Facebook is a free and popular social networking site that makes it easy for users to connect and share posts with their friends and family members. Since Facebook is a popular social media platform, there is an increased interest from cybercriminals to hack Facebook accounts.
Facebook Hacks and Vulnerabilities:
1. Weak Passwords
Hackers can easily hack Facebook accounts by guessing or performing a brute force attack if the password is easy and commonly used such as a nickname, phone number, partner’s name, pet name, just to name a few. Once the hacker has obtained your password, they have the ability to do whatever they want with your account.
How to Protect Against Weak Passwords
Users should implement a strong password that combines numbers, symbols, space bars, and lower and uppercase letters. It is important that the password they create for their Facebook account is unique and not the same password that is used for their other social media or email accounts.
This would reduce the risk of your account from being compromised. A usual site to verify that your accounts are safe is HaveIBeenPwned. Here you can see if your credentials have been leaked to the public.
2. Phishing Emails
“Facebook will never ask you for your password in an email or send you a password as an attachment”
Phishing emails are an easy way for attackers to hack Facebook accounts. An attacker can create fake emails to make it look like they were sent from Facebook. These are some examples of what the emails may look like:
- Notifications about friend requests, messages, events, photos and videos
- False claims that you went against their Community Standards
- Warnings that something will happen to your account if you don’t update it or take a certain action
- Claims or offers that sound too good to be true (such as winning a Facebook lottery)
How to Protect Against Phishing Attacks
Users should be educated and informed on the characteristics of phishing emails in order to keep an eye out for them. Here is what you can do:
- Do not click on any links or open any attachments from a suspicious email
- Do not respond to the suspicious emails especially ones that ask for your password, social security number, or credit card information
- Do no enter personal information from a pop-up screen (note: legit companies would never ask for personal information via a pop-up screen)
- Keep an eye out for misspellings in the contents of the email
3. Man In The Middle (MITM)
A man in the middle attack may occur when a user unknowingly connects to a fake WiFi connection. This is another technique hackers can use to hack Facebook accounts. Most of the time you may not be able to tell which WiFi is real or not because it is public and is normal to bring you to a login page where you are asked to enter in your email and a password before granted internet access. Again, without you knowing, the attacker has recorded this information and can test out these login credentials on other social media platforms.
How to Protect Against Man In The Middle Attacks
You should never connect your mobile device or laptop to a public WiFi network because they are not secure and are an easy way for hackers to obtain information. If you want to connect to public WiFi then I would recommend using a VPN with it to make sure that your connection is safe.
4. Remote Keyloggers
A hacker first needs to access your mobile device or laptop to install a piece of software to record whatever you type on your device. Once installed, anything that is typed (password, login credentials, bank information, etc.) will be recorded and can be viewed by the hacker. This is a hidden technique for an attacker to hack Facebook accounts. For example, if an attacker has somehow hacked into your laptop and installed a keylogger software, then anything you type will be recorded for the attacker. Not only would your Facebook credentials be recorded but also your bank credentials, email accounts, and whatever other accounts you have.
How to Protect Against Remote Keyloggers
- Do not use third party keyboard applications
- Do not open any attachments or click on links in the email message as the keylogger may be embedded in the attachment
- Install anti-spyware applications to help detect, disable, quarantine software-based keyboard loggers (Norton)
5. Denial of Service (DoS)
A denial of service attack “is a malicious attempt to affect the availability of a targeted system, such as a website or application, to legitimate end users” (AWS). Attackers will typically generate a large volume of packets or requests to overwhelm Facebook. When this type of attack occurs, users will have issues accessing Facebook and won’t be able to log in.
How to Protect Against Denial of Service Attacks
- Monitor the network so that you are aware of what normal incoming traffic looks like
- Implement web application firewall
- Understand common signs of a denial of service attacks so that you can mitigate the attack as early as possible
Final Thoughts on Facebook Hacks and How to Prevent Them
These are the five common vulnerabilities that hackers use to hack Facebook and how to protect against each vulnerability. There are definitely many more ways and even new methods that are not publicly known yet to hack Facebook accounts.
Hackers are always one step ahead in finding new techniques where prevention might not be possible at first. Therefore, users and organisations (as the last vulnerability is targeted towards organisations) should make sure that they do everything they can to ensure that their account and site are secure.