Three times recently I have had friends or family members who have either had their Facebook account hacked or they have had someone impersonating them. That makes this a fine time to discuss how to protect yourself on Facebook.
The easiest of the two issues to fix is stopping the bad guys from taking over your Facebook account. There are a number of things everyone should consider, and the truth is that some of this may be more than most people are willing to do.
- First: Do you have a good password? A good passwords is a minimum of 8 characters, though I prefer 10-12 characters. Each additional character exponentially decreases the likelihood it can be guessed. This isn’t enough though. Your password should also include uppercase and lowercase characters, numbers, and symbols. By the way, if you really want to have a strong password, do not use the symbols on the number keys. The others are less commonly used, and are therefore not used as often in password cracking tools.
- Second: Change your password. Periodically you should change your password on a schedule commensurate with risk. What does that mean? It means that if you were to wake up tomorrow and find your account hacked, would you ask yourself why you didn’t change your password the night before? I would suggest you change the password quarterly, though for most people that is too much for their comfort. If that describes you, at least consider semi-annually or annually. Changing your password prevents two things: first, if someone learns your password, this will stop them from using it after a certain point. Second, it lessens the chances your password will be discovered through password cracking or guessing.
- Third: Enable “Login Approvals”. This is a form of dual factor authentication, which means it takes more than just a password to access your account from non-familiar machines. This is an easy step to implement, but some will find it more trouble than it is worth. If you are interested in implementing this, here is what you do:
First, go to the drop-down arrow near the top right of the page:
Then, choose “Security”:
And now, choose “Login Approvals”:
Check the box that says, “Require a security code …” and then hit the save button.
You will then be walked through a process to set up login approvals that will require you to receive PINs on your cell phone via text.
The second, and more common, issue is impersonation. How the bad guys do this is easy. They find your Facebook profile, and copy your profile picture. They then set up an account with a name identical to yours. Then they peruse your friend’s list, sending as many of them as possible friend requests. Each friend who accepts then becomes a target. Your friends will likely be sent messages asking for money. One of the current tactics is for the bad guy, while impersonating you, to contact your friends and tell them that you need money because your car has broken down and you are away from home. They might even assure your friends that you will pay as soon as you get home, but right now you are in a real bind. Your friends may pick up on this immediately, but one or more of them may want to do everything they can to help you, so they send some money. Unfortunately, there is very little you can do to prevent someone from impersonating you, but you can make it as hard as possible. While there are many things you can do, the three most important are to not accept friend requests from people you do not know, limit who can see your posts, and to limit who can see your friends.
In order to limit who can see your posts, you will follow the same instructions as above, except instead of choosing “Security”, you will choose “Privacy”:
Now, at the top of “Privacy Settings and Tools” you will see the words, “Who can see my stuff?” I highly recommend you change this to “Friends” or “Friends except Acquaintances”. This will limit the people who can see what is on your page to those you know.
Next, you will want to limit who can view your friends. This keeps a bad guy from targeting those you know easily. To do this, first go to your Facebook profile:
Next, go to the link to see your friends:
Now, choose the pencil beside “Find Friends” to edit your settings:
Finally, limit those who can see your friend’s list to either your friends or just you.
While this won’t totally stop the bad guys, it does make their job significantly harder, and thus they will likely go somewhere else. I can’t reiterate enough that you need to be careful who you “Friend” too. If you know someone is already on your friend list, you probably don’t need them again. 😀 Just remember, if it is a bad guy, you are opening yourself up to an attack, which is sometimes conducted by some really smart folks.
One last thing, if someone is impersonating you, what do you do? You need to report them. That is the only way Facebook can know to delete the account. To do this, go to imposter’s profile and click the ellipsis near the top:
All you have to do then is report them:
Just, be sure you are doing this on the imposter’s profile, not your own. 😀