Is there a way for me to see if my Facebook account has been hacked?
With more than one billion active daily users, Facebook increasingly is becoming an attack vector of choice for those with malicious intent.
Facebook is a target-rich environment not only because of the huge number of users, but because of the sensitive information that so many have provided the network that helps to pull off identity theft.
Birth dates, mother’s maiden name and using a compromised profile to login to other services is just the beginning of the desirable identity elements for thieves.
There are a variety of common techniques that scammers use to gain access to your profile, with many of them focusing on phishing scams with malicious links or fake login requests.
Fake duplicate accounts
Another very common practice that gets people thinking that their accounts have been hacked is actually just a fake duplicate of your profile.
It only takes a few minutes to download your public profile image and publicly available information to create what looks like your account to your friends.
Most of these scams will try to trick your friends into accepting a new friend request that looks like it’s from you so they can perpetrate their scam as a “trusted friend.”
In these cases, posting a warning to all your friends and asking them to help you report the fake duplicate will generally get the account taken down fairly quickly.
The process for reporting fake accounts is posted at Facebook’s How do I report a fake account? page.
Has my account been hacked?
Certainly, there are clear indicators that someone had gained access to your account, such as when you see posts with which you had nothing to do or private messages that were sent to your friends that were not from you.
The first step to determining whether others are actually using your account is to check the “Where You’re Logged In” page in the security portion of your settings.
This page will list every location, device and last access time for all your active sessions, so if you see a location or device that you don’t recognize, that could be an indication of a compromise and you should immediately change your password.
If you don’t initially recognize an entry, remember that if you’ve ever borrowed a friend’s computer to use your account, that computer may still have access to your profile and many friends will take the opportunity to prank you.
You can remove any of the entries by clicking on the “End Activity” link next to each session or click on the “End All Activity” to kill all sessions except your current one.
Keep in mind, with data breaches occurring almost daily, if you’re using the same username and passwords on most of your online accounts, it’s a walk in the park for someone to start using your Facebook account.
My advice to everyone is that you should assume that all your usernames and passwords will be compromised at some point, so activating “Login Approvals“or “2 factor authentication” on every account is essential.
Editor’s note: Ken Colburn is founder and CEO of Data Doctors Computer Services.