Category: Information Security

My Facebook is Hacked!!

Three times recently I have had friends or family members who have either had their Facebook account hacked or they have had someone impersonating them.  That makes this a fine time to discuss how to protect yourself on Facebook.

The easiest of the two issues to fix is stopping the bad guys from taking over your Facebook account.  There are a number of things everyone should consider, and the truth is that some of this may be more than most people are willing to do.

  • First: Do you have a good password?  A good passwords is a minimum of 8 characters, though I prefer 10-12 characters.  Each additional character exponentially decreases the likelihood it can be guessed.  This isn’t enough though.  Your password should also include uppercase and lowercase characters, numbers, and symbols.  By the way, if you really want to have a strong password, do not use the symbols on the number keys.  The others are less commonly used, and are therefore not used as often in password cracking tools.
  • Second: Change your password.  Periodically you should change your password on a schedule commensurate with risk.  What does that mean?  It means that  if you were to wake up tomorrow and find your account hacked, would you ask yourself why you didn’t change your password the night before?  I would suggest you change the password quarterly, though for most people that is too much for their comfort.  If that describes you, at least consider semi-annually or annually.  Changing your password prevents two things: first, if someone learns your password, this will stop them from using it after a certain point.  Second, it lessens the chances your password will be discovered through password cracking or guessing.
  • Third: Enable “Login Approvals”.  This is a form of dual factor authentication, which means it takes more than just a password to access your account from non-familiar machines.  This is an easy step to implement, but some will find it more trouble than it is worth.  If you are interested in implementing this, here is what you do:

First, go to the drop-down arrow near the top right of the page:

Facebook Settings

Facebook Settings

 

Select “Settings”:

Facebook Settings

Facebook Settings

 

Then, choose “Security”:

Facebook Security

Facebook Security

 

And now, choose “Login Approvals”:

Facebook Login Approvals

Facebook Login Approvals

 

Check the box that says, “Require a security code …” and then hit the save button.

Facebook Login Approvals

Facebook Login Approvals

 

You will then be walked through a process to set up login approvals that will require you to receive PINs on your cell phone via text.

The second, and more common, issue is impersonation.  How the bad guys do this is easy.  They find your Facebook profile, and copy your profile picture.  They then set up an account with a name identical to yours.  Then they peruse your friend’s list, sending as many of them as possible friend requests.  Each friend who accepts then becomes a target.  Your friends will likely be sent messages asking for money.  One of the current tactics is for the bad guy, while impersonating you, to contact your friends and tell them that you need money because your car has broken down and you are away from home.  They might even assure your friends that you will pay as soon as you get home, but right now you are in a real bind.  Your friends may pick up on this immediately, but one or more of them may want to do everything they can to help you, so they send some money.  Unfortunately, there is very little you can do to prevent someone from impersonating you, but you can make it as hard as possible.  While there are many things you can do, the three most important are to not accept friend requests from people you do not know, limit who can see your posts, and to limit who can see your friends.

In order to limit who can see your posts, you will follow the same instructions as above, except instead of choosing “Security”, you will choose “Privacy”:

Facebook Privacy

Facebook Privacy

 

Now, at the top of “Privacy Settings and Tools” you will see the words, “Who can see my stuff?”  I highly recommend you change this to “Friends” or “Friends except Acquaintances”.  This will limit the people who can see what is on your page to those you know.

Facebook - "Who can see my stuff?"

Facebook – “Who can see my stuff?”

 

Next, you will want to limit who can view your friends.  This keeps a bad guy from targeting those you know easily.  To do this, first go to your Facebook profile:

Facebook Profile

Facebook Profile

 

Next, go to the link to see your friends:

Facebook Friends

Facebook Friends

 

 

Now, choose the pencil beside “Find Friends” to edit your settings:

Friend Edits

Friend Edits

 

Finally, limit those who can see your friend’s list to either your friends or just you.

Facebook - Limiting who can see your friends.

Facebook – Limiting who can see your friends.

 

While this won’t totally stop the bad guys, it does make their job significantly harder, and thus they will likely go somewhere else.  I can’t reiterate enough that you need to be careful who you “Friend” too.  If you know someone is already on your friend list, you probably don’t need them again.  😀  Just remember, if it is a bad guy, you are opening yourself up to an attack, which is sometimes conducted by some really smart folks.

One last thing, if someone is impersonating you, what do you do?  You need to report them.  That is the only way Facebook can know to delete the account.  To do this, go to imposter’s profile and click the ellipsis near the top:

Facebook Ellipsis

Facebook Ellipsis

All you have to do then is report them:

Facebook 14

 

Just, be sure you are doing this on the imposter’s profile, not your own.  😀

Trusting Retailers

I was reading through the news this morning and happened across an article titled, 3 In 10 Consumers Don’t Trust Retailers With Their Data.  I call bull on this.  Sure enough, the article supports the title with a study, but if 30% of the population doesn’t trust retailers with their data, why do they still allow retailers to have it?  Perhaps a better title would be, “3 In 10 Customers are Uncomfortable with Retailers Having Their Data, but Still Give it to Them.”

All this said, I don’t “trust” anyone with my data, but I fall into the same boat.  I still give data to retailers, though sometimes it is fake and sometimes it is selective data that prohibits them from finding me.  What I am saying is I understand the sentiment, but if we really don’t trust retailers, then we will stop giving them our data, and then, and only then, will things change.

Loading...
X