With an itchy click finger and decreased attention span it is easy for hackers to spoof you into giving them access to your Facebook profile. I know it is tempting to click on the links in the wall posts or email messages on Facebook suggesting that they LOL’d at a photo of you but you need to pay more attention to what you are doing.
The problem is that people are not very rational when using their online services such as Facebook. Why would someone say something like that out of nowhere, and why would you just click on it with out thinking first?
I put together a video showing the different ways that a profile can get hacked and how to prevent it but let me also explain it in text so the interwebs can pick it up in search.
#1 Clicking on links that direct to password phishing sites or other malicious sites.
To avoid accidentally giving away your Facebook credentials to a hacker simply pay attention to what you are clicking on and DO NOT enter your login information unless you are 100% certain that you are on Facebook.com. A Phishing site is a website that was setup to mimic the login page of another website in an attempt to trick people into entering their username and password.
The Facebook login page is easy to recreate and anybody with five minutes of web design experience can make a fake one. What typically happens is that you are redirected to this page that makes you think that you got logged out (this is not AOL, you don’t just get logged out of things for no reason anymore). Once you enter your information and click to login you are redirected to your Facebook page making you think that you successfully logged in. Since you were never logged out it in the first place you think that all is well. The problem is that the fake Facebook login website just added your email address and password to it’s database of other suckers. Who knows how they will end up using that data. They now can post anything to your Facebook that you can post. They have 100% access.
What you need to do now is change your password. Change it to something good. Your Cat’s name is not good enough. It needs to be something more secure. If your Cat’s name is the only thing you can remember than you can make that name more secure by changing out letters for other keyboard characters. For example: If your Cat’s name is Whiskers you can make your password Wh1sk3rs. Notice that I changed out the letter I for a 1 and the letter E for a 3. All you have to remember is that the vowels in Whiskers were exchanged for the numbers that they look like. Since a letter I looks like a 1 and a E looks like a 3, it should be easy to remember. Of course no password is secure if it’s user is clicking on links they shouldn’t be and accidentally typing in their password to Phishing sites.
#2 Giving Access to Applications on Facebook that are Malicious, Old or Outdated
Everything these days has Facebook access. We can post to Facebook from everything, even your refrigerator. Giving access to your Facebook profile for the most part is harmless. Most of these apps or websites just want to allow you to post to your wall from their service. However, if one of them becomes out dated and was accessed by a hacker, who knows what could happen. This is why I regularly go into my Apps page under Accounts in Facebook and delete old apps that I no longer need to have access to. It’s best to be safe and delete these. You will probably be surprised at what has access to your Facebook profile.
How To Avoid Clicking on Potentially Malicious Links Altogether!
How do you know if one of those links is bad or not? Simply Ask. If you get a Facebook message from someone that sounds Phishy to you, don’t click on the link. Send your friend a new message asking them if they meant to send you that link. If they did then you can click on it, if they didn’t know about that link being sent to you then you can ask them to change their password because their profile was probably hacked.
A moment of patience goes a long way. Take a deep breath and use your best judgement before clicking on something. If you see something on your wall that you didn’t put there, remove it. If you see something on somebody else’s wall that you know they didn’t put there, don’t click on it. Send them a message or a new wall post asking them to remove it and suggesting that they read this blog post.
Please be careful and only click on links that you are familiar with. Never enter your username and password into a website unless you are 100% sure that you are on the website you intended to be on.
If you have any tips on prevention, please share them with us in the comments.