5 common mistakes Facebook users make that get their accounts “hacked”

ByCraig Haley

As any frequent reader of our blog will be well aware of, there is a myriad of ways you can end up compromising your own Facebook security.

While the more accurate description for the term “hacked” may be a criminal exploiting some coding vulnerability to gain access to a victim’s account without their consent or involvement, these days criminals are more likely going to lure a victim into compromising their own security via a variety of social engineering tricks. Especially on social media.

Needless to say, Facebook is still by far the most widely used social networking website on the Internet, and as such, it is still the one criminals most prolifically target, laying down traps and waiting for Facebook users to fall into them.

Here we detail the most popular mistakes Facebook users make that result in them compromising their own security (and how to avoid making these mistakes!)

Mistake 1: Entering their Facebook login information on spoof login webpages

This is the crux of a Facebook phishing scam. Lure a potential victim to a fake login page that is designed to look exactly like the real Facebook login page. Only it isn’t. It’s on a web domain belonging to a criminal, and the details entered into the username and password boxes are sent straight to a scammer.

Victims who enter their details into these spoof webpages are then often forwarded to the real Facebook website, so they may never realise what happened.


A spoof login webpage

Scammers can send victims to these spoof webpages through a variety of ways, most often by sending fake chat messages, emails or posting fake links elsewhere on the Internet.

Avoiding this mistake is simple – if you click a link and are asked to login to Facebook, check the web domain address in the address bar. Is it Facebook.com? If not, leave.


Sponsored Content. Continued below...




Mistake 2: Use Facebook on a shared computer or unsecured Wi-Fi

Shared computers, for examples computers at libraries or hostels, are often infected with malware that can record your username and password for any account you login to, including Facebook. This information is then sent straight to the criminals who can then access your account if you haven’t enabled login approvals.

Additionally, unsecured public Wi-Fi can be just as bad, since a variety of publicly available eavesdropped tools can be easily employed on an unsecured Wi-Fi network to collect passwords and usernames from other computers connected to the same network.

Mistake 3: Installing Facebook Apps that lead to malware

Facebook Apps can be fun, but they can also be dangerous. Facebook don’t vet developers, meaning criminals can and do create rogue Facebook apps that can lure users OFF of Facebook and onto malware-laden websites.

A popular example of this is Facebook apps that lure those who install it to external websites that request you download a “codec” or “update” to watch a video. Once the victim complies and allows the download, they’ve infected their computer with malware.

Such malware can be designed specifically to take control of a Facebook account (variants of “koobface”) or keyloggers that can steal your password and send it to a scammer.

Of course, rogue Facebook app can cause a variety of privacy nightmares as well since they have access to personal information about you. So the advice here is simple; don’t install Facebook apps you don’t trust.


Sponsored Content. Continued below...




Mistake 4: Use the same password username combination everywhere.

Data breaches happen. And when they do, there is little you can do about it. Customers of companies like Sony, Yahoo and Ashley Madison will be well aware of this. If a data breach occurs, your password and username may be leaked online, just waiting for someone to pick it up.

It goes without saying that changing your password for the site where the data breach occurred is pretty important. More often than not, you’re forced to do this anyway by the affected company.

But criminals aren’t likely to use your username and password on that site anyway, because they know when the breach occurred, the company will likely force their users to change their passwords. What the criminals also know is that millions of Internet users use the same password and username for other accounts. So they’ll try other accounts – namely Facebook – to see if you used the same combination. If you have, and your account doesn’t have any login approval enabled, your account is now compromised.

Mistake 5: Oversharing

As a bonus mistake, we would have to include “oversharing” – over sharing information about yourself that an identity thief could potentially use to pretend to be you. Is the answer to any ‘security questions’ about you available on your social media profile? Can a criminal glean enough information about you to fool your phone company? Think about what information you share online.

Keep up-to-date with all the latest cybersecurity threats and our tips to stay safe online. Follow us on Facebook, Instagram and Twitter.

Continued below...


Thanks for reading! But before you go… as part of our latest series of articles on how to earn a little extra cash using the Internet (without getting scammed) we have been looking into how you can earn gift vouchers (like Amazon vouchers) using reward-per-action websites such as SwagBucks. If you are interested we even have our own sign-up code to get you started. Want to learn more? We discuss it here. (Or you can just sign-up here and use code Nonsense70SB when registering.)

Become a Facebook Supporter. For 0.99p (~$1.30) a month you can become a Facebook fan, meaning you get an optional Supporter Badge when you comment on our Facebook posts, as well as discounts on our merchandise. You can subscribe here (cancel anytime.)