Internet Security Blog - Hackology

Facebook: Account Security and Privacy Tips

With almost two billion monthly users Facebook has become the largest social media giant. Be it communication, entertainment, business or journalism: Facebook has changed the dynamics of living in every way. With that being said security and privacy of it’s users is the first and foremost thing to be ensured. As security tightens hackers find new ways to exploit them, Following tips given in this article will ensure a safe and secure Facebook account which is “Hack proof”

Protection from phishing attacks

Facebook has an expansive catalogue of apps and games but that’s where hackers can easily trick users into adding the apps that are nothing but fronts for phishing scams. If you get any invitation from someone asking you to try out an app be suspicious, ask them if they really sent the invitation.

Email is the common method of phishing, never click a link that appears to have been sent from Facebook. Instead check Facebook notifications and see if anything mentioned in the email was really from Facebook.
If someone is being desperate for likes and shares, someone suffering on a hospital bed needs likes and shares to be saved? Someone asking for a prayer chain “share and say Amen“? No only condolences!
Be especially wary of the external links shared in the feeds. It’s completely up to you to judge whether the post is a scam or legit. An active Facebook session can be easily hacked through such scams.

Notorious Apps / Get Free Likes

You must have stumbled upon various such services which give you the ability to get instant likes on your posts and to do that you need to “Allow” an app , DO NOT FALL FOR THAT. These apps take control of your “Access Tokens” which have extended permissions they can post on your behalf , like and share posts on your timeline. Cherry on top is that they can even access your inbox without knowing your “password” So always remove apps from App Settings which you find fishy or do not use any longer. Such Apps are also responsible for sending out unsolicitated posts on your behalf, The first outbreak of such spamming techniques were reported (with a fix) on Hackology in 2010 / 2012 : Facebook Spamming – Jungle Fire

Facebook Apps
Facebook App Settings – Removing unused Apps is a good security practice

Set two factor authentication

After setting two-factor authentication you will be asked to enter verification code sent on your phone number, to log in to your account. This will be valid for one session only if you don’t save the browser, once the session is terminated another code will be required for accessing the account next time. So no one can log in to your Facebook account from a new device/browser even if they have your password only exemption here is that they need to have physical access to your phone.

Activate Two-Factor Authentication from Settings > Security and Login  > “Use Two-Factor Authentication
You can also setup third party code generator as Google Authenticator from here or see your approved devices under authorized Logins , which you can “Remove” when you can not recall which device that is.

Misc Protection Guide

  •  Secure your Browser
  • Browser cleanup – Attackers can steal your passwords, information from your accounts by attacking browsers.Clear your browsing history,cookies and cache every once in a while.
  • Update the browser to the latest version.
  • Protection from spyware/malware – Web history is not the only way of attacking web browsers.Hackers might attack the browser through malwares and malicious apps that you have installed unknowingly. Keep your system security upto date.

Follow Security Check up

Follow the Security Check up and instructions given in Facebook security settings. Set login approvals,login alerts,add your phone number,activate code generator. Code generator will help in case you are unable to receive SMS,and can be downloaded from App store. Pick a strong password and change it frequently(Is Strong Password a Safe Password ?). Chose trusted contacts to help you in case your account is locked.
Turn on Secure Browsing in Facebook settings,this will make sure that your browsing activity within Facebook is secure and no integrated apps are able to steal your personal information.

Facebook Privacy – Your Enemy

Update Facebook privacy settings. Keep the email id and phone number hidden.

Limit the audience for your profile data. If you receive friend request from unknown person, check how old is the account,what kind of content is shared on the timeline? if created within last week,or photos and posts appear to be scammy, you better ignore the request. Even if the profile seems legit but you have no mutual friends and no mutual interests better to just avoid it. Go through Facebook Privacy Checkup to see your privacy settings and fix what requires fixing

Facebook Privacy Checkup
Facebook Privacy Checkup

Keep you personal photos private,if the photo was taken from your smartphone.Most of the modern phones keep GPS Coordinates embedded in the photos (also known as EXIFF Data), it can easily tell your location data.

My Facebook has been Hacked – What NOW ?

Follow this guide if

  • Your Facebook has been hacked
  • You can not access your Facebook account
  • You can access your Facebook but it is posting things which you never made
  • Facebook activity of your account is suspicious
  • Your Friends are saying that you are sharing odd stuff

If you have have encountered any single of the above options , just open your browser and visit Facebook dedicated Hack restoration page : and start with “Report Compromised Account” Process.

Facebook Hacked – Recover your compromised Account

If your account is hacked or you need help protecting it or you are unsure about something you should always Ask Techie!

Add comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Get Wise

Subscribe to my newsletter to get latest InfoSec / Hacking News (1 Email/week)
Utopia p2p Ecosystem

Discover more from Internet Security Blog - Hackology

Subscribe now to keep reading and get access to the full archive.

Continue reading