Security Social Media

5 Ways Hackers Use Facebook to Steal From You

Megan Ellis 19-06-2018

If you thought privacy was the only thing at risk when using Facebook, it turns out there is even more to be concerned about. This is because there are other ways Facebook can compromise your security. In fact, Facebook is a major tool for cybercriminals to hack and steal information from others.


But how do they do this, and what do they gain? Here are the crucial ways criminals use Facebook to hack your devices, and steal sensitive information.

1. Malvertising

If you thought advertisements were annoying, imagine ads that actually download malware to your PC. This is what can happen with fake adverts called malvertising What Is Malvertising and How Can You Prevent It? Malvertising is on the rise! Learn more about what is it, why it's dangerous, and how can you stay safe from this online threat. Read More . These are ads linked to malicious websites; they can also prompt your browser to download a malware to your device.

In recent years Facebook has tightened security on its ad delivery platform. But there have been multiple instances where criminals have bypassed the social network’s restrictions.

Ads for ineffective diet pills, and non-existent miracle cures, are the modern equivalents of snake oil salesmen. But malvertising is more insidious. This is because the malware in these ads can steal your credentials, banking information, personal data, and more.


While Facebook has gained more control over the problem, malvertising continues to be something users should look out for.

2. Social Engineering Hacks

A socially engineered phishing email that uses the target’s job description to try solicit more information and send malware.

Scammers use social engineering What Is Social Engineering? [MakeUseOf Explains] You can install the industry’s strongest and most expensive firewall. You can educate employees about basic security procedures and the importance of choosing strong passwords. You can even lock-down the server room - but how... Read More to manipulate targets into divulging sensitive information, using social, and psychological techniques.

It is commonly used in phishing What Exactly Is Phishing & What Techniques Are Scammers Using? I’ve never been a fan of fishing, myself. This is mostly because of an early expedition where my cousin managed to catch two fish while I caught zip. Similar to real-life fishing, phishing scams aren’t... Read More since you are more likely to believe a scam that is tailored towards your personal information. This type of phishing scam even has its own sub-category: spear phishing.


In fact, this form of phishing is significantly more successful than regular phishing. According to cybersecurity company FireEye, personalized phishing emails have a much higher success rate than general scam emails. In their white paper on the issue:

“Spear-phishing emails work because they’re believable. People open 3% of their spam and 70% of spear-phishing attempts. And 50% of those who open the spear-phishing emails click on the links within the email—compared to 5% for mass mailings.”

But where are scammers finding this information? Often, it’s on your Facebook profile. Even if you have privacy protections that keep most of your information from being viewed by the public, it’s not uncommon to have scammers send you a friend request to get a better view of your details.

It’s best to not accept friend requests from strangers. You should also set most of your details to private or friends only. Every detail that scammers can see can help them make their phishing emails more believable. They will often name one of your Facebook friends as the person who gave you their contact information, they can comment on new jobs or relationships, and they can personalize the email according to your location.

3. Facebook Messenger Links



A general internet rule is that if a contact sends you a URL in a message with little context or explanation, you shouldn’t click on it. This is because malicious links sent through messaging apps are one of the most common ways to hack accounts and spread viruses. Considering Facebook Messenger has such a huge reach, it makes the app a no-brainer for hackers.

As such, a lot of malware uses Facebook Messenger to spread How to Remove the Cross-Platform Facebook Messenger Malware Facebook is a great way of keeping up with your friends and family. But you might find more than the latest news and cat selfies. This is how rid yourself of cross-platform Facebook malware. Read More . As recently as May 2018, hackers were able to use the messaging platform to trick users into downloading a fake Chrome extension.

This turned out to be malware used to steal cryptocurrency wallet credentials. The malware, dubbed Facexworm, also infiltrated users’ computers to siphon off processing power for cryptocurrency mining.

Unfortunately, if you’re not on guard, it’s easy to end up reflexively clicking on one of these links.


Don’t click links!

If it is probably just your friend sending you a link they want you to see, message them back and ask about it. Automated malware bots don’t tend to hold a conversation.

If you do click on a link and a site asks you to download a file—again, don’t. It’s the inherent trust users have for friends’ messages that makes this form of spreading malware particularly effective. You should also make sure that you have enough anti-malware protection to prevent automatic downloads from cross-site scripting What's Cross-Site Scripting (XSS), & Why It Is A Security Threat Cross-site scripting vulnerabilities are the biggest website security problem today. Studies have found they’re shockingly common – 55% of websites contained XSS vulnerabilities in 2011, according to White Hat Security’s latest report, released in June... Read More .

4. Dodgy Apps and Quizzes

Most of us know just how much information quizzes (and other apps) on Facebook can actually gain from your account. The Cambridge Analytica scandal Facebook Addresses the Cambridge Analytica Scandal Facebook has been embroiled in what has come to be known as the Cambridge Analytica scandal. After staying silent for a few days, Mark Zuckerberg has now addressed the issues raised. Read More brought this issue starkly into the public eye. In fact, just a few weeks after news of their abuses broke, it was revealed how a quiz dubbed myPersonality also harvested user info and left it exposed due to lax security.

While Facebook is cracking down on these types of apps, they still exist. Data harvesting is one problem these apps pose, but they have also been used to deliver malware, or steal account credentials. Clickbait quizzes are an easy way for advertisers and scammers alike to harvest user data. Many people don’t hesitate to give the quiz or app access to their Facebook account.

Sometimes the quizzes also include malicious code which infiltrates your PC once you access it. If you think that you may have approved access for a dodgy app, read our guide on how to revoke app access on Facebook Facebook Privacy Tip: How to Limit Your Data Being Shared With Third Parties You should tweak these Facebook privacy settings to prevent your data from unknowingly being shared by friends to third-party harvesters. Read More and increase your privacy.

5. Scams Shared Through Timeline Posts

An example of a fake sponsored post on Facebook. Image Credit: Money Saving Expert

This is another form of malvertising, but rather than relying on Facebook to deliver ads on their platform, scammers share Facebook posts on their timeline or page. These posts then lead to malware or scam sites.

Sometimes scammers promote these posts through Facebook’s advertising tools. But they are also spread and shared by regular and fake users alike. This is especially true for scam sites which promise some sort of reward, such as the chance to win money.

The sites that are shared in these posts often attempt to replicate the appearance of legitimate news sites. However, when a user visits the page, the site will either attempt to inject malware into the user’s device or a popup will appear. These popups present a fake product, offer a free item to users or promote a fake service such as an “amazing Bitcoin opportunity”. When users click on this popup, a page asks them to enter payment information or other credentials. This information is then used to steal money, identities or access to user accounts.

The problem is significant enough that a broadcaster and entrepreneur named Martin Lewis is suing Facebook for a flurry of sponsored fake posts that use his name and reputation to promote scams. Since the announcement of his lawsuit, the social network has removed thousands of posts that use Lewis’ name and reputation to scam users.

How to Avoid Malware and Viruses on Facebook

It may feel like Facebook is a minefield to navigate in terms of privacy and cybersecurity risks. But if you do get struck by malware, there are options available to help remove it.

For more information on how to avoid these cybersecurity threats on Facebook, check out our guide on preventing and removing viruses on Facebook How to Prevent & Remove Facebook Malware or Virus Facebook malware is a threat, but you don't have to worry about it if you follow this advice. Here's how to avoid the nasty side of Facebook. Read More .

Related topics: Facebook, Malvertising, Phishing.

Affiliate Disclosure: By buying the products we recommend, you help keep the site alive. Read more.

Whatsapp Pinterest

Leave a Reply

Your email address will not be published. Required fields are marked *