Saturday, 29 July 2017

How to Protect Your Facebook from Hackers

Those who pay less attention are often the first to succumb to new hacks and scams on the internet. If you happen to be a regular Facebook use, which is more likely than not, then you may need to start paying more attention.

For many people, Facebook is part of their everyday life. It’s where they interact with friends and colleagues, and is seen by many as an extension of themselves. Having your Facebook account hacked can be more than just humiliating: depending on what the hackers do, it can damage your reputation or even cost you money.

If you suspect that your Facebook account has been hacked, the first thing to do is change your password. This article contains other tips and tricks for boosting the security of your Facebook account.

The traffic from mobile phones has grown exponentially from 0.7% in 2009 to 50.3% in 2017.Scammers, having noted that mobile traffic is now greater than PC traffic on a worldwide scale, and adapting their techniques to take advantage of mobile users. Using the vulnerability of mobile devices which tend to be less protected than PCs.

Now let look at how Facebook hacking really works

The scam uses a technique called URL padding. A typical URL is composed of three parts:
  1. A domain
  2. A subdomain (optional)
  3. A path (optional)
If you have been paying close attention as a mobile user, you’ve no doubt seen in your browser’s address bar while visiting Facebook. This is the subdomain + domain combination that shows you’re on the mobile version of Facebook’s site.

URL padding is a process where a scammer creates a subdomain on an entirely different domain to impersonate some site, and “pads” the subdomain with innocuous characters to make others think they’re on the actual site.

Here’s an example URL from PhishLabs:
Visiting the site presents you with an exact replica of the actual mobile version of Facebook’s home page, asking you to enter your log in details. A knowledgeable-but-inattentive user might glance at the URL, see, consider the coast clear, and sign in.

Once you log in, the game is over. The site will present an inconspicuous error (e.g. Password mismatch) but they alreading have your detail: they’ve stored your username and password, and can now access your real Facebook account or use those credentials to try to break into your other accounts: Gmail, Amazon, PayPal, banks, if you share the same password on them.

Keen readers will note that the actual domain of this suspicious URL is and it has three nested subdomains under it:
  1. com----------------validate----step1
  2. Facebook
  3. m
You’d probably see it as an obviously scammy URL if you were to encounter it on a PC. Many mobile users don't tend to notice the URL. Padded URLs can be sent through all kinds of communication methods: email, text messages, messenger apps, and more so you need to carefully when ask for your credentials.

The sad thing is, fake URLs are nothing new. Earlier this year, an exploit was discovered in Chrome where URLs could be modified to appear as other URLs. Fortunately, the bug was patched before scammers could go to town with it but shows that trusting a URL is nothing but foolishness.

How to Secure Your Facebook Account

One way to guard against a padded URL is to learn how to spot phishing messages, and more importantly, only visit sensitive websites by typing domains directly into your browser’s URL bar.It’s a minor inconvenience, but worthwhile. I do it all the time, especially when checking bank accounts and using e-commerce sites. Over time it’ll be second nature and your rate of being scammed will plummet.
However, if you already fall a victim? Or what if someone, by any other means, gets their hands on your Facebook login credentials? Here are a few extra things you can do to stay secure.

Use Unique Passwords

The worst online mistake is to one password for all of your accounts. Most sign up services require an email to sign up? Well, if you’re like most people, you use the same email address for all services so as to have a unique password for all the accounts. In that case, if someone figures out your password for one an online account, then they now inadvertently have access to all of your accounts.

Too risky
By using a separate password for every account and never repeating them, you can limit the damage considerably. Don’t think you can keep all of those passwords straight in your head? Start using a password manager and you’ll never have to worry about passwords again.

Use Login Approvals and Codes

Perhaps the best thing you can do for your Facebook security is to enable two-step verification. With two-step verification enabled, you can add extra layers of protection with Login Approvals and Code Generator.
With Login Approvals, Facebook sends an SMS text message to your phone whenever someone tries logging in to it. The text message contains a numeric code that must be entered to grant access. Even if someone has your password, they won’t be able to log in if they don’t have your phone as well. Sound very pretty, good idea.

Code Generator is a similar feature that exists in the Facebook mobile app. The app itself generates a code that must be entered to log into Facebook from another device. It’s a good alternative when you don’t have an internet connection or SMS texting.

Use U2F Security Keys

A U2F security key is a physical device that resembles a USB flash drive. Instead of tying two-step verification of your phone (as with Login Approvals and Code Generator), you confirm logins by plugging the U2F key into the device you’re logged in with. Facebook isn’t the only site that supports U2F — others include Gmail, YouTube, WordPress, GitHub, and the list is growing — but you’ll need to use Chrome or Opera for it to work.

Conclusion and quick check

Facebook has been an extension of self to many people and a major platform for connecting with family, friend, and colleague. Therefore, protecting Facebook account for is very important. Below a summary check on protecting Facebook from hackers.

  1. Create a strong password
  2. Change your password on at least every six months using a password manager
  3. Do not use your Facebook password anywhere else
  4. Do not share your Facebook password with anyone
  5. Avoid using the “remember password” feature of web browsers
  6. Do not accept friend requests from people you don’t know
  7. Click carefully to avoid phishing

No comments: