
Ensuring that you keep your Facebook account secure is important and it’s of paramount importance for business owner or anyone who manages Fan Pages for Facebook marketing. A compromised Facebook account will likely reduce the credibility and reputation of the business and it’s so much more difficult to gain them back.
Do you have other ways to keep your Facebook account secured? Share them with us and we can all learn together.