Top 10 Attacks by Facebook Hackers and How to Stop Them

As recent news has shown, Facebook isn’t all fun and games. The world’s most popular social network is prime fishing ground for cybercrooks, so it’s crucial that you know their tactics. Here are 10 of the most frequently used Facebook hacking scams—and the software and know-how you need to outsmart them.

1: Koobface

It’s been a while since Koobface made the rounds on Facebook, but that doesn’t mean it’s gone. This worm is a viral video that appears on users’ news feeds. However, they can only access it by “upgrading” their Flash Player in the included link; in reality, they’re downloading a worm.

What you should do: Never accept third-party downloads from an unverified source, especially a Facebook post.

2: Keylogging Attempts

One of the easiest ways to gain access to your social media or other accounts is to log all your keystrokes and capture your login credentials.

What you should do: Use an internet security software with keylogging protection to detect and safely remove it. Norton, Comodo, and Avast (among others) offer this feature.

3: Phishing Scams

Facebook is filled with classic phishing scams, like a link to a shopping or banking website that mimics a legitimate one so users input their login credentials. Facebook tries to delete these kinds of scams, but their manpower is limited.

What you should do: Use an internet security program with built-in phishing URL detection which will warn you if you access a phishing website, like Norton and Bitdefender.

4: Social Engineering Exploits

Social engineering scams take advantage of human behavior. For instance, a fake app may request users’ details (such as their birthday and city where they were born) to pass a verification check. The goal is to steal their login information.

What you should do: Always question why someone may want personally identifying information. Only give out personal details (such as your address, date of birth, and cell phone number) to those you absolutely trust.

5: The Email-Facebook Takedown Maneuver

If a cybercrook has gained access to your email, the floodgates of online destruction have opened. They may target your social media accounts with a simple email password reset to lock you out of your account.

What you should do: Enable two-factor authentication (2FA). You’ll need to input a text or emailed code every time you access Facebook from a new location, but you’ll prevent this attack.

6: De-masking Saved Passwords

You’ve probably been prompted by Google Chrome or your browser of choice to save your login passwords in the browser. This is fine if the only person accessing the computer is you, but never accept a password-save prompt from a public or work computer. Although saved passwords are usually marked with asterisks instead of letters to prevent manual inspection, there simple hacks like Google Developer Tools can expose or “de-mask” your login credentials.

What you should do: Never save a Facebook login credential or any other password in a browser on a shared computer.

7: Tabnapping

You’ve probably come across many sites that offer a button to create an account using your Gmail or Facebook login. While these can save time, don’t. Instead, always use the traditional email and password account creation/login process. Tabnapping occurs when the registration page redirects you to is fake and steals your real Facebook credentials. (NOTE: this type of faster login is also how teven genuine third-party apps gain access to your friends’ list and posts.)

What you should do: Always use an email-based account creation method. For extra safety, run an internet security program with phishing protection like Norton or Avira.

8: The Low-Tech Account Takeover

This one may seem simple but it’s serious. If you access Facebook from a public computer, make sure you log out when you are done! The bad habit of not logging out means someone could take over your account with the password reset procedure.

What you should do: Log out when you’re done using Facebook, even on your home computer, to get into the habit.

9: Packet Sniffing

If you’re using public WiFi, such as in a coffee shop or airport, it’s relatively easy for cybercrooks to capture your packets (the requests you send to the server when accessing a website, and the data it sends back). Usually, they’ll have to decrypt them to inspect their contents, but this isn’t hard for some scammers.

What you should do: Use a VPN whenever accessing Facebook or other sites from a public network. Bitdefender has great cybersecurity features and comes with a built-in VPN service.

10: Mobile Spy Software

Mobile espionage software lets hackers steal a user’s information through things like keylogging and login screenshot capture. It can capture Facebook login credentials and let hackers take over accounts.

What you should do: Never enable the “show password” function. Additionally, use a mobile security software such as AVG to root out any malware lurking on your device.

Don’t Fall Prey!

Hackers have many avenues for hacking your Facebook account by gaining your login credentials. Users should have internet security software on all devices, always log out after using web accounts, and avoid giving away sensitive information to strangers online.

About the Author

Sophie Anderson
Sophie Anderson
Cybersecurity researcher and tech journalist

About the Author

Sophie Anderson has spent the last 10 years working as a software engineer for some of the biggest tech companies in Silicon Valley. She now works as a cybersecurity consultant and tech journalist, helping everyday netizens understand how to stay safe and protected in an online world.