So, I just spent the last two hours on the phone with a friend of mine who’s facebook account was hacked tonight.  Unfortunately, we made a few mistakes that I will talk about in a bit so you don’t do the same.   The interesting thing about this is that it is happening more and more often.  Don’t believe me?  Just Google “my facebook account has been hacked” and see how many thousands of pages come up.  The real disturbing thing is, not only will you find victims– but “how tos” as well.

Now, this of course is to be expected– this is what hackers do.  They see a challenge and rise to it.  Hacking facebook is no different than hacking into school records, medical reports, phishing for bank or credit card info, except that the penalties are not nearly as harsh.  Malicious hackers do it for fun, for the challenge, to prove a point, & in some cases to get a job.  A job you ask?  Really?  Well, if a hacker can prove there is a problem with a system, in many cases they either know the solution or can establish one with little effort.  Companies hire both convicted and “reformed” hackers all the time for security positions.  I recently saw an article on Monster.com with tips on how to make a hacking hobby into a career.

Users of facebook, right or wrong, share information that is sensitive– even private to all but their closest friends and family.  Many post photos of their kids, where they are at, what they are doing and when– this opens up all kinds of scenarios for ne’er-do-wells to take advantage of.  Many facebook users use the same password for everything, so if their account is compromised a domino effect can occur that leads to their email, im accounts, bank accounts, and more.  So how do you keep  yourself from facebook infiltration?  The short answer is you can’t, but you can take steps to protect yourself.

First, don’t use the same password for the email account associated with your facebook account and your facebook log-in.  If the hacker gets into your facebook account with your password, they can also get into your email.

Second, change your passwords often.  It may seem like a pain, but changing your password frequently on all of your accounts is a good idea.  Many banks require that all of their employees change their log-in info at least twice a month.  This is not fool proof, but it does create a bigger challenge.

Third, don’t accept friend requests from people you do not know.  Even if you recognize the name & the photo, make sure that you click on their name to find out a bit more information before accepting them as a friend.  First look to see if you have any friends in common, if not they may not be who they say they are.  Also, look to see if there are any other details you recognize such as what schools they attended, where they work, what city they live in.  If anything looks fishy, it probably is.  Now most of us don’t want someone to think we don’t remember them, but its not out of line to send a message to them before you add them as a friend.  Send a direct message that doesn’t reveal too much and ask directly how you know them, or if its someone you know fairly well– ask about their life, family, etc. and see what comes back.  But don’t accept them as a friend until you are confident they are who they say they are.

Forth, be cautious about the information that you make public to friends and non-friends alike.  Facebook by default shares all of the information that you plug in from your birthday to your phone number, all of which can be used to access all kinds of private account information from banking to email accounts.  It can also be used to verify “identity” to family, friends, even schools.  So, make sure to go into your privacy settings and turn off the things that can be used to exploit not only your facebook account, but the rest of your life as well.  Remember, your closest friends will already know your mother’s maiden name and your mobile number, no reason to post it to your 5th grade kick ball partner who neglected to mention on his facebook page that he spent his college years in the state pen for identity theft.

Fifth, go through your friends list now and again to not only make sure that you haven’t added anyone by mistake, but to also weed out “friends” that it was nice to say hi too, but you haven’t communicated with in months.  Removing friends may seem like a terrible thing to do, but chances are that if you really don’t care what they had for breakfast, they don’t care what you had either.  Facebook does not notify the friend when you remove them, but you will no longer show up on their news page & they won’t be able to access your profile (& vise versa).  The exiled friend can always request friendship again & you can choose whether or not to accept the request.

So, now you know a bit more about how to protect yourself– but what do you do if one night you are about to cuddle up into bed and check your profile one last time on your iPhone only to find that you have broken up with your better half and declared that person to be a F*ck! to the world? Log out.  That’s right, log out of your account and don’t open it again from any device.  Then, go to your email account and make sure it is secure– first check for any unusual emails (it is USUALLY safe to open a suspicious email, just don’t open any attached files or download any pictures) & then immediately change your password.  If your wife, husband, live in, room mate, kid, etc. has their own computer and a Facebook account, log in from that account on a different computer (you may have a virus) and view your profile.  Make sure that you indeed did not make the posts or alter your profile & then go to Facebook’s help page under security/ account was hacked and click on “My friend’s account has been hacked, “phished,” or is sending me spam that he/she didn’t send.”  You can then report the hack to facebook.  If there is not another computer or account available in your house, you will need to make sure you are logged out of your account, go to Facebook’s Help page under security/ account was hacked but this time click on “My account has been hacked by another user.”  You will also need to do this as well if you submitted it from another account or had someone do it for you first.  Then, just wait for facebook security to get back to you.

What not to do.  Don’t delete the malicious posts, don’t post anything saying “I’ve been hacked”, don’t leave messages for the hacker or im your own account, & by all means DO NOT DISABLE YOUR ACCOUNT.  Facebook has this funny quirk that does not let you instantaneously delete your account. If you deactivate your account, facebook will hold it in suspension allowing it to be reactivated at anytime by reentering your email address and password.  If the hacker has gotten into your account, they can reactivate it and change your password as soon as they realize you shut it off.  So now, you not only have been hacked, but locked out as well.

Hackers are resourceful, inventive, and sneaky.  They unfortunately are also part of the social media universe.  So be careful and safe, follow the tips above, and hopefully you will avoid the violation of your personal internet space.  Facebook and others do take your privacy and security seriously and will work to resolve hacking and phishing incidents quickly.  Finally, always keep in mind that most of the time these exploits are not personal and can be resolved quickly returning you to your virtual home to share the story with all of your friends.

Jeff H. Internet, Technology Facebook, Hacker, phishing, Social Media