If you thought privacy was the only thing at risk when using Facebook, it turns out there is even more to be concerned about. Facebook can be a major tool for cybercriminals to hack accounts and steal information from others.

But how do they do this, and what do they gain? Here are the crucial ways hackers use Facebook to access your devices and steal sensitive information---sometimes even stealing your Facebook account.

1. Malvertising on Facebook

If you thought advertisements were annoying, imagine ads that actually download malware to your PC. This is what can happen with fake adverts called malvertising.

In recent years Facebook has tightened security on its ad delivery platform. But there have been multiple instances where criminals have bypassed the social network's restrictions.

This malware can steal your credentials, banking information, personal data, and more.

While Facebook has gained more control over the problem, malvertising continues to be something users should look out for.

2. Social Engineering Attacks to Steal Accounts

phishing-email-scam
A socially engineered phishing email that uses the target's job description to try solicit more information and send malware.

Scammers use social engineering to manipulate targets into divulging sensitive information, using social and psychological techniques.

It is commonly used in phishing since you are more likely to believe a scam that is tailored towards your personal information. This type of phishing scam even has its own sub-category: spear phishing.

But where are scammers finding this information? Often, it's on your Facebook profile. Even if you have privacy protections that keep most of your information from being viewed by the public, it's not uncommon to have scammers send you a friend request to get a better view of your details.

It's best to not accept friend requests from strangers. You should also set most of your details to private or friends only.

Every detail that scammers can see can help them make their phishing emails more believable. They will often name one of your Facebook friends as the person who gave you their contact information, they can comment on new jobs or relationships, and they can personalize the email according to your location.

facebook-messenger-virus-link

A general internet rule is that if a contact sends you a URL in a message with little context or explanation, you shouldn't click on it. This is because malicious links sent through messaging apps are one of the most common ways to hack accounts and spread viruses. Considering Facebook Messenger has such a huge reach, it makes the app a no-brainer for hackers.

As such, a lot of malware uses Facebook Messenger to spread.

Unfortunately, if you're not on guard, it's easy to end up reflexively clicking on one of these links.

Don't click links!

If it is probably just your friend sending you a link they want you to see, message them back and ask about it. Automated malware bots don't tend to hold a conversation.

If you do click on a link and a site asks you to download a file---again, don't. It's the inherent trust users have for friends' messages that makes this form of spreading malware particularly effective.

You should also make sure that you have enough anti-malware protection to prevent automatic downloads from cross-site scripting.

4. Dodgy Apps and Quizzes on Facebook

Most of us know just how much information quizzes (and other apps) on Facebook can actually gain from your account. The Cambridge Analytica scandal brought this issue starkly into the public eye. In fact, just a few weeks after news of their abuses broke, it was revealed how a quiz dubbed myPersonality also harvested user info and left it exposed due to lax security.

While Facebook is cracking down on these types of apps, they still exist. Data harvesting is one problem these apps pose, but they have also been used to deliver malware or steal account credentials.

Clickbait quizzes are an easy way for advertisers and scammers alike to harvest user data. Many people don't hesitate to give the quiz or app access to their Facebook account.

Sometimes the quizzes also include malicious code which infiltrates your PC once you access it. If you think that you may have approved access for a dodgy app, read our guide on how to revoke app access on Facebook and increase your privacy.

5. Scams Shared Through Timeline Posts

martin-lewis-fake-facebook-ad-post
An example of a fake sponsored post on Facebook. Image Credit: Money Saving Expert

This is another form of malvertising, but rather than relying on Facebook to deliver ads on their platform, scammers share Facebook posts on their timeline or page. These posts then lead to malware or scam sites.

Sometimes scammers promote these posts through Facebook's advertising tools. But they are also spread and shared by regular and fake users alike. This is especially true for scam sites which promise some sort of reward, such as the chance to win money.

Other times, hackers take over a regular user's account and use it to post a scam to their timeline, while tagging many of their friends. Since the post comes from a known account, hackers hope that you'll follow the post's link and fall for the scam.

The sites that are shared in these posts often attempt to replicate the appearance of legitimate news sites. However, when a user visits the page, the site will either attempt to inject malware into the user's device or a popup will appear.

These popups often present a fake product, offer a free item to users or promote a fake service such as an "amazing Bitcoin opportunity". When users click on this popup, a page asks them to enter payment information or other credentials. This information is then used to steal money, identities or access to user accounts.

How to Avoid Malware and Viruses on Facebook

It may feel like Facebook is a minefield to navigate in terms of privacy and cybersecurity risks. But if you do get struck by malware, there are options available to help remove viruses on Facebook.