So over the last few weeks I’ve had a lot of friends on Facebook get their accounts hacked and had the attacker start spamming with links to photo albums that my “friend” is supposed to be telling me to go look at. First if you don’t already know, never click a link like this. If this friend really a found some photo that they wanted you to see why wouldn’t they just posted it on Facebook in the first place?
If you still think there is a chance your friend did post something off of Facebook and sending you a link to it look at the domain of the link they sent, if you don’t know or never heard of the domain name don’t click the link. Basically these links are giving a hacker a way into to take over your account so they can spam your friends with the same links to get their account information.
The moral here is this, unless this friend has some long history of posting thing they want you to look at off of Facebook why would they start doing it now? These links are phishing attempts to try and get users account information, so don’t be the fish.
To be clear, I’m not a computer security expert or anywhere close. I’ve been in the internet industry for the last 12 years have a pretty good understanding of how everything works. Plus I tend to dig around on websites and did this with Facebook and started adding these features that are available to everyone and never had a problem with anyone taking over my account. This includes someone who knew my password trying to get into my account because they thought it would be funny.
Click the little arrow in the top right of the page and goto your Account Settings:
Getting to Security Settings
On the left hand side of the page you’ll see a list of features. Click the Security tab.
This will give you an overview of your account’s current security settings. These are what helps you secure your account.
Note – You really should turn on Secure Browsing it’s off on mine because of a project at work were our development environment server didn’t have a SSL cert and if this was turned on I couldn’t work on anything.
Click Edit login Notifications and enable either Email or Text message/Push notifications or both.
What this feature does is notify you when your account is accessed from a computer you’ve never used before. Unfortunately you’ll only get this email after someone else as logged but you’ll know that it happen. Also when you login from a new computer you’ll get an email or text saying that it happened.
When you login to your account from a new computer you’re taken to a screen that asks you to identify the device that you are using and Facebook will remember it. So if you log in from say a home and work computer the first time you log in you’ll have to ID the device then it will be remembered.
Here where we start to get more preventive about controlling who can get into your account. Hoping at this point your phone is somehow connected to your account. If not you’ll be stepped through how to do that. Check the “Require me to enter a security code” checkbox and verify that it’s texting to your mobile number.
Now this stops just about everyone in their tracks from trying to take over your account. Here is what happens, first you try to login to Facebook. Your email and password are accepted but if you are logging in from a new device you are taken to a screen where you have to enter a code that is texted to your phone. This means that if someone whats to take over your account they need both your password and phone.
This is a list of devices that have been logged it from. If you are just setting up these features you’ll have no devices shown here. However if you logged to your account on a computer you don’t control like a friend’s house or something you can remove that device here and block it from getting to your account because it will need to be logged in a verified again.
One thing to note Facebook shows each different browser as a device. So if you have 3 browsers on your computer you’ll have 3 device listed here.
This will show a list of all active sessions you have with Facebook. This is a little confusing because it calls an active session as any browser that has been verified. If somehow your account gets hacked you can remove all active sessions and just start back over. Also generally the number of active session should match the number of recognized devices.
Just adding those few feature should keep you account from getting hacked. And it only takes a couple of minutes to get everything set up. Yes, having to have your mobile phone with you when you first login to Facebook kinda sucks but really question you’re self if it’s worth logging into Facebook from that place. Why aren’t you just looking at Facebook on your phone?
It should go without saying that a strong password is your best-friend to but since Facebook has this added features available for you to use just add them for a little piece of mind.