Don’t let your Facebook get hacked. Steps to take if you are Hacked.
You’re hanging out online and you start to get messages from friends on Facebook asking why you are sending them links, or uncharacteristic pics are being posted on your Facebook account. If it has not happened to you, chances are you have seen it happen to someone. Heck, I have had to call my mother, ex-girlfriend and real estate agent before to tell them that something was amiss on their accounts.
So your Facebook account has been hacked. How did it happen? Common methods are…..
- Man-In-The-Middle attacks
- Websites you visit that have been hacked via sql injections
I am not going to define each of these, but it is important to know how your Facebook account can be hacked. Numerous articles have already been written on the matter of each type of hack, but I will speak briefly on Malware. Malware includes keystroke logging, remotely browsing file systems which stores certain passwords that are encrypted, but can be exploited if you know what you are doing(it’s not hard). This can include your computer passwords, as well as the website credentials you are too lazy to log into over and over again, so you save them to your machine. Bad Idea, just FYI. Malware can also include spying on the users via their webcams and microphones. It can also include opening pics in text messages from unknown people that have steganography in them. This is simply concealing malicious code within a picture for example that executes upon you opening it. Here is a link to learn more about “Stego” as we call it from my former professor and all around good guy Gary Kessler. http://www.garykessler.net/library/steganography.html The data is a bit outdated, but the principles still apply.
If you are not hacked and want to ensure that you don’t get hacked, here is what to do.
- Don’t use the same password across multiple sites. Hackers are counting on you doing this. If you do this for two accounts like Facebook and Instagram, chances are that you have done it on your bank account login as well. Make sense? I know it is annoying, but it is much more annoying to get hacked.
- Enable two-factor authentication. This can also be annoying, but as long as you have your phone no biggie. This simply sends a code to your phone that changes each time you login to various accounts. If an account doesn’t offer it, don’t use it.
If you do find that you have been hacked, start by trying to change passwords on that account and then move out to other accounts. DO NOT forget to change banking and personal information based sites. As you do this, set up two-factor authentication (see a pattern here) for higher security across your logins. It is a best practice to follow your website/social media steps for reporting unusual behavior.
Next part is the part that most people don’t do because it is time consuming and frustrating.
Purge your devices of data that may be malicious. This includes cell phones and tablets. I hate to rain on the parade of iOS device users, but this includes you as well. I have personally found malicious software on iOS devices more than once for clients and the methods of how they work are interesting to say the least, but I digress. Antivirus processes come in all shapes sizes and prices. Don’t be fooled by a scam that will only put more malicious code onto your devices. Read reviews and I highly recommend paying for it, rather than going the free route. If you have vital, to semi-vital information on your machines or devices, I would recommend having a competent digital forensics firm run a series of obfuscation tests on everything running on your machine or device and give you a listing of what was found and where it was found. From that point Google is your friend and you can look into each of them to see if they are harmful, or if they are supposed to be there or not.
I am not going to list off the ones you should use or the ones you should not, but read reviews and find one or two that work for you.
Once everything check and double check that your financial accounts are intact and secure make an announcement on Facebook that you were recently hacked and apologize and tell everyone what you have learned. Better yet, you should share this article on your Facebook page now and let your friends know what to do in the event that they are hacked.