Facebook Security Tips

Here are some practical tips on how you can be more secure on Facebook.

How to keep your account secure

Think before you click. Never click suspicious links — even if they come from a friend or a company you know. This includes links sent on Facebook (eg: in a chat or post) and links sent in emails. If one of your friends clicks on spam by accident, that link might be sent to all of their Facebook friends. Remember to never re-enter your Facebook password or download something (eg: a .exe file) if you aren’t sure what it is.

If you don’t know what it is, don’t paste it into your internet address bar. Pasting unfamiliar text into your address bar could result in events and pages being created from your account or other spammy actions.

Pick a unique, strong password. Use combinations of at least six letters, numbers and punctuation marks; don’t use words that can be found in the dictionary. When in doubt, change your password. You can reset your password by going to your Account Settings page, located in the Account dropdown menu at the top of every Facebook page.

Never give out your username or password. Never share your login credentials (eg: email address and password) for any reason. Individuals, pages or groups that ask for your login information in exchange for discounted goods (eg: free poker chips) shouldn’t be trusted. These types of deals are carried out by cybercriminals and are in violation of Facebook’s Payment Terms

Log in at www.facebook.com. Sometimes scammers will set up a fake page to look like a Facebook login page, hoping to get you to enter your email address and password. Make sure you check the page’s URL (web address) before you enter your login information. When in doubt, you can always type “facebook.com” into your browser to get back to the real Facebook site.

Update your browser (eg: Internet Explorer). Current versions of Firefox and Internet Explorer have built in security protection, like warning you if you navigate to a suspected phishing site. Facebook supports:

Run anti-virus software to protect yourself from viruses and malware. You can learn more and download this software for free here:

How to reset your password and make sure it’s secure

If you’re not logged in, you can reset your password by clicking the Forgot your password? link on the Facebook login page.

If you’re already logged in, you can reset your password by going to your Account Settings page, located in the Account drop-down menu at the top of every Facebook page,

security 1

When choosing a new password:

  • Use a combination of at least six numbers, letters, and punctuation marks
  • Don’t pick a word from the dictionary
  • Don’t pick something you’ve used as a password on another site

How to log out of “Keep me logged in”

The option to log out of your account is located in the account dropdown menu at the top-right corner of Facebook.

  • Click the arrow at the top-right corner of Facebook
  • Select Log Out

security 2

  • From the Facebook log-in page, uncheck the Keep me logged in box

Note: If you sign on to Facebook from a computer or mobile device that you share with others, make sure that you log out of your Facebook account and quit the browser (eg: Firefox) when you’re done using Facebook.

How to change the password for your login email address

Remember that anyone with access to your email accounts can request a new password for your Facebook account. One way that you can make sure the email addresses listed on your account are secure is by changing the passwords to your email accounts and making sure that each password is different.

To change your login email password (eg: your Gmail password):

  • Go to your email account
  • Find your account settings
  • Change your password

Spam

Adware

Some programs claim that they can give you special features on Facebook like seeing who viewed your profile (timeline) or picking out your own profile (timeline) theme. Most of these features don’t exist, and these programs require you to download software that can cover your profile (timeline) with ads, make your pages load slowly and compromise your security.

Facebook ads will never appear as banners in the center, top, or left column of Facebook pages. If you’re seeing ads in these locations, or ads that flash or play sound automatically, you probably have adware. To remove it, review the add-ons or toolbars that you’ve enabled for your browser and disable any plugin that promises special browsing abilities (like profile/timeline themes or seeing who’s viewing your profile/timeline).

To disable browser add-ons:

Mozilla Firefox

Tools > Add-ons > Extensions

security 3

Safari

Safari > Preferences > Extensions

security 4

Google Chrome

Window > Extensions

security 5

Internet Explorer 8

Tools > Manage Add-ons > Toolbars and Extensions

security 6

It is also recommend that you clear your browser’s cache before accessing the site again.

Known Adware programs

The following are programs that claim to give you special Facebook powers, but actually cover your News Feed and profile (timeline) with ads:

  • Facetheme.com
  • Pagerage.com
  • Profilecraze.com
  • Social-plus.com
  • Facicons.com
  • Facecoolsmileys.com
  • Iminent.com
  • Buzzdock.com
  • Connectbar.net
  • Elriel.com
  • Dropdowndeals.com
  • Pagemood.com
  • Sweetim.com
Click and Share Jacking

What is clickjacking?

Certain malicious websites contain code that can make your browser take action without your knowledge or consent. For example. clicking on a link on one of these websites might cause the website to be posted to your Facebook profile (timeline). Never click strange links, even if they are from friends. Also be sure to notify the person sending the link if you see something suspicious.

How do I remove clickjacking Likes from my profile (timeline)?

If you clicked on a link and your account automatically liked pages, you can remove these connections from your profile (timeline) by going to your Edit Profile page (click the Edit My Profile link underneath your profile picture).

Malicious Script Scams

What is a malicious script scam?

In a malicious script scam you are asked to copy and paste text into your browser’s address bar in order to see something interesting or surprising (eg: who viewed your profile/timeline).

security 7

This “code” is actually a malicious script. Instead of showing you what was advertised, it uses your account to create events and pages and send your friends spam.

