At lease twice a month I get a friend request on Facebook from someone I’m already friends with, followed by a post from that friend to “not accept any friend requests from me, my Facebook account has been hacked.”
What to do if you find that your Facebook account has been hacked.
Note, the links I’m mentioning are for phones, since that’s how most people use Facebook. A PC could be slightly different. And since I’m using Android, an iPhone could possibly be different as well.
(We old people aren’t supposed to know about these kind of things according to the youngers. See my article “Tech and Boomers“).
First of all, your account probably hasn’t been hacked. No one has your password. To verify this, hit the hamburger menu icon (three dashes in the upper right) and go to Settings and Privacy/Settings/Security and Login/Where You’re Logged In/See All. There you will see all the places you have logged in from. If you do see any that you don’t recognize, then there is a chance that your Facebook account has been hacked, and you can sign that person out. But chances are, you won’t find that.
Also, you would know that this didn’t happen if you have 2-Factor Authentication (2FA) turned on. You do have 2FA turned on, don’t you? If you don’t, I’ll talk about this later on in this article.
If Not A Hack, Then What?
It’s not that your Facebook account has been hacked, it’s that it has been cloned. Someone simply made a new account using your name and profile photo (sometimes they don’t even use a photo), and sent friend requests to all of your friends.
Cloned Facebook accounts can be used to scam money from other users. When people accept the friend request from the fake account, the scammer can then look for personal information that can be used for identify theft, or to ask for emergency money, etc. They can send a phishing link through Messenger, and since the link appears to come from one of your friends, the intended victim is likely to click on it.
Where Do They Get My Friends List From?
These scammers get your friends list from two places. One, if you have your friends list as public, they can simply open up your profile and make a list of your friends.
Keep Your Friends List Private
To turn this on, go to Settings and Privacy/Settings/Security and Login/Who can see your friends list. It should say “friends.” If not, click that and change it. For even more security, you can change it to “only me.”
Friending Fake Friends
The other way they can get your friends list is if you have accepted a friend request from another fake friend. Now they can see your friends list, clone your account, and send out a request to your friends.
Go into your friends list and look for duplicates, figure out which one is real, and unfriend the other one.
You can then report that fake profile to Facebook.
2FA is a security system on many websites and apps, which attempts to verify that the person who is attempting to login is the real account holder. When set up, it works in one of three ways:
Method 1 – Text Message
When signing into a website or app, they will send a text message to you with a code for you to enter. This means that someone could only log in if they have your phone and it’s unlocked (I know all of you have automatic locking turned on). This method is not the securest one as text messages can be intercepted, but unless you work for a three-letter government agency I assume you won’t be a target for this.
Method 2 – Push Notifications
In this method, the site or app will send you a notification on your phone asking if it’s you that’s signing in. This way is pretty secure, as is the next. As a matter of fact, Google is going to be requiring this on all accounts this year.
Since Google has started implementing this, they are reporting a 50% decline in account hacks. (Google account hacks dropped by half after pushing two-step authentication by default).
Method 3 – Authentication App
In using this method, the site or app will ask for a code that is generated by a authentication app on your phone, such as Google Authenticator (the one I use, but there are others). Like the push notification method, this is also very secure.
Bottom Line – Use 2FA
Whichever method you choose, please choose one. Is it a pain sometimes? Yep. Is it worth it? Ask yourself after someone phishes you for your password and gets into your bank account.
Speaking Of Security – Games, Quizzes, And Whatnot
While we’re on the subject of Facebook security, you know all those games (does anyone play Candy Crush anymore?), Quizzes (What leprechaun are you? What’s your Pirate Name, etc.), and most everything on Facebook? Those activities don’t come from Facebook, they come from other companies. And whenever you do one of these, you authorize that company access to your profile and friends. The same with apps and websites that you log in with Facebook. It’s against Facebook’s Terms Of Service for them to use that data nefariously, but it’s also against the law to rob banks. The TOS doesn’t always stop them.
Facebook’s policy about games and such:
“When you use third-party apps, websites or other services that use, or are integrated with, our Services, they may receive information about what you post or share. For example, when you play a game with your Facebook friends or use the Facebook Comment or Share button on a website, the game developer or website may get information about your activities in the game or receive a comment or link that you share from their website on Facebook. In addition, when you download or use such third-party services, they can access your Public Profile, which includes your username or user ID, your age range and country/language, your list of friends, as well as any information that you share with them. Information collected by these apps, websites or integrated services is subject to their own terms and policies.”
Check Who Has Your Data
To look at all the companies that have access to your data, go to Settings and Privacy/Settings/Security and Login/Apps & Websites. (also the “Games” right below that). There you can see a list, and I’m sure some people have a loooong list. You can go in and remove access that you don’t need anymore, and some of them will say “expired,” so you don’t really have to worry about them unless you renew it by using that activity again. You can also look at the other privacy and security settings in there to see if you want to change anything.
One More Thing
While you’re at it, take the time to check out your Facebook profile and what it looks like to the public. To do that, hit the hamburger menu and click on “See Your Profile.” Hit the three dots to get to “Profile Settings,” and click on “view as.” This will enable to view how people who you are not friends with can see you. If you see any posts that shouldn’t be there, or any changes to make, you can make changes to those posts or go back into settings and make those changes.
No, this isn’t as fun as Candy Crush, but it’s something that’s important.
I’ve just started a web tech blog on my company website. Southmetroweb.com/web-u.
And if you’re interested in getting a website for your company, or a blog for yourself like this one, check us out at southmetroweb.com.