It is much harder to fix things after being hacked versus preventing the hack in the first place, explains Marie Herman
Recently, I had two friends who had their Facebook profiles hacked. They lost control of those profiles and have not been able to get them back. The hackers proceeded to make posts about cars for sale. Some mutual friends sent money to buy the car because they thought it was our friend posting the notice. Thousands of dollars were lost. Those friends may never be able to get their money back. It’s all incredibly frustrating.
Is there anything you can do to prevent this from happening to you? Yes, there are some steps you can take. Here’s how to get started.
The Difference Between Hacking and Cloning
Hacking
Hacking is when they can use your credentials to break into your account. Whether they stole the password or used brute force software to guess it, they are now signed in as you and can potentially change the password, email address, phone number, and other information associated with the account. If this happens, you will be locked out and have little chance of getting your account back (though keep reading for things to try).
Cloning
Cloning is where they create an account that duplicates your account. They use your name and your profile photo and then they send friend requests to your friends. Cloning is actually an entirely separate account. Often the hackers who create the cloned account will block you so that you cannot see it.
What Precautions Can You Take on Facebook?
Passwords
Change your password regularly, and make it a challenging password! It takes literally a few seconds to a few minutes to break a password that is less than 5 characters long. A minimum of 8 characters is recommended. The longer you can make it, the better. But it’s also important to think about what you choose to include in your password. Don’t make it just numbers. Instead, make sure it includes numbers, upper and lowercase letters, and a symbol (or a few). That increase in complexity greatly raises the length of time it takes to hack the password.
Settings
Changing the settings on your friends list so that other people cannot see who your friends are is one of the simpler steps you can take to reduce the likelihood of being cloned. If people cannot see your friends list, there is a lot less incentive to set up a duplicate account. To do this, go to your Facebook profile and then Settings & Privacy, then Settings. Find the Audience and Visibility section. Look for “How people find and contact you.” Click on “Who can see your friends list” and change it to “Only Me.” That will hide your friends list from everyone except yourself.
Two-factor authentication
You can make it harder for hackers to change your password by setting up two-factor authentication. This means Facebook will send you a code (text or email) every time you try to make changes to your account. While this means some inconvenience for you, it is worth the pain to protect your account.
I encourage you to have two-factor authentication set up for any of your important accounts (such as financial sites, social media, etc.). To set this up, you will need to navigate to your Accounts Center. Click on your profile, Settings & Privacy, Settings, and then “See more” in Accounts Center on the left side. Once in your Accounts Center, click on Password and Security and then on two-factor authentication. Facebook will require that you choose an account to set up.
I would suggest you do it on all accounts (especially accounts that you don’t use very often, which you might not otherwise notice getting hacked). Facebook will send a code to you by email, which you will need to enter on the site. They will also require that you re-enter your password. Once that is done, you will be able to make changes to how you receive your codes going forward. You could use an authentication app, a text message, or other options. You can also set up trusted devices (like your home desktop computer) that won’t require the verification code.
Password and security
While you are here in the Accounts Center, you might also want to check the rest of that Password and Security window, including doublechecking where you’re logged in. This will show you all the different logins with your credentials. You might see them from various places where you have traveled, etc. Check through them and verify that they are all legitimate. Pay attention to any login that you don’t recognize. Note that you can click on the individual devices and log out of them if you don’t recognize them (or if you know they are old and no longer needed).
Next, go to Login Alerts. You can identify on each profile account you have how you want to be notified if someone tries to log in from a new device. You can be notified by email and also within the app itself. This can help you immediately discover if someone has hacked you or is trying to.
At the bottom of the Password and Security window is a Security Checkup option. This will start a little wizard that will walk you through common security actions if you haven’t already set them up. This is a good way to confirm that you are well protected. It will check the strength of your password, verify that you have two-factor authentication turned on (or recommend it if you don’t), and show that login alerts are on.
Another area you can explore is Facebook’s Privacy Checkup section. You’ll find it when you click on your profile picture, then Settings & Privacy, then Privacy Checkup. This page has several tiles that you can check to learn more about how to keep your data safe on Facebook. Examples include:
Who can see what you share
Your profile information
You can modify individually who can see your phone number, email address, birthday, hometown, relationship status, friends list, and who you follow.
Audience
Change who can see future posts. This is your default privacy setting for new posts, but you can change individual posts if you like. You can limit it to your friends or make your posts public by default. You can also set who can see your stories, past posts, and reels.
Tagging
Tagging means someone added a link to a profile to a post or photo. When you tag someone, it allows that person to see the post. Anyone can click that link to be taken to the profile. You can change the setting for who can see posts you are tagged in on your own profile and who would be added to the audience if they didn’t already see it. You can also review posts in which you have been tagged before that post shows up on your profile. You can prevent the post from showing on your own feed if you want.
Blocking
When you block someone, they can’t see your timeline or tag you or invite you to events or groups. They also can’t add you as a friend or contact you in chat. You can add people to a restricted list, which allows them to see your public posts, but not your friends-only posts (unless they are tagged). This can be a great way to save a friendship or family relationship if you have different political views. You can also just completely block users, messages, invitations to apps (like games), events, or pages.
How People Can Find You on Facebook
You can use this feature to control who can send you friend requests and who Facebook will “suggest” to you as a potential friend. You can also restrict search engines from linking to your profile.
Your Data Settings on Facebook
These are the apps and websites where you logged in using your Facebook credentials. It’s good to review this list occasionally and remove sites that you are no longer using. Note that these will expire on their own after a period of time. You can refresh them if you wish to continue allowing access.
Want to learn even more about privacy settings on Facebook? Visit the Privacy Center by clicking your profile, Settings & Privacy, then Privacy Center. This provides all kinds of resources and tools for enhancing your privacy on Facebook.
If you have been hacked, try visiting this Facebook page and complete the appropriate recommended steps: https://www.facebook.com/hacked?ref=helpcenter_hackedindex.
Unfortunately, it is much harder to fix things after being hacked versus preventing the hack in the first place. By spending a little time now setting up security measures, you can save yourself a LOT of time later by preventing those hacks from occurring at all!
