Phishing Links: It’s human nature to be compelled to click provocative links. Don’t feel bad – attention-grabbing headlines have been around as long as news has been a commodity. But whatever you do, don’t click them on Facebook. These over-the-top updates – often about celebrities – are often produced by hackers looking to steal your Facebook password.
It usually works like this: Users click the phishing link and are then prompted to log in to a site that looks like Facebook, but isn’t. Instead, this duplicate site sends usernames and passwords straight to a hacker’s email account.
How to reduce risks: Links that are so juicy you can hardly resist them are probably too good to be true – don’t click! If you really need to know, check it out on Google. Chances are your search will reveal that the link’s headline is fake – and its contents are a scam.
Fake Account Phishing: You may not remember everyone from your freshman poli-sci class. Don’t beat yourself up about it – and don’t let a desire to be polite compel you to add people you don’t know to Facebook. Anyone can set up a Facebook profile, and scammers have been known to set up accounts designed to look like they belong to Facebook personnel in an attempt to convince users to provide login info for “security reasons.”
Even scarier, is a type of malware known as a “socialbot.” This automated program builds up a profile and spams out friend requests in order to gain access to user accounts. And once a fake friend gains access to your profile, you’re at risk of being hacked.
How to Reduce Your Risk: Yes, maybe that guy you think you recognize really was sitting one row back – or maybe the account is fake. If you must add acquaintances to Facebook, check out their profiles first. If you don’t have much in common, such as friends, schools and jobs, chances are you’ve never met. And never give your login credentials to anyone. The real Facebook will never ask.
Mobile Phone Hacking: In the first quarter of 2016, Facebook had 1.51 billion mobile users, 989 million of which access their accounts on a daily basis, and these numbers only continue to grow around the world. The problem is if hackers can gain access to your cellphone – whether by using mobile spying software, or just by picking it up where you left it – they can probably hack into your Facebook account too.
How to Reduce Your Risk: Block hacking action by skipping downloads from untrusted sources, sticking to secure Wi-Fi connections, turning off Bluetooth or Wi-Fi when you’re not using it, and keeping your cellphone under password protection at all times.
Facebook Like and Share Buttons: Just about every site out there has Facebook “Like” and “Share” buttons, which automatically post content to your Facebook feed when you click them. These buttons are a great way for sites to promote content and for users to share it, but they aren’t risk-free. Hackers can camouflage a false Facebook login page by making a button that looks like the real deal. Enter your credentials, and you’ll be sending them straight to a cybercriminal.
How to Reduce Your Risk: You can protect yourself by signing into Facebook in a new tab, then opening a second tab for surfing. When you click the “Like” button, the site should automatically recognize that you’re authorized on Facebook and post the content. If it still prompts you for a password, you should be suspicious.
Worms: In January 2012, the Ramnit worm re-emerged on Facebook and scored a payload of 45,000 Facebook login credentials. This piece of malware was originally spread through network security gaps and infected USB drives. In 2012, an updated version made the leap to Facebook, where it is believed to have spread via stolen Facebook login credentials. Another Facebook worm was identified in 2015 – this one lured users in with the promise of porn, and then hijacked the user’s browser. This allowed the hackers responsible to monitor a user’s activity, control browser settings and continue to spread the worm.
How to Reduce Your Risk: How can you protect yourself? Avoid clicking on links and attachments, even from friends. And, because Ramnit may also have gained access to users’ Gmail and other accounts, avoid using the same credentials for different online services.
Third-Party Sign Ins: Websites of all kinds are increasingly encouraging users to log in through Facebook. It saves you the trouble of having to set up a new account. With all the logins required these days, that convenience is a godsend, but it also has some potential for risk. Researchers reported that single sign-on services (SSOs) weren’t always properly integrated into the websites that used them.
SSOs relay a visitor’s login information to Facebook. If the user credentials are valid, Facebook sends a certified token. Then, the third-party website gives the user access to the requested account. However, because these credentials are sent to the user’s browser first, an attacker can obtain a token that grants access to the user’s account without having to supply the username and password that are usually required.
How to Reduce Your Risk: Although Facebook reported that the bug had been fixed, using a new login and password for new accounts keeps your login info locked down, so it’s always a safer move.