While millions of us routinely use Facebook on a daily basis, criminals are constantly on the look out to hack into them and the treasure trove of personal data lurking inside.
Many of us will recognise the seemingly odd post from a friend on Facebook, swiftly followed by a ‘Ignore my posts, I’ve been hacked message’.
But why do the fraudsters do it? They can get access to people’s personal data through Facebook, yet much of that has already been made public to an extent, so what is the attraction of the wave of Facebook hacking, how is it done, and can you protect yourself?
Facebook have disabled more than 1.3billion fake accounts between January and March this year, but people are still getting hacked at times because they reuse easy to guess passwords
Last month cybersecurity experts, Nordlocker, found a huge cache of stolen data containing 26million logins for popular websites such as Amazon, LinkedIn and Facebook.
They said the data had been stolen between 2018 and 2020 using custom Trojan-type malware which infiltrated over three million Windows-based computers and stole 1.2TB (terabytes) of personal information.
The battle to eliminate fake and hacked Facebook accounts rages on.
Paul Vlissidis author of How to Survive the Internet and lead cyber-security advisor to Channel 4 show, Hunted, says: ‘I think there is a constant background of people getting their account compromised.
‘When the password information rocks up on the dark web, the hackers will use those passwords on various platforms of which Facebook is one.
‘Hackers will sift through all of these accounts and see which ones are still current. They will put a list together and run a scam campaign against those groups.’
It’s not only breaches to your own Facebook account that you have to worry about.
Security threats can also come from other account users. Between January and March this year, Facebook disabled more than 1.3billion fake accounts – 99.8 per cent of the time before they were reported.
While criminals use fake accounts to conduct phishing scams they increasingly prefer to hack into legitimate accounts.
Paul Vlissidis a cyber-security advisor to the Channel 4 show, Hunted, says there is a constant background of people getting their Facebook account compromised.
Paul Bischoff, privacy advocate at Comparitech, explains: ‘Most of us are smart enough not to click on links in emails from people we don’t know.
‘But we’re much more likely to trust a message from a friend on Facebook.
‘That makes it easy for impersonators to trick victims into sending money, handing over passwords, and downloading malware.
‘Once hackers have taken over an account, they’ll start by locking the genuine user out.
‘They may change passwords and account recovery settings, for example. While the real user struggles to get back in, the attacker starts messaging users on the hacked account’s friend list.
‘Part of the scheme likely involves stealing Facebook passwords from other users, which allows the hacker to move onto another account and repeat the attack indefinitely.’
Some of this is to harvest more data, but it can also be to used to scam people. Messages asking for financial help due to lost wallets or cards, a stranding in another country, or even a loan from friends, can have a high enough hit rate of success to make them worthwhile for scammers.
What’s more, hacking a Facebook account can also open the door to other lucrative accounts with banking information, as people commonly use Facebook to autolog into shopping websites.
To prevent your Facebook account from becoming another hacking statistic follow these seven steps to protecting your personal details:
1. Never use easy passwords for multiple accounts
Don’t use the same password for Facebook as other accounts, particularly ones that people could gain financial access from.
Password reuse remains rampant because it’s convenient and quick. According to a report by identity company, SecureAuth, 53 per cent of people admitted to using the same password for different accounts.
Raj Samani, chief scientist at McAfee, adds: ‘More than a third (36 per cent) say they have not changed their password for a long period of time.
‘If criminals gain access to one of these account passwords, the likelihood is that they are then able to access all other accounts linked to that username and password. This is the most common way hackers gain access to all of your accounts.’
Change your password often and make them unique. David Emm, principal security researcher at Kaspersky, says: ‘All account holders should be using strong unique passwords across all of their accounts, and back this up with multi-factor authentication.
‘Not only will this limit the potential for brute forcing and password spraying, but multi-factor authentication will also limit the ability of hackers to log into accounts on other devices when passwords are compromised.’
Raj Samani, chief scientist at McAfee says that 36% of people say they have not changed their password for a long period of time.
2. Employ multi-factor authentication
Two-factor authentication – where you get a text code or email, for example, to confirm it is you – may feel like another troublesome step to access your Facebook account, but it will give you added protection from hackers.
Facebook says: ‘If you set up two-factor authentication, you’ll be asked to enter a special login code or confirm your login attempt each time someone tries accessing Facebook from a browser or mobile device that we don’t recognise.’
You can also set up an alert on Facebook which will inform you if someone tries logging into your account from an unfamiliar browser or mobile device.
3. Don’t connect to an unsecure WiFi network
Samani says: ‘Another common way for criminals to gain access to an account is by collecting data from devices when people connect to an unsecure Wi-Fi network.