Stay Safe

Spammers often advertise surprising things (eg: the opportunity to see who viewed your profile/timeline) to try to lure people into their spam traps.

  • Never click on suspicious links, even if they’re sent by your friends.
  • Never copy and paste text into your internet browser address bar if you are unsure of what it is.
  • Use the latest browser version.
Malware

The Koobface Virus

Koobface is a computer worm that targets Facebook and other social networking websites. It spreads on Facebook by posting spammy messages on behalf of people.

security 8

These messages contain a link, which will prompt you to download and install a newer version of Adobe Flash player (see screen shot below). However, this download actually contains a malicious file that, once opened, uses your Facebook account to continue posting this malicious link on your behalf, thus spreading the virus.

security 9

Who can be affected by Koobface?

Right now Koobface only affects Windows users. If you use a Mac, you’re safe from this type of attack.

What does Koobface do?

Once your computer is infected:

  • You might receive pop ups asking you to install “security software” which is fraudulent.
  • Websites you visit through Google might be replaced with fake websites, making money for the bad guys.
  • If you develop websites, passwords to your website can be stolen by the virus.

What can you do if you think your computer has been infected with Koobface?

  • To detect and remove Koobface and other malicious software that may have been installed on your computer, run a full-system scan with an up-to-date antivirus product.
  • Reset all of your online passwords

What can you do to protect your account from Koobface?

Here are a few simple suggestions for keeping your account secure:

  • Only download software from websites you know and trust. Always check and verify the URL.
  • Enable a firewall on your computer.
  • Make sure you have an up-to-date web browser equipped with an anti-phishing blacklist.
  • Use up-to-date antivirus software.
  • Get the latest computer updates for all your installed software.
  • Be careful when clicking on links that you receive unexpectedly from your friends.
  • Make sure you’ve setup a security question on all of your online accounts. This will come in handy if you ever lose access and need to prove who you are. You can set a security question on your Facebook account from your Account Settings page.
Phishing

Sometimes spammers create fake pages that look like the Facebook login page. When you enter your email and password on one of these pages, the spammer records your information and keeps it. This is called phishing.

When someone has been phished, their account will often start automatically sending messages or links to a large number of their friends. These messages or links are often advertisements telling friends to check out videos or products.

  • If your account is automatically sending out spammy messages or links, secure it here.
  • If you think your friend’s account was phished, tell them to change their password and run anit-virus software on their computer.

Phishing happens when someone is tricked into downloading bad software or entering their login credentials (eg: email and password) on a fake Facebook login page.

  • When someone has been phished, their account will often start automatically sending messages or links to a large number of their friends. These messages or links are often advertisements telling friends to check out videos or products.
  • If your account is automatically sending out spammy messages or links, secure it here.
  • If you think your friend’s account was phished, tell them to change their password and run anit-virus software on their computer.

Please send money” scams happen when cybercriminals buy phished user credentials (eg: login emails and password) and use them to log in and take over these accounts (eg: change the passwords and contact information). This often starts with your email account. Then, once someone is in your email account, they can request a new password to your Facebook account.

  • With “send money” scams someone else is actually logging in to your account, sending personalized messages or chats to your friends, claiming that you are stuck in another country and asking for money.
  • If your account is being used for a “send money” scam, secure it here.
  • If your friend’s account is being used for a “send money” scam, file a report.

Many phishers attempt to trick people with fake offers of free, rare, secret or exclusive in-game items (eg: coins, chips, gifts, etc.).

Beware of:

  • Messages with misspellings and typos, multiple fonts, or oddly placed accents.
  • Messages that claim to have your password attached. Facebook will never send you your password as an attachment. Learn more about spoofed emails.
  • Mismatched links: When you hover over a link, look at the status bar (at the bottom of your browser window) and make sure the link actually goes to the link shown in the email.
  • Messages asking for your personal information. Facebook will never ask you for:
  • Your account password
  • Your social security number or tax identification number
  • Your full credit card number or PIN number
  • Messages claiming that your account will be deleted or locked unless you take immediate action.

When in doubt, type www.facebook.com into your browser to get to Facebook. We also recommend checking official Facebook pages or app pages before clicking on any promotions.

Spammers and scammers sometimes create phony emails that look like they’re from Facebook. These emails can be very convincing. Even the “From:” field can be spoofed to include “Facebook” or “The Facebook Team.”

These emails might look like:

  • Notifications about friend requests, messages, events, photos, and videos
  • False accusations that you are abusing the site
  • Warnings that something will happen to your account if you don’t update it or take another immediate action

One way to check if an email is actually from Facebook is to look for a link at the bottom of the message directing you to unsubscribe or edit your Facebook email notification settings. To test this link:

  1. Right-click the link and copy the URL
  2. Paste it into your browser
  3. Make sure it starts with “www.facebook.com”

Note that this link isn’t included in all correspondence from Facebook. For example, if you contact Facebook about an issue, the email response you receive won’t include an unsubscribe link. If an email looks strange, don’t click any of the links in it or open any attachments. Note: Facebook will never send you a password as an attachment.

If you think you received a fake Facebook email, let Facebook know.

Hope this post gives you some good security tips.

Happy and safe Facebooking!

Leave a Reply

Your email address will not be published. Required fields are marked *