Unfortunately, having a strong password to keep the bad guys out of your Facebook account isn’t the only thing users need to be aware of. Our Facebook accounts are a treasure trove of information about us, and cyber crooks would relish the chance of gaining access to them. Not only because they can access our information contained within, but because it also affords them the ability to pretend to be us in order to reach out to and scam our Facebook friends.
Many of the tricks crooks use to lure us into handing over control of our Facebook accounts have been around for a long time. Yet they still work because users are still making the same old common mistakes with their account security.
We describe some of these mistakes to help you avoid being a victim.
One of the most common mistakes Facebook users still is falling for a phishing scam. This happens when a Facebook user clicks a link on a message or email claiming to be from Facebook, and that link leads to a webpage asking the user to login to their account. However that webpage won’t belong to Facebook, and the information entered into it – namely the username and password – is sent straight to a crook.
This scam relies on something called social engineering. That’s the trick the crooks use to bait a user into clicking the link and entering their login information in the first place. For example the message or email may claim that the user’s account may be disabled unless they confirm their information by clicking the link. See below.
Remember, be sceptical of messages that claim to be from Facebook. Always check the web address of a Facebook login page to see if it actually belongs to Facebook. And consider enabling two factor authentication, meaning a password isn’t the only thing a crook needs to access your account.
It’s not just you who can fall victim to a cyber-attack. The companies you have online accounts with can as well. And if the consequence of such an attack means a crook now has access to your username, email and password, then this means they can access that account.
Now, if the company that got attacked is worth their salt, they’ll reset your password straight away and invite you to create a new one. But if you’re reusing the same passwords across different accounts, your problems are not over. That’s because crooks know that so many people reuse the same credentials, meaning they will try your stolen credentials in different accounts to see if you’re reusing them – and yes, that includes Facebook.
The solution to this is simple; don’t reuse passwords! And again, two factor authentication switched on (for all accounts that support this) is an effective way of not falling victim to this attack.
Sponsored Content. Continued below...
Using your online accounts such as your Facebook account on a public computer is a dangerous endeavour. Malware such as keyloggers can be installed on these computers which can log usernames and passwords and transmit that data straight to cyber crooks.
Keyloggers can also install themselves on your own devices, of course. This is why we always recommend using good security software and running frequent virus scans. Our recommendations on security software can be seen here.
If crooks gain access to your email, they can use that to hijack more accounts by using the “forgotten password” feature that many accounts offer, such as Facebook.
The password to your email is extremely important, so as with the above points, make sure you don’t fall for a phishing scam and don’t reuse the same password. Also make sure it is strong with lots of characters and some numbers, avoid entering it into shared public computers or public Wi-Fi, and don’t give it to anyone else!
Sponsored Content. Continued below...
Two Factor Authentication (2FA) is a vital security step that most users still don’t do. That’s possibly because many users think it means having to hand over your phone number to Facebook – it doesn’t!
2FA means an extra piece of information is needed to access a Facebook account, not just the password. This could be a PIN code sent to your phone, or it could mean a PIN code generated by an app on your phone (so no need to hand over your phone number!) We have more information on enabling 2FA for Facebook here.