Every day I log in. I normally see the wall posts on hackers entering the Facebook and wrecking havoc in profiles. The urge to click share button is so strong that,  even FB has become medium for spam. We constantly hear about hacker groups announcements on FB crackdown. The reason for all this is attacks on FB is not because of security loopholes in FB but also for loopholes in way we access FB. As quoted by our predecessors “Any system is as strong as its weakest point”. One cannot be too sure about  Facebook security, unless you take enough precautions to prevent a catastrophe.

Some Facebook security breaches

The security breach can happen on either Facebook or through your e-mail account also. And also most hackers normally attack users of FB than attacking Facebook servers. Some of the user level breaches were.
  1. The Facebook like and share button was used to send messages to friends to check out out great new app or photo. When users click on link provided it redirected to a site which asked the other users to like and the post was automatically shared to all friends of liked user. But user didn’t get any thing, which angered user and that method lost popularity for that reason. Facebook quickly  removed that bug after user complaints aroused.
  2. The second type of breach with users was of providing free iPad or iPhone. The user’s friends accounts were filled with message of providing free iPad or iPhone. The hack used vulnerability in FB photo tool. FB later updated the code.
  3. The other breach was putting message on user’s wall as “I can’t believe its you in this video”. When user unsuspectingly clicks on video the javascript is copied to clipboard automatically. The post then shows as press Ctrl+V and hit enter immediately. the above action will execute the javascript and the message is posted to accounts of friends.
In the above hacks it is clear that vulnerable people were the users itself. Only 2nd incident was vulnerability of Facebook. These kind of hack can be safeguarded if you follow some common guidelines. The guidelines are stated below.

Facebook Security Tips

The attacks on Facebook can be mitigated only if you are also willing to do your duty of safe guarding yourself. Here are some of the tips for safeguarding yourself.
  1. Make sure your Facebook account has enabled Secure Browsing. When ever secure browsing is proper the browser will show lock icon as shown in picture.HTTPS Security - Facebook Security Sel The shape of icon differs for different browsers.
  2. If you share your computer with others then make sure you have deselected the “Keep me logged in” option while logging in to Facebook.
    login - First step on Facebook Security guidelines
  3. Enable HTTPS support in Facebook. It can be activated by going to account settings. Click on security and click edit. Here make sure check box is selected.
    HTTPS enabling - Facebook Sercurity step 2
  4. Never ever paste any browser javascript code is address bar. Only thing which can pasted in browser’s address bar is the link you get from Facebook in e-mail (Note: all mails from Facebook always ends in “facebook.com”only)
  5. If you ever find anything fishy about posts report that as spam as shown in image.
    spam reporting - Facebook Security
    spam reporting 2 - Facebook Security
    If an app does anything fishy then app can be blocked too.
  6. Build lists to control access to your photos, stories and life events.
    Access control lists - Facebook Security
  7. Enable Facebook for mobile and subscribe to relevant posts. Also mobile PIN can be turned on so that only use of that pin would result in action.
  8. Go to Facebook Account Settings and learn all the settings available in there.
  9. If you ever want to change anything in Facebook, be it even deactivating your account or re-activating it, do it from logging in to “Facebook” only not by clicking a link in mail.
  10. Never share you account details on third party website.
  11. If the popup window used to login to Facebook from other sites doesn’t have any address bar, its better “not to login”.
  12. Never ever share your account details with anyone except “you”.
  13. If the browser address bar’s doesn’t contain “https://” and “facebook.com/”, then the site you are going to log in is not “Facebook”. Below is the legitimate facebook login.
    FB like legitimate version - Facebook Security
  14. Keep keen eye on address bar. It is shown as “htttps://www.facebook.com/______”. Hence it is Facebook only and you are safe to login.

As a final note,

when in doubt, don’t do it and consult a help center or expert in that matters.

Useful Links

facebook help center
Facebook Security
Facebook Safety

You are reading an Article by Harsha Ankola, originally posted on Harsha’s Tech Space. If you have enjoyed this post, be sure to follow Harsha on Twitter, Facebook and Google+.