‘Despite two thirds of Britons believing that public WiFi networks are unsafe to connect to, half of consumers still often connect to public WiFi while on-the-go.’
Oversharing on Facebook could give criminals vital clues to what your passwords or reset account questions and answers could be. Adjust your privacy settings to protect yourself
4. Select trusted friends to help you get back in
Facebook allows you to choose between three to five friends to be ‘trusted contacts’ in the event that you’re locked out of your Facebook account.
Vlissidis says: ‘Once you’ve set up your trusted friends on Facebook, they can issue you with a code to get you back into your account.’
5. Watch out for geo-tagging
Samani says: ‘Many social networks will tag a user’s location when uploading a photo, as well as offering users the option to tag their location when posting.
‘You should ensure this feature is turned off to avoid disclosing your location to criminals or people you would not want to know your whereabouts.’
6. Don’t overshare on social media
Think twice before answering those Facebook questions on your profile or the quizzes and polls that do the rounds.
What might seem an innocuous or fun talking point question can be way for fraudsters to go viral and collect some very handy answers to personal questions.
You wouldn’t give your internet banking password out, but you might hand over your first pet’s name and mother’s maiden name for your porn star name – and these are very common answers in password reset systems.
What is two-factor identification?
Two-factor authentication is a second layer of security which is used to protect an account, system – and in this case, transactions online.
It increases the safety of online accounts by requiring two types of information from the user, such as a password or PIN, an e-mail account, credit and debit card or fingerprint, before the user can log-in or transact.
Chris Hauk, consumer privacy champion at Pixel Privacy, explains: ‘If you publish too much personal information, bad actors can use it to take control of your online accounts, as well as credit card accounts and others.
‘Things like your first pet’s name, your mom’s maiden name, the street you grew up on and other information are used on a regular basis for identity confirmation when you’re locked out of an account or request a new debit or credit card.’
7. Don’t befriend strangers
Keep your Facebook friends circle to those that you know and trust.
Samani says: ‘Often hackers or criminals will send requests so they can see the information you are sharing to help them in access your private information.’
Adjust your privacy settings so that only close friends and family can see your posts and photos.
Also watch out for duplicate accounts of people you are already friends with asking to be your friend. It could be a fraudster has set up an alternative account and is harvesting their friends.
Should you de-activate or leave Facebook?
For some having a Facebook account – or any social media account – may feel more like a burden than a pleasure.
If you feel this way or are too worried about security breaches, you could take the extreme measure and deactivate or delete your Facebook account.
If you have an account that you rarely use and so therefore might not now if you have been hacked this may be wise.
De-activation means that your account (including posts, photos, etc.) gets hidden and others can’t search for your account. It’s a temporary measure if you’re undecided on keeping your Facebook account active or not.
Deleting, however, means your account will be gone permanently. Emm says: ‘This is a very personal decision, based on whether the potential risks are outweighed by the benefits of using the platform to stay in touch with people. But by securing your account, limiting what others can see and not over-sharing personal information, you can reduce the risks.’
How can you get your hacked Facebook account back
It can be difficult to recover your Facebook account, particularly if hackers have acted swiftly to put the account in their name.
Unfortunately, there’s no access to a call-centre as Facebook has automated the account securing process. Here’s the urgent steps you should take to get it back:
· Verify a password change
If a hacker has changed your personal details, you will receive an email from Facebook warning you of the change in login details and inviting you to ‘secure your account’. Emails from Facebook always come from Facebookmail.com.
· Report the hack to Facebook
Report the hack to Facebook immediately through Facebook’s help centre. You’ll be asked to type in a phone number or email you used to open the account to search for it and get it back.
· Verify your account through other forms of ID
If the hacker has done a complete takeover of your account and blocked you further by employing two factor authentication using their own mobile devices and emails you can verify your account in other ways through Facebook by using other forms of ID. Facebook will ask you to scan and send things like your marriage certificate, passport or driving licence to prove who you are.
· Warn others that you’ve been hacked
If you have access to other social media platforms like LinkedIn or Twitter you can use these platforms to warn friends and colleagues that you’ve been hacked and not to trust any messages or links coming from your Facebook account.
· Don’t employ a third party to hack your Facebook account back
Be careful of anyone approaching you claiming to be ‘white hackers’. They may not be the good hackers they claim to be, and you could get into more trouble. Only use Facebook to get your account back
Some links in this article may be affiliate links. If you click on them we may earn a small commission. That helps us fund This Is Money, and keep it free to use. We do not write articles to promote products. We do not allow any commercial relationship to affect our editorial independence.