How to keep your Facebook account from being hacked (really)

Want to prevent criminals from hacking your Timeline? Ignore those alarmist Facebook status updates and follow these steps instead.

Concerned about the security of your Facebook account? You should be. As the Wall Street Journal recently reported, “social spam” is the new black among the blackhats. But that doesn’t mean you should believe every silly rumor and/or status update you see about it. 

Lately I’ve been seeing the following status update crop up on the walls of some of my otherwise savvy friends:

Hello friends, as you all know I like to keep my FB private except to those I am friends with. So if you all would do the following, I'd appreciate it. With the new FB timeline on its way this week for EVERYONE, please do both of us a favor. Hover over my name above. In a few seconds you'll see a box that says : "Subscribed". Hover over that, then go to "comments and likes" and unclick it. That will stop my posts and yours to me from showing up on the bar side for everyone to see, but most importantly it limits hackers from invading our profiles. If you repost this I will do the same for you. You'll know I've acknowledged you because if you tell me that you've done it I'll "like" it.

This is, of course, donkey manure. It is yet another hoax some dork without a life started propagating across Facebook a few weeks or months ago. It’s harmless, but it is also full of misinformation. To wit:

First: Though Timeline will be rolled out to all Facebook users sometime soon, I think the privacy concerns are overblown. Unless you have a dark Facebook history you’re trying to hide, there’s no cause for alarm (and if you do have a dark Facebook history, you’ve got bigger problems than Timeline).

Second: Yes, you can follow the instructions to manage what you subscribe to and from whom. But all you’ll achieve is banishing your friends’ likes and comments from your News Ticker. Period, full stop. You’ll still see their posts in your News Feed or on their walls; it does nothing – nada, zilch, squat – to protect you from hackers.

You want to protect yourself from being hacked? Do this.

* Make sure you’ve enabled Secure Browsing. That uses an encrypted (https) connection instead of the standard one, which scrambles your data so that creep sitting behind you in Starbucks can’t use Firesheep or a similar network sniffer to steal your Facebook logon out of the air.

[img_assist|nid=239977|title=Turn on Secure Browsing in Facebook|desc=|link=none|align=center|width=594|height=150]

If you don't already have this turned on, here's how to do it: Go to your Account Settings. Click the Security icon on the left and select Secure Browsing * Edit. Put a checkmark in the box next to “Browse Facebook on a secure connection (https) when possible.” Click Save Changes, and you’re done. Easy peasy.

* Turn on Login Notifications. This will alert you when your Facebook account has been accessed from a new device. Follow the same steps as above, only select the next item on the list. If somebody who isn’t you is accessing your account, you’ll get an email.

* Add a security code to new devices. If you want to be extra cautious, go to item number three in the Security Settings and set up Login Approvals. This will send a new passcode to your mobile phone every time you log into Facebook from an unknown device, which you’ll then have to use as your login password. It’s a bit of a hassle, so only do this if you’re really concerned about Facebook security (or more paranoid than the average bear).

* Change your password early and often. Yes, I usually ignore this too. But if you get alerts about somebody accessing your account who isn’t you, or see weird posts and messages on your Facebook page that you didn’t put there, odds are good somebody hacked or guessed your password. First step in the recovery process is to change your password ASAP. Follow the usual advice about using upper/lower case letters, numbers, oddball characters, etc. Yes, it’s annoying, but it’s also just as annoying to hackers, and that’s the point.

One caveat on the above: If somebody’s already hacked your email account, they’ll also be getting all your password recovery emails. So you’d better secure that first, following the same steps.

[img_assist|nid=239979|title=Do not fall for the Remove Facebook Timeline scam|desc=|link=none|align=center|width=600|height=462]

Image courtesy of ZDnet’s Zero Day blog.

* Be wary of scams. For example: the bogus “Remove Facebook Timeline” scam that is now circulating. Clicking “Continue” or “Like” on that one could allow the scammer to hijack your account. If you see an alarming message in somebody’s Facebook status updates, visit or just Google it and check it out before buttering it all over your page too. Odds are it isn’t what you think.

* Be smart. Going out on the InterWebs without adequate security software – anti-virus, anti-malware, anti-you-name-it – is like wandering into a tigers cage slathered in Everett & Jones barbecue sauce. If your PC has been compromised by a keylogger or remote access Trojan (RAT), none of these defenses will do you much good. There’s a word for people who go online without adequate protection, and that word is “lunch.”

Got a question about social media? TY4NS blogger Dan Tynan may have the answer (and if not, he’ll make something up). Visit his snarky, occasionally NSFW blog eSarcasm or follow him on Twitter: @tynan_on_tech. For the latest IT news, analysis and how-to’s, follow ITworld on Twitter and Facebook.

ITWorld DealPost: The best in tech deals and discounts.
Shop Tech Products at Amazon