Thursday, October 22, 2015

Facebook Account Hacks

I heard today from two contacts (who do not know each other) and just had their Facebook accounts hacked, and my educated guess would be that there is another Facebook virus link getting circulated.

Here is some background information on how these hacks typically work and my suggestions.  I hope they are helpful.

Background on Account Hacking:

I don't know the specifics of this current hack yet, but two common methods hackers use are:
  1. Hack the user's email account and then reset the Facebook (and other account) passwords.  This is especially dangerous when you think about how many sensitive accounts are tied to your email account (bank accounts, credit card accounts, etc.).
  2. Get you to visit a malicious website link that installs malware on your computer which in turn hands over your Facebook (and other account) passwords to the hackers.
    A very effective way to get you to do this is to put a fake post on a Facebook account that they have already hacked.  They can then infect many of this person's friends.
Another tactic that a friend of mine, Steve, just pointed out is using a fake Facebook account to send you a friend request.  This may be someone you don't really know or it may be a copy of one of your friends.  A "Facebook friend" has the ability to post onto your page and is an easy way to get access to your friends with a malicious link.  Be selective with who you friend.

What to Watch For:

  1. Don't assume that a link in an email from someone you know or a link on a friend's Facebook page are safe.
  2. Give extra caution to links that are click bait.   Hackers will often use a link that is sexually provactive or about tragic news appealing to our darker emotions to get us to click.  If this link seems out of character for the "sender", don't open it.  Contact the alleged sender first.  This will accomplish two things:
    a. It will let the "sender" know that they may have been hacked
    b. You will know if this is a legit link or not

What to Do if You've Been Hacked:

  1. First, don't beat yourself up.  This may have happened because you want to a site you shouldn't have, or you may have done nothing wrong.  Some viruses can be caught by simply being online.  Learn from the experience and move on.
  2. If your Facebook account or other social media account was compromised, delete the posts that are not from you and put a post out there to spread the word about the attack.
  3. If your email account was compromised, send an email blast to your contacts to let them know so they don't inadvertently infect themselves.  It may be a little embarrassing, but these things happen to the best of us.  Help stop the virus.
  4. Check your system for viruses and malware.  Everyone needs to have anti-virus and anti-malware on their devices.
    For Windows and Mac I recommend: Kaspersky for anti-virus:  they are very reasonably priced and offer a free trial
    For Linux, clam-av seems pretty good and is free
  5. After disinfecting your system, get a password manager.  Personally I like and use LastPass, despite their recent acquisition by LogMeIn.  The basic account is free and there is a $1./month fee for premium that lets you use it on your mobile devices.
    A password manager lets you easily create secure and unique passwords without having to remember them and helps to prevent you from entering your password on a fake (phishing) site.  Make sure to use an extremely secure password and set up two-factor authentication on your password manager.
  6. Change your passwords.  If you have been hacked, you should change them all, but especially email, social media, financial or anything sensitive.  I know, its a pain, but just do it.  

Help Keep From Getting Hacked:

  1. Follow the steps in the "What to Watch For" section.
  2. Do steps 4 and 5 in the "What to Do if You've Been Hacked" section if you haven't already.
  3. Consider subscribing to this blog.  I will post security issues that I come across and what to do about them.
  4. Consider using Gmail for your email.  They take security seriously and offer free and easy to use two-factor authentication via text messages.  If you use Yahoo email, my condolences.  If I were you I would switch.  What ever email service you use, make sure to use a secure password.


No comments:

Post a Comment

All comments require moderation, so please don't bother trying to spam.