3 mistakes that will give crooks access to your Facebook account

One of the most common questions we get when dealing with Facebook security is this; How do Facebook accounts get hacked? We discuss three common mistakes that Facebook users make that result in crooks gaining unauthorised access to their accounts.

If a scammer manages to gain access to a Facebook user’s account, they can cause a great deal of havoc. They can use your account to post spammy links, or worse, links to online scams. They can steal your photos. They can steal your personal information to help them commit identity fraud. They can even pretend to be you to try and trick your friends into sending them money.

We can never be sure what a scammer will do if they manage to unlock and access a Facebook account, but we can be sure that we don’t want to give them access. Here are three different methods scammers frequently employ to try and gain access to a Facebook account.

Entering Your Login Details into a Phishing Website

If you receive a chat message, email or text asking you to click a link, and that link leads you to a Facebook login webpage, there is a good chance that this is a phishing scam.

This works by tricking the victim into thinking the link and accompanying message was sent by someone trustworthy, like a friend or even Facebook themselves. However it’s a ploy to lure the victim into clicking a link and entering their Facebook login information on a spoof webpage.

These phishing scams come in all shapes and sizes, but the vast majority will have one thing in common; they will try and lure a Facebook user into clicking a link that leads to a spoof webpage asking for your Facebook username and password, usually in the form of a login page. And when entered, that spoof webpage will send your login information straight to a crook.


A spoof phishing Facebook login page. Take note of the URL of the webpage. It isn’t Facebook.com.

And if the account doesn’t have any type of two factor authentication enabled, the crooks now have access to that account. Learn more about Facebook phishing scams here.


Sponsored Content. Continued below...




Keyloggers and Malware

Not having good security software installed and failing to regularly checking your device for malware can lead to your Facebook account – as well other accounts – becoming compromised.

Keyloggers and other types of malware can steal a user’s Facebook usernames and passwords. For example, keyloggers – key sniffers – can log every keystroke made by a user, including passwords, and send it straight to a scammer.

Also malware that gives a crook full remote access to your computer can also result in the crooks gaining access to your account, since most users will automatically login to Facebook when they open up the website or app. Alternatively the crooks could find out your Facebook password from your browser’s autofill settings.


Sponsored Content. Continued below...




Credential Stuffing

Credential stuffing attacks are on the rise, and that’s because despite longstanding and time honoured security advice, many users still reuse passwords across multiple online accounts.

Credential stuffing works as follows.
– A user has an online account with a company.
– Due to some type of security breach – often caused by poor security habits on behalf of the company – the user’s account username and password (along with many others) is obtained by criminals, and/or leaked online.
– The crooks responsible for the breach – or possibly other crooks who find/bought the leaked information – then go to websites like Facebook and enter the same username and password combinations, in the hope that many users have reused the same username and password combinations.

All of the above methods can be avoided by having good security habits, such as not reusing passwords, avoid clicking on links in messages, having reliable security software installed and enabling two factor authentication on your online accounts.

Such habits will go a long way to making sure your Facebook account stays in the right hands. Your hands.

Would you consider becoming a ThatsNonsense supporter on Facebook? We’re looking to transition away from revenue from having adverts on our site (we don’t enjoy having them as much as you don’t enjoy seeing them) to help fund the costs of running the site. That’s why we’ve activated subscriptions on our Facebook page for only 99p (~$1.25) a month. Becoming a supporter means you get a badge next to your name when you post on our Facebook page, and you’ll be helping us produce content including tips about avoiding Internet scams, information on the latest types of attacks as well as our routine fact checks. And when we get enough supporters we will post content exclusive to our supporters. If you’re interested in helping keeping our site alive, please consider supporting us by clicking here.