Facebook is a very popular social networking site, but there are a number of security issues with the site that can put you at serious risk if you aren't careful. The number of Facebook account hackings seem to be on the increase and this page is in response to a friend who asked what to do after her account got hacked.

While any online account is in danger of being hacked, Facebook has unique features that make this danger even more likely. For one thing, it is very common to post personal information which can be used to steal your identity. But the significant danger is because it is so easy to run malicious programs that can hack your account. In particular, be very careful using any application that asks to access your profile.

Keep in mind that if your account is compromised, not only is your personal information exposed, but the personal information of all your friends as well. So, even if you don't have anything sensitive in your profile information, your friends might. Every time you take one of those quizzes on Facebook, you are risking your information and that of your friends.

Facebook Profile Hacking Techniques.

1. Phishing

Phishing is still the most popular attack vector used for hacking Facebook accounts. There are variety methods to carry out phishing attack. In a simple phishing attacks a hacker creates a fake log in page which exactly looks like the real Facebook page and then asks the victim to log in. Once the victim log in through the fake page the, the victims "Email Address" and "Password" is stored in to a text file, and the hacker then downloads the text file and gets his hands on the victims credentials.

2. Keylogging

Keylogging is the easiest way to hack a Facebook password. Keylogging sometimes can be so dangerous that even a person with good knowledge of computers can fall for it. A Keylogger is basically a small program which, once is installed on victim's computer, will record everything victim types on his/her computer. The logs are then send back to the attacker by either FTP or directly to hackers email address.

3. Stealer's

Almost 80% percent people use stored passwords in their browser to access the Facebook. This is quite convenient, but can sometimes be extremely dangerous. Stealer's are software's specially designed to capture the saved passwords stored in the victims Internet browser.

4. Session Hijacking

Session Hijacking can be often very dangerous if you are accessing Facebook on a http (unsecure) connection. In Session Hijacking attack, a hacker steals the victim’s browser cookie which is used to authenticate the user on a website, and use it to access the victims account. Session hijacking is widely used on LAN, and Wi-Fi connections.

5. SidejackingwithFiresheep

Sidejacking attack went common in late 2010, however it's still popular now a days. Firesheep is widely used to carry out sidejacking attacks. Firesheep only works when the attacker and victim is on the same Wi-Fi network. A sidejacking attack is basically another name for http session hijacking, but it's more targeted towards Wi-Fi users.

6. Mobile Phone Hacking

Millions of Facebook users access Facebook through their mobile phones. In case the hacker can gain access to the victim’s mobile phone then he can probably gain access to his/her Facebook account. There are a lots of Mobile Spying software's used to monitor a Cellphone. The most popular Mobile Phone Spying software's are: Mobile Spy, and Spy Phone Gold.

7. DNS Spoofing

If both the victim and attacker are on the same network, an attacker can use a DNS spoofing attack and change the original Facebook page to his own fake page and hence can get access to victims Facebook account.

8. USB Hacking

If an attacker has physical access to your computer, he could just insert a USB programmed with a function to automatically extract saved passwords in the Internet browser.

9. Man in the Middle Attacks

If the victim and attacker are on the same LAN and on a switch based network, a hacker can place himself between the client and the server, or he could act as a default gateway and hence capturing all the traffic in between.

10. Botnets

Botnets are not commonly used for hacking Facebook accounts, because of its high setup costs. They are used to carry more advanced attacks. A Botnet is basically a collection of compromised computer. The infection process is same as the key logging, however a Botnet gives you additional options for carrying out attacks with the compromised computer. Some of the most popular Botnets include Spyeye and Zeus.

How A Hacked Facebook Account Can Affect Your Privacy And Security.

1. Data mine for mobile numbers and e-mail addresses on account profiles.

2. Use Photos of your friends and the data obtained from their accounts to set up more fake profiles.

3. Collect personal data of your friends to be used for phishing attempts.

4. Identity theft.

5. Install rouge Facebook applications and send spam and scam links to all of the friends in your old account.

6. Monitor status updates of friends and their check – ins to know when they are and when they are not at home.

7. Privacy settings revert to a less safe default mode after each redesign.

8. Your real friends unknowingly make you vulnerable.

9. Scammers can create fake profiles.

Note: -Depending on the skills of the oppressor, there are many more things a professional cyber-criminal could devise.

What To Do When Facebook Account Is Hacked.

1. Recover Hacked Facebook Account.

The first thing to do when you realize your account has been hacked, report your Facebook account is hacked. You will be presented with a dialog box that asks you if you wish to report a hacked account.

2. Set Up Login Approval

When you turn on login approval, Facebook sends a code to your phone when someone tries to access it from an unknown device for the first time. For example, if you got a new network and you log into Facebook account (where the IP address is different), you will receive a message saying a code has been sent to your phone that is registered with Facebook. You will be asked to type in the code – displayed in the text message in your phone – before you can gain access to your Facebook Account. This two-step authentication method will further secure your Facebook account. You can activate Login Approvals from Security tab of Account Settings.

3. Cleanup Facebook Account

Soon after you log into the Facebook account, you need to undo the changes the hacker might have done to your account. To check the activities, go to your profile timeline and see if anything has been posted on your timeline or on your friends’ timeline from your profile.

You may also want to check out the messages folder to see if the hacker sent any messages on your behalf. If the hacker did send messages to people, you should send messages to the same people telling them about the account being compromised and apologizing for the inconvenience the messages might have caused to them.

4. Cleanup Authorized Apps

One of the most common methods how Facebook account gets hacked is the apps we authorize for using our Facebook account. Go to Account Settings and click on Apps. This will open the view where you can check out all the apps you have authorized for using data from your Facebook account.

If you find any app that you do not recognize, remove it from Facebook by clicking on the X button available towards the right. You may also want to clean up the apps view by removing the apps that you no longer use.

B/R
Pamoda P.Perera