Note: Facebook layout is liable to change without notice. As a result, the steps described in this article may change but the essence of the article will remain the same.
|Facebook is one of the prime target of hackers!|
Email Address HackI have always been puzzled by people's leniency in this matter. Most people leave their email addresses visible on their Facebook profiles. All a hacker then needs to do is know your name and he will be conveniently shown your login email address at your profile. Some people also share their login email ids everywhere. How easily a hacker can then hack your Facebook account (and everything else associated with that email id) if he 'guesses' your password (if you use a weak password) or answers your security question! Here are some tricks you can use to protect yourself from this vulnerability.
How to safeguard your email address?
Just follow these steps:-
- Open Facebook and hide your email address from everyone by going to Profile>Contact and Basic Info>clicking on the Audience selection option beside your email address> selecting 'Only Me' if you have not done so already.
- Change your primary email address to a one that is only known to you and remove your old email address.
- For additional security, in Account Settings, enable Login alerts to receive a notification and an email when a new device logs into your account.
- Enable two factor authentication to receive a code on your mobile phone to login whenever your Facebook account is accessed from an unknown device. Two factor authentication will need you to have added a mobile number to your Facebook account.
- Enable two factor authentication to access your email addresses on your email provider's website as well to make sure that no hacker can exploit them to hack into your Facebook account.
|A hacker at work!|
PhishingPhishing is one of the easiest ways to trick users into giving out their login credentials. All a hacker does is setup a webpage similar in design to that of the Facebook homepage, attach a server sided script to track the username and password entered and store it in a log. Sending people emails stating that someone tagged a photo of them on Facebook in the same format as Facebook and giving a link below to the phishing website further reduces the chances of the phishing page being detected as a fake. Sometimes, spam Facebook apps, like those promising to tell who viewed your Facebook profile, automatically post links to phishing websites. A new trend amongst phishers is creating Facebook look-a-like widgets for stealing user's login credentials.
How to prevent yourself from being phished?
At all costs, avoid clicking on suspicious links. Moreover, always check the URL in the address bar before signing in. Avoid logging in through various "Facebook widgets" offered by websites and blogs. Instead, use Facebook's homepage to sign in. Always try to use Safe Search on search engines while searching. If you do manage to get phished, report the website so that others may get a warning before visiting it.
Keylogging through KeyloggersKeylogger is a type of computer virus that tracks key strokes. Keyloggers can be installed remotely on a computer system by a cracker to record all the activity that is going on the victim's computer. Keylogging gets more easy if the hacker has physical access to the victim's computer.
How to stop keyloggers?
Install a good antivirus and update it frequently. Do not click on suspicious links and avoid downloading illegal software. Also, avoid installing free toolbars and other such spam software. Always scan third-person's flash and pen drives before using them on your computer.
Bruteforce AttacksA bruteforce attack is the process of trying different passwords for an account again and again in the hope of eventually finding the right one. Facebook, like all other safety conscious companies, has preprogrammed settings to prevent accounts from becoming victims of bruteforce attacks. The preprogrammed settings reduce the probability of your account getting hacked dramatically but they rely on the chance that the hacker does not guess the right password in the first few attempts.
How to safeguard your account from bruteforce attacks?
To reduce the chances of your account becoming a victim of a bruteforce attack, always use a strong, difficult to guess password of sufficient length (8 or more characters) having a combination of numbers, special characters and upper and lower case letters.
Social EngineeringSocial engineering involves using any trick to fool the user into making himself vulnerable to exploits. This could involve anything from sending spoof emails, pretending to be from Facebook, telling you to change your password to 12345678 to a hacker maliciously getting out the answer to your security question in a friendly chat or discussion.
How to prevent yourself from being socially engineered?
Stay aware during chats and discussions. Use a tough security question, preferably one whose answer you would never disclose to anyone. Moreover, Facebook, or any other company for that matter, will never ask you to change your password to 12345678 or do something as silly as asking you to send out your login details to prove that you are an active user. Always think before taking actions and your e-life on Facebook will be safe from hackers looking to hack Facebook accounts.