After a number of friends recently had their Facebook accounts compromised, I thought I should offer a few tips to help you keep your own account safer. Whether you want to protect your Facebook account or your online bank account, learning to distinguish what’s real from what is not can help you protect your computer and your privacy.
One of the most common ways for unauthorized users to access your account (and there are many ways) is to send you an email to confirm your Facebook password. This is called phishing. At first glance, the email appears to have come from Facebook. Instead, a page has been created to look like Facebook.
A phishing email often claims that there is something wrong with your Facebook account and if you don’t respond quickly by confirming your password, your account will be deactivated. If you were to click on the given link it would take you to a page similar to a Facebook page, but it isn’t really connected to Facebook at all. Enter your password information at this point and the person who sent the email now has access to your account.
How can you tell if the email is really from Facebook?
Facebook would never send you a notice like this. They know your password. The only time you should ever type your Facebook username and password is when logging in directly to the Facebook.com site.
Learn to check your status bar regularly
Before clicking a link in an email or on a web page, you should always hover over the link with your mouse and carefully read the status bar at the bottom of your screen to determine exactly where the link will take you.
For example, below is an email from Amazon. You’ll see that when I hover my mouse over a link in the email, it shows the linked address in the status bar. Notice that in the example, the component of the URL immediately before the first single slash is “amazon.com”. This is exactly what I would expect from this company, so I would feel safe clicking on the link.
Below is an example of a link on Facebook which, obviously, would not take me where I think I should be going. Yuindrfstzi.tk. Suspicious.
In most cases, the things that happen to you online must be authorized by you. Because viruses can’t just download themselves to your computer at will, you need to give permission for the transfer to take place. Phishers continue to improve the look of what they’re doing in an effort to trick you into giving that permission. Be careful where you click and always read the status bar. You’ll find it will be one of the most valuable tools you have to protect yourself from malicious software.
If your status bar is not turned on, turn it on now.
What to do after your account has been compromised
Log into your account, directly from the facebook.com website, and change your password.
If you use the same password on any other accounts, change it immediately on those accounts too.