Someone has hijacked your Facebook account. Your Facebook Friends are receiving emails from you saying you were mugged in Paris. You have great friends; they are already wiring money to you. Other friends are getting emails from you asking them to click on this link to a hilarious new video. Your account is also spewing spam to friends of your Facebook Friends.
What do you do?
First, what you DON’T do: Don’t panic. It happens all the time. It has happened to me. And it happens to Facebook users so often that the security folks at Facebook have become adept at dealing with it.
STEP ONE: If the hacker has not already changed your password and profile information, log into your Facebook account and change your password. Your new password should be at least eight characters, preferably more, including at least one each of upper-case letters, lower-case letters, numbers, and special characters. Don’t use any words that can be found in a dictionary, English or otherwise. Don’t use birthdates, hometowns, pet’s names or any other information that can be found in your Facebook profile.
It amazes me how many people struggle to invent passwords. They can concoct elaborate and intricate lies about being late for work or school, but they freeze when asked to invent a nonsensical string of characters and numbers. So repeat after me:
I must change my Facebook password at least once a month!
Now, take the first letter of each word, and change “once a month” to 1x/mo.
Your new Facebook password is thus: ImcmFpal1x/mo!
Don’t use this phrase or password, of course. Make up your own.
Still stumped? Try the first line of one of your favorite poems. “Sing in me, Muse, and through me tell the story…” becomes Sim,M,atmtts… But we lack a number. So let’s make the password Sim,M,850BC, because we need a number and 850 B.C. is approximately when Homer lived. But you knew that.
How about a favorite line from the movies? “I’m as mad as hell, and I’m not going to take this any more!” might be shortened and modified to become: I’mng2ttam! (I’m not going 2 take this any more!).
Four score and seven years ago… In 14 hundred and 92 Columbus sailed the ocean blue … You get the drill. The longer and more complex and nonsensical the password, the less likely someone will guess it.
Okay, you’ve changed your Facebook password.
STEP TWO: Log out. Now log back in. Go to the address bar in your browser and type, www.facebook.com/hacked/, and hit enter. DO NOT go to your bookmarks bar and choose the bookmark for Facebook, because your hacker might have “redirected” it.
Log back in using your new password.
Now follow the directions that Facebook suggests.
Or, log into Facebook and go to the Help Center and click on the link, “I’ve been hacked.” Same drill.
Once you’re done, log out.
Next step: Upgrade to the latest version of your web browser. Whichever one you use – Chrome, Firefox, Safari, Explorer, etc. – be sure you have the most recent iteration. Browser boffins frequently add new security features. If you’re not using the latest version of your browser, you might be leaving your back door unlocked. I use Google Chrome, by the way.
Next step: Send a message to your friends. Tell them your account was hacked and warn them not to respond to, and not to click on any links contained in, any unread messages they might have received from you. Urge them to follow the same procedures you’ve just performed to secure your system.
Next step: Facebook offers a free, one-time virus scan. It is quite possible – especially if you use a Windows-based computer – that the Bad Guys have installed nasty software on your computer.
And now here’s the most important part: Be paranoid. Is Facebook’s software really scanning my computer for viruses? Or is it scanning my computer for personal information that it can then file away and sell to advertisers? Ask yourself, by taking advantage of Facebook’s “free” antivirus scan, am I letting strangers get access to all the personal information on my computer? My bank accounts? My emails? My photo library?
Excellent! Now you’re prepared for the day, some day soon, if you haven’t received it already, when you’ll get an official-looking notice saying something like, “Facebook has detected that malicious strangers are trying to hack your Facebook account. Enter your user name and password now to upgrade to a more secure system.”
Don’t do it.