Mahendra offered some awesome tips for safeguarding your Facebook security, and Tim offered some useful privacy tips when you choose to use Facebook Places. Today, I’d to enlighten you with a few more tools in your arsenal against Facebook account hijackers with 5 ways that those hackers commonly obtain Facebook passwords.
Facebook Applications, Causes & Ads
Starting from within Facebook, while you’re logged into your own account, there are a few things you should be careful about. Other MUO writers have mentioned this often, but it bears repeating – do not, under any circumstances, just click on any ads or applications that you’re unfamiliar with.
There have been numerous cases of people getting viruses from Facebook ads, or otherwise releasing private details that they never really intended. Varun’s article on Facebook viruses and scams is a big help on this front.
Phishing For Facebook Passwords
Hackers are always exploiting the thing that’s most popular. Spammers utilize various methods to get you to provide your personal login details. Recently, Facebook has been a target for spammers that utilize the “phishing” technique.
When you do click on the Facebook link, you’ll visit a page that looks like you’re logging into Facebook, but you’re actually providing the spammer with your Facebook password details.
In this scenario, you remain safe by hovering your mouse over the link and observing the status bar for the actual URL link (not the URL text in the email).
If the link is something other than Facebook.com, it’s very likely that the email is a fake.
Websites Integrated With Facebook
As we move down the list, the threats become a little more advanced. As Facebook becomes ever more popular, websites, blogs and even large businesses are incorporating the well-recognized Facebook and Twitter buttons onto their pages.
That’s all well and good, assuming that the Facebook link is authentic.
Hackers will camouflage a false Facebook login page by making it look like an authentic share button. Click on the fake Facebook button, and you’ll be handing the hacker your credentials.
How do you avoid this scenario? Before visiting any sites, log into Facebook on a separate browser tab. Then, in a new tab, visit these sites and use the Facebook share buttons all you like. Authentic buttons that are plugged into the Facebook API will recognize that you are already authenticated and automatically post.
Desktop & Online Applications’
Another area of security concern are third party applications that have the ability to pull data from, and post to your Facebook account. I’ve tested countless social networking tools, and usually I don’t think twice about allowing the application access to my Facebook account. This is because it’s usually a well-established application that most people already trust.
But for every well-established app that you can trust, there are probably ten or twenty bogus apps set up mostly to gain access to Facebook authentication details. The moral of the story – before you install an app and provide your Facebook login credentials, scour the web for reviews from other users (or check if it’s listed at MUO).
Logging In On Public Computers
One of the most common situations that I’ve come across is when a friend or family member has their Facebook account hijacked, the first thing I ask is whether they’ve ever logged into the account on a public computer. Most of the time they have. The problem that many people don’t realize is that little “keep me logged in” button under the Facebook login fields.
This basically ensures that no matter where else you browse to, or even if you close the Facebook tab, that browser session remains authenticated. Go to any public library where the Internet browser is left open, go to Facebook and more often than not you’ll find that the last person that accessed Facebook is still logged in.
Fake Chat Pop-Up Ads
Another recent phenomenon to fool people into logging into their Facebook accounts is the fake chat pop-up. These ads are known to clone a Facebook chat pop-up. It looks like a random person is trying to chat with you from where the Facebook chat is usually located.
If you click on the chat window, it may take you to a Facebook phishing page. Or, it might just be an advertisement for a porn site or other product that you very likely have no interest in.
All of these tactics are now being used by hackers and identity thieves to gain access to your private facebook data. By only logging into your account on the official Facebook site, using third party apps that you know you can trust, and being very careful when you log in at a public computer – you really can ensure that your Facebook account never gets hacked.
Do you know of any other deceptive tactics hackers are using to access Facebook accounts or steal Facebook passwords? Share your own insight in the comments section below.