Reading Time: 4 minutes

Nordlocker, a renowned cybersecurity expert, recently discovered a huge collection of stolen data containing 26 million logins for websites such as Amazon, LinkedIn, and Facebook.

According to their report, the data was seized between 2018 and 2020 using custom Trojan-type malware. This malware infiltrated over 3 million computers and stole 1.2 TB (terabytes) of personal data.

When such collection appears on the dark web, hackers use the passwords on various platforms such as Facebook to see which ones are still active. Once they have identified the active account, they will put a list together and run a scam campaign against those accounts.

Security threats also arise from fake accounts. The account can easily be used by criminals to perform phishing scams, but they fancy hacking into authentic accounts.

Once hackers have taken over an account, they start by barring the genuine user out. Then, they change the account password, and while the legit owner of the account tries to regain access to the account, the attacker starts reaching out to the users on the friend list.

The reasons behind Facebook hacking includes harvesting more data, scamming various individual, requesting financial aid or loan, and even access to banking information.

Follow the security tips below to prevent your Facebook account from getting hacked, follow the tips below.


1. Using a complex password for your accounts

Ensure to use different and complex passwords for Facebook accounts. Internet users usually tend to reuse the same passwords for Facebook as they are easy to remember and very convenient.

According to a report by SecureAuth, 53% of internet users confessed to using the same password for different accounts.

If hackers can access one of such passwords, they can access all accounts linked with that same password.

If you receive an email from Facebook like the following, you should immediately inform Facebook authorities and reset your Facebook account password.

facebook-password-reset

Changing your password and making sure to use a complex password is the best way to prevent anyone from accessing your Facebook accounts.


2. Hacking Facebook accounts phishing Facebook

Compromised accounts are sharing a certain j.mp shortened URL within Facebook. The link is part of the message from an account called “Facebook recovery.”

The prime objective of this account is to notify the users that their accounts have been reported for abuse and will be disabled if they don’t follow the suggestions shared in the message.

facebook-recovery-spam-message

Once a user inserts the credentials asked and click login, data is posted to recovery.php, and then users are redirected to a payment page, asking for full name, credit card details, and billing address:

facebook-phishing-payment

It is a complete mystery why the accounts claiming to be a legitimate entity from Facebook ask for financial compensation for the account recovery.


3. Hacking Facebook accounts by keylogging

Keylogging is a surveillance technology that allows anyone to observe and record each keystroke typed on a specific computer’s keyboard.

Cybercriminals use this tool to steal personal information, login credentials of various accounts such as Facebook, Amazon, Twitter, and sensitive business data.

Apart from the social media account password, keylogging can also be used for:

  • Supervising children’s internet usage.
  • Monitoring employee computer activities.
  • Law enforcement agencies analyzing incidents involving computers.

Tips for protection against keylogging

  • Install software that is only downloaded from a trusted website.
  • Regularly scan your USB drives for any potential viruses.
  • Using a decent antivirus will avoid keyloggers.

4. Avoiding unsecured or public Wi-Fi network

If your device is connected to an unsecured or public Wi-Fi network, then the possibility of anyone getting access to your account password increases exponentially.

Using FireSheep, which relies on HTTP session hijacking, a hacker can steal the internet session cookies from the victim.

After FireSheep is installed, a hacker can capture the session cookies of all the people connected to that particular Wi-Fi network.

firesheep-facebook-hacking


5. Facebook password stealer

Facebook password stealer is a new software that enables anyone to steal facebook’s account password. Recently, a new virus has been discovered in this program, and various cybercriminals are using it to distribute malware and steal passwords from anyone who uses it.

Once the Facebook password stealer has been downloaded, the software asks the hacker to enter their own social network account credentials and either the email address or the address of the page of the individual they want to spy on.

The moment the “Hack” button is pressed, the software executes a remote access Trojan, which steals the account details of the culprit itself.

facebook-password-stealer


6. Hacking Facebook account using session hijacking

In this hacking method, the hacker steals the victim’s browser cookies to authenticate the user on a website. Once the hacker acquires those cookies, they use them to access the victim’s account.

facebook-password-hack-session-hijacking


7. Mobile phone hacking

One of the best ways to prevent your Facebook account from hacking is to protect your handheld device’s from getting hacked.

We have compiled few useful tips to prevent mobile phone hacking.

  1. Do not leave your phone unattended.
  2. Reset your phone’s default password and use a complex one.
  3. Avoid using unprotected Bluetooth networks.
  4. Avoid connecting to unsecured or public Wi-Fi.
  5. Establish a habit of regularly deleting the browser’s history, cache, and cookies.
  6. Use mobile security apps such as a reliable virtual private network.

8. DNS Spoofing 

If the victim and hacker use the same network, they can use a DNS spoofing attack and swap the original Facebook page with its own fake Facebook page.

This will allow the hacker to trick the victim into logging in to their fake Facebook page with the authentic Facebook account details.

Tips for protection against DNS spoofing

  • To prevent DNS spoofing, configure your DNS to be fully secure against cache poisoning.
  • Monitor DNS data and keep an eye out for new patterns, like the appearance of a new external host.

dns-spoofing


9. Man In The Middle attacks

If the hacker and victim use the same local area network, the hacker can easily place himself between the victim and the server.

This way, he can pretend to be the default gateway and capture all the internet traffic transmission between the two.

Tips for protection against MITM attacks 

  • Always use a secure VPN for protection against MITM attacks.
  • Connect to a proxy service before accessing the Facebook account.
  • Use robust antivirus software that also offers VPN or firewall protection.

10. USB hacking

If a hacker has access to your personal computer, they can insert a USB device programmed with a function to obtain saved passwords in the browsers automatically.

Tips for protection against USB hacking 

  • Always scan the USB devices after they are plugged in.
  • Only use USB devices from trusted individuals such as your family members or friends.

11. Botnets

Though they aren’t used for hacking Facebook accounts, they are still used to carry out some more advanced attacks.

A Botnet is basically a combination of compromised devices. It uses the same method as keylogging. However, a Botnet gives you additional opportunities for carrying out attacks on the victim’s device.

Tips to protect yourself from Botnets

  • Frequently update your device’s software.
  • Do not disable your device firewall.
  • Only plug-in USB devices obtained

Final Thoughts

Social media security is more important than ever with the extended use of social tools at a personal and business level.

Security vulnerabilities can easily expose your personal data and information, online activities and even damage your reputation.

Only by staying aware of the latest cybersecurity facts and following our shared tips can you guarantee your social media security.