Thoughts on Hacked Facebook Accounts & Security

This morning I noticed that a few of my friends had their Facebook accounts compromised over the weekend. Granted, this is not uncommon, and for the most part your friends will understand, but it’s still a nuisance.

As a result of this weekends breakout, I had a couple of people ask me to do a blog post on Facebook security since social media consulting is one of my areas of expertise, so here goes.  If you have any questions, please feel free to comment them below or on my facebook wall.  I will be glad to help out however I can to ensure you have a safe and enjoyable Facebook experience.

If you have already been compromised:

If you have already been compromised, you need to reset your Facebook password immediately. You can do this by clicking on the “Forgot Your Password” link on the login page or by going to the Account Settings page once logged in. If you can’t reset the password on your account because the email address you use to log in has been changed, or if your account has been disabled, contact the Facebook Operations Team.  Also, since a lot of the Facebook hacks are often accompanied by malware, you should run a virus scan on your computer.  I am not a big fan of free virus scanners, but use whatever you would like to scan your machine.

If one of your friends has been compromised:

If you have a friend that has been compromised, you can direct them to this blog post, or you can point them to Facebook’s Security Page, click here. You might also be a good Samaritan and warn those who received the spam not to click on it, and to delete it from their Walls and Inboxes immediately.  By warning others you slow down the potential risk of the attack spreading.

If you are suspicious that your account has been compromised:

If you are suspicious that your account has been compromised, or if you accidentally clicked on a link that was posted by an infected account and want to make sure that you weren’t compromised, you can go here to make sure you are okay.

Common Threats

There are a lot of common threats out there, and these threats will change over time as security is tightened up, that’s just the nature of the internet.  Here are a few recognized threats posted by Facebook:

Fake Notification Emails
Look out for fake emails that look like they came from Facebook. These typically include links to phony pages that attempt to steal your login information or prompt you to download malware. Never click on links in suspicious emails.

Suspicious Posts and Messages
Be wary of strange Wall posts and messages, even if they’re from friends. These will usually ask you to click on a link, sometimes to check out a new photo or video that doesn’t actually exist. The link is typically for a phony login page or malware site.

419 Scams
Watch out for messages from friends or others claiming to be stranded and asking for money. These messages are typically from scammers. If you have received a message like this, or one has been sent from your account without your permission, please contact us so that we can make sure your and your friends’ accounts are secure.

The Koobface Worm
If your account has been used to send spam, and you think your computer is infected with the “Koobface” worm or another virus, please visit one of the online anti-virus scanners from the Helpful Links list, and reset your password.

False Chain Letters
Don’t believe messages claiming that Facebook is becoming overpopulated and suggesting that accounts will be deleted. These messages are false and did not come from Mark Zuckerberg or Facebook. They can be safely disregarded and deleted.

Be Proactive when it comes to Security:

By security, I am talking about scams, viruses, and hacks that could infect your computer or your Facebook account and result in a lot of annoyance for you and your friends. When your login information is stolen, this is often known as phishing.

Security isn’t just an issue on Facebook, but all over the web, which is why it’s important to be aware online, and to learn how to protect your accounts and your computer. Here are some ways to be smart and aware that are recommended by Facebook:

  • If a link or message seems weird, don’t click on it. This is true of all spam—whether a chain letter, an ad, or a phishing scam. If it seems weird for an old friend to write on your Wall and post a link, that friend may have gotten phished. Let the person know, and don’t click on links you don’t trust.
  • Be aware of where you enter your password. Just because a page on the Internet looks like Facebook, it doesn’t mean it is. Learn to tell the difference between a good link and a bad one.
  • Report any spam or abuse you see on discussion boards and Walls. Those report links are there for a reason. The sooner we find spam, the sooner we can remove it and eliminate spammers from the site.
  • Don’t use the same password on Facebook that you use in other places on the web. If you do this, phishers or hackers who gain access to one of your accounts will easily be able to access your others as well. You might find yourself locked out of your email and even your bank account.
  • Never share your password with anyone. Don’t do it. Facebook will never ask for your password through any form of communication. If someone pretending to be a Facebook employee asks you for it, don’t give it out, and report the person immediately.
  • Don’t click on links or open attachments in suspicious emails. Fake emails can be very convincing, and hackers can spoof the “From:” address so the email looks like it’s from Facebook. If the email looks weird, don’t trust it, and delete it from your inbox.
  • Add a security question. If your login information ever does get stolen, you might need this to prove your identity to Facebook. If you haven’t already done so, you can add a security question from the “Account Settings” page.
  • Be wary of unusual stories. If a friend or someone else contacts you claiming to be stranded somewhere and in need of money, verify this through other means, such as by talking to the person over the phone.
  • Stay in the Loop by adding Facebook Security as one of your Facebook Friends.

Closing Notes:

I hope that this information has been useful.  Facebook can be an awesome tool for reconnecting with friends and loved ones as well as a tool for promoting your business brand, organization, group, or cause.  A lot of people initially find fault with Facebook when events such as these take place but I don’t feel as if that should be the case.  Facebook is doing their part to fight the ongoing battle of securing their social network, allocating millions of dollars to do so.  Here are just a few examples of how they are fighting the good fight:

For more information, please visit: Facebook | Facebook Security