5 Common Security Mistakes that Users make with their Facebook Account

We take a look at 5 common mistakes Facebook users make that can result in their Facebook accounts being compromised by cyber crooks.

Our regular readers will know that there are a number of different ways their Facebook account can end up in serious trouble from a security perspective.

But what is frequently overlooked is the simple fact that the vast majority of these scams rely on the human factor. That is to say, they rely on the Facebook account owner themselves either compromising their own security by falling for a scam or by not using appropriate security settings.

We take a look at 5 common security mistakes that we see time and time again.

Entering password details on spoof webpages

Typically this is the end game of a phishing scam. Lure a Facebook user to a spoof webpage that looks like the Facebook login page that asks for their username and password. But the spoof webpage has nothing to do with Facebook, and that password and username are sent straight to a scammer as soon as the user hits “login”.


Not Facebook.

These spoof webpages are usually the result of a user clicking a link on a scam message or scam email that uses some type of social engineering trick (i.e. a “blag”) to urge them into clicking and “logging in”.

The mistake here is not looking at the web address of the login page. Is it Facebook.com? If not, then it’s not Facebook. So don’t enter your password. It’s that simple.


Sponsored Content. Continued below...




Not using Two Factor Authentication

With increasingly advanced scams out there that are designed to steal our Facebook passwords, coupled with the increasingly important ways we use Facebook, enabling two-factor-authentication has transitioned from an optional added security bonus to a seriously vital (and recommended) security feature.

Two factor authentication basically means that if a device has not logged in to your account before, it will need additional data to complete the login. This means the password and username combo won’t be enough. Of course, this in turn means that if crooks do manage to steal that all-important password, they still won’t be able to login to your account.

For all of Facebook’s privacy and security woes, they do offer a great number of ways you can enable two-factor-authentication. And yes, you can enable it without giving Facebook your phone number. Yippee. We’ve even published an article about using authenticator apps as a method of enabling two-factor-authentication. So there really is no excuse. Enable it by heading to your main settings and hitting Security and Login on either the Facebook app or website.

Reusing the same usernames and passwords

This particular security faux pas is certainly one of the most frustrating, and applies to any website, not just Facebook. Reusing the same password and username or email combinations is extremely risky. Websites suffer data breaches all the time, and as a result of one of those breaches your password and username may find themselves being sold between crooks.

And one of the first things crooks will do is check if you use the same combination of login details on other websites on the Internet, including Facebook. Don’t reuse the same passwords. Using a password manager can solve this problem, since they can create strong and unique password for you. We recommend LastPass.


Sponsored Content. Continued below...




Poor privacy settings and oversharing

Having poor privacy settings, coupled with a tendency to overshare on the social networking platform makes you vulnerable to a plethora of different scams. This combination of poor privacy habits can mean crooks could potentially glean enough information from your account to commit various identity scams.

For example, a crook could steal all of your public information in order to create a duplicate Facebook account (a scam called Facebook cloning) and then send friend requests to all your friends pretending to be you.

Get your privacy settings right, including hiding your posts, updates as well as your friends list to stop these scams from taking place. Read our article on 5 privacy settings you need to get right to prevent these sorts of identity scams from happening.

Clicking suspicious or “too good to be true” links

The old adage tells us that if it appears too good to be true, then it probably is. That is also true within the confines of Facebook. Yet despite being an adage much older than the Internet itself, it is one that social media users forget time and time again.

Some of the most prolific scams on Facebook feature links spreading virally that claim to offer free electronics, vacations, cars and a variety of other high value prizes. All for sharing a post, clicking LIKE and then heading over to some link to seal the deal. And from there, we can be lured to handing over our contact details to spammers, giving our personal information to identity thieves or even agreeing to allow malware to install on our devices.


A Disney cruise? Probably not.

Social media is great for sharing content. The downside to that is it’s also a great way for scam links to spread as well. Remember that not all links on social media are created equal. Some should never be clicked on. Ever.

Continued below...


Thanks for reading, we hope this article helped, but before you leave us for greener pastures, please help us out.

We're hoping to be totally ad-free by 2025 - after all, no one likes online adverts, and all they do is get in the way and slow everything down. But of course we still have fees and costs to pay, so please, please consider becoming a Facebook supporter! It costs only 0.99p (~$1.30) a month (you can stop at any time) and ensures we can still keep posting Cybersecurity themed content to help keep our communities safe and scam-free. You can subscribe here


Remember, we're active on social media - so follow us on Facebook, Bluesky, Instagram and X