Have you received any unsolicited Facebook Messenger correspondence recently? PAT PILCHER explains how to avoid the spoofers and spammers.
A few days ago I became a movie star! Well, not really, but I did receive a load of Facebook Messenger fan mail that said: “I saw you in this video, it was great! Click here to check it out!”
The hackers behind this were hoping to exploit my fame-seeking tendencies. It was an obvious ruse to plant malware or spoof a fake login screen to get my Facebook account details. Armed with these they’d be able to message all my Facebook Messenger contacts and keep spreading their hack.
Would you like to support our mission to bring intelligence, insight and great writing to entertainment journalism? Help to pay for the coffee that keeps our brains working and fingers typing just for you. Witchdoctor, entertainment for grownups. Your one-off $5 or $10 donation will support Witchdoctor.co.nz. and help us keep producing quality content.
It’s really easy to donate, just click the ‘Become a supporter’ button below.
The first question I had was this: Why on earth would any enterprising hacker worth their salt want access to my Facebook account? Browsing it would see them dying of boredom from the many photos of my two greyhounds and the various dishes I’d recently cooked or eaten. The thing is though, that like most other Facebook users my account has accumulated a treasure trove of data that could fetch a tidy sum on the dark web.
I wasn’t too worried about these nefarious hacker types though. I’d taken steps to secure my Facebook account. It isn’t hard to do, and once done, may save me from a lot of future grief.
Here are a few handy tips to help you secure your Facebook account.
Choose a strong password. To do this, you need to:
Beware that length matters. Aim for a minimum of 11 characters but longer is even better. Longer passwords are harder to crack using brute-force methods.
Use a mix of numbers, letters, and other characters. Dictionary-based password attacks can easily crack commonly used words. A useful guide is to use zero instead of “O” and one instead of “I” and so on.
Use no personal information. Information such as birthdays or your cat’s name can be gleaned by hackers doing some basic research. Avoid this pitfall at all costs.
Be unique. Use a different password for every online service/social media/email account and app you use. A good password manager can securely store your passwords and generate new ones consisting of hard to guess random characters.
Also, if someone sends you an odd Facebook message with a link in it, message them and resist the urge to click on that link! Check that they did send the message before you do so.
If you get unsolicited emails asking you to log in using your Facebook details, beware that it could be a phishing scam. These use copies of legitimate-looking Facebook login pages to fool you into parting with your Facebook login details. Most browsers and good security software will warn you of dodgy URLs and phishing attacks.
Not to be confused with SFA, 2FA means “Two-Factor Authentication”. A strong password will help secure your Facebook account, but it can still get hacked if the hacker is patient and persistent. Turning on two-factor authentication – which in Facebook speak is “Login Approvals” – can make a huge difference.
It makes you use two factors to login to Facebook. Factor 1 is your password/user ID. Factor 2 involves entering a code that gets sent to your phone as an SMS message. The great thing about 2FA is that even if someone gets hold of your password, they’ll still need your phone before they can gain access to your Facebook account. It’s an elegant, secure and simple way of keeping your Facebook account locked down.
Getting set up is as simple as going to Settings > Security > Login Approvals. Click the box for “Require a login code to access my account from unknown browsers”. From then on, when you login using a new PC/phone/browser, a code gets sent to your phone. Once you’ve successfully logged in using the code, you can choose to have that specific browser/phone/PC remembered. Then you won’t have to go through the rigmarole of entering a code every time you log into Facebook with it.
Strong passwords and Login Approvals are likely to be enough to deter all but the most determined cyber-crims. A nifty setting (known in Facebook speak as “Login Alerts”) is in Settings > Security > Login Alerts. With it, you can choose notifications on Facebook, email, or text messages to alert you whenever anyone logs in to your Facebook account from an unrecognised PC/phone/tablet/browser.
Another security hole frequently exploited are Apps that you may have allowed to access your Facebook account. While clicking a “login with Facebook” button is easy, it’s also a security issue. Facebook has little control over apps you may have stopped using ages ago that you’ve granted access to your Facebook account. As the number of apps enabled with a Facebook login grows, it becomes impossible to keep track of them. Add data breaches and other security issues, and you have a recipe for disaster just waiting to happen.
Thankfully, it isn’t hard to fix. In Facebook, click Settings > Apps and you can check out all the apps that you’ve granted Facebook account access. Remove anything that looks suspicious or that you’re no longer using by clicking the “X” on its right-hand side.
Kill Facebook Spam
I don’t know about you, but I’d wager that the endless stream of advertising crammed into every orifice of Facebook probably pisses you off as much as it irritates me. If so, relax. I have a fix.
It comes in the form of a most excellent browser extension called “Facebook Purity” for both Chrome and Firefox browsers. It’ll not only block spammy Facebook adverts but can handily tell you when a Facebook friend unfriends or unfollows you. Better still, you can get it to stop Facebook from automatically switching you to the new (and horrible) Facebook user interface/design. Installing it is as simple as firing up your browser and going to the Settings menu > Extensions and using the search function to find and install Facebook Purity.
Last but by no means least, install a decent cybersecurity/anti-malware suite. Doing so can prevent any accidental clicks from installing cyber-nasties that could harvest your Facebook account details. Most good suites will also block links to malicious sites.