Change your password...do it now!.
Probably the easiest point of access to your account is through guessing your password. If your password is guessable, do change it now. If not for your sake but for everyone else in your friends list. Remember that when one account gets hacked, personal information of everyone in your friends list will be exposed. A strong password should contain both uppercase and lowercase letters, special characters like @ or ! or ?, numbers and even a space here and there. @MeSoSexy123
doesn't count, it's quite guessable. If possible, change your passwords often. Preferably, once every few months. Attackers may guess and keep your password untill it can be used to do most the damage to you so to at least to lessen the possibility of that happening, this would be good. Also, avoid using the same password everywhere. I'm sure that most of you do.
An interesting article about how to create easy to remember but strong articles can be found here.
Strong (but Easy-to-Remember) Passwords by Dan Rollins
Don't open emails from Facebook (or something that looks like it)
, although easy to detect, are quite common. Someone can direct you to a page that looks just like Facebook (or wherever) and steal/log whatever you type into the password box without having you even realizing that you've been scammed. Always check the URL in the address bad and make sure that it's pointing to "Facebook.com"
Don't allow shady looking applications access to your profile
Just don't...Applications can exploit vulnerabilities in the Facebook API and perform XSS attacks to steal your cookies. If you didn't get what i just said..every time you log into Facebook, a small file(or more) is made in your browser which will tell Facebook that you are logged in and legitimate. An attacker can steal these cookies quite easily and do changes to your account. While this kind of attack may not be too effective, as it has to be done at a time that both you and the attacker are online at the same time, your private information will never the less be exposed.
Avoid logging into Facebook through public networks.
Public networks include Wi-Fi hotspots, Hotel Ethernets and even Office networks. I have so many stories about how fellow employees at their workplaces have stolen their Facebook and other passwords. This could be by looking over your shoulder (if that happens..you deserve to be hacked
:P) or by a little more complicated attack. These aren't too easy to avoid, but try to always use "https://facebook.com/
" to log in. It won't guarantee anything, but at least someone won't be able to steal your cookies by using a packet sniffer too easily. A packet sniffer is a simple tool that a person can use to listen in on everything that is sent from your computer through the network. This method is quite similar to a wiretap on a telephone line. Make sure your computer has a good anti-virus software installed. Some virus scanners provide a certain level of network security that can prevent ARP poison attacks or even changes made to your hosts file which can let someone perform an undetectable phishing attack. Allow me to explain briefly. All computers in a network, which has access to the internet will have to go through a router which connects any outside network, to your inside network. An ARP Poisoning attack makes your computer think that the attackers computer is the router that all your data should go through. This way, an attacker can intercept all data sent from your computer, record them and forward them to the rightful destination, the router. These attacks can be performed using simple tools (no I won't tell you what these are
) and you will never notice that you are indeed being intercepted so a good virus scan is definitely a must!. It's always good to keep your computer free from viruses. A virus scanner will prevent installation of most key loggers which are mostly sent through emails. Think twice before you open that hilarious new video of something something sitting in your inbox. If an attacker knows anything about the programs you use to view these files, a virus or trojan horse can be packed within these videos that can steal your information or even do damage to your computer.
I might have missed something and if i have, put a comment...I hope this would prove to be useful for someone. If you realize that your account has been hacked somehow, promptly change your password and send an email to Facebook and see if they can help. Know that someone has done something illegal and whoever can get some serious jail time if he/she is caught.