Evade this trap !!
Don’t lose your account to a black hat hacker by clicking on some malicious links. Facebook one of the biggest social media platform has its own share of pros and cons. Today I will talk about one way your account can be compromised by an attacker and how to avoid it.
For the active users in Facebook, you might have noticed that a times you get tagged in some posts with funny & catchy headlines, or breaking news headline, or x-rated contents with links that when clicked they prompt you to provide your logins. More often than not, these kind of posts are malicious. You can be a victim of this kind of attack too and it’s important for one to take precaution while online.
First let me say that when you find yourself tagged in such content even if it’s from a relative or friend you know, just know that their account has been compromised by an attacker – even though the account owner might have taken part in it without knowing – and the best you can do is to reach out them directly if you have the means and notify them of the same. I will be telling you shortly how this happens.
How Does it Happen?
The attacker will create a malicious post containing any kind of content explained above but mostly a video clip and a times with a blurry featured image – by design – to arouse curiosity. The attacker will tag as many people as possible and the moment you click on the post, or the view button, if its a video cli, it will preview in a split second or if its an image it will not load the preview and suddenly a prompt will pop up on the screen asking to you to either:-
- Verify that you are the right owner of the account before you can proceed to watch the clip or view the image or unlock the content, or
- Verify your age before you can proceed.
Here you are required to verify/confirm by entering your Facebook user name and password. Please note: At this point, as long as you had already logged into Facebook, just know that the pop up link is not a Facebook link, and Facebook will not ask you to verify you age or account ownership by you providing your login credentials to view a clip/image or link posted by another user. The link in such a case is directly from the attacker’s server and the moment you provide your login credentials and submit or click verify or submit, your login credentials will be sent directly to the attacker’s server. After that you will either be redirected back to your profile or nothing will happened at all and immediately the attacker will take over your account since they have fetched your user name and password.
Preventing this Kind of Attack
- Whenever you are browsing Facebook or any other social media platform and you get tagged in a post that asks for your logins before you can view it yet you are already logged in, don’t open the link, don’t provide your credentials, just ignore it even if its from a friend you know, their account has already been compromised by the attacker the one posting such.
- Any link you click when already logged into you profile and its asking you to provide your login credentials to view the content, mostly video clips, ignore the post, remove the tag, or just unfriend or block if it’s from unknown user!. Please note: For YouTube links posted on Facebook, its okay to Sign in to YouTube when promoted especially when you want to subscribe to a channel using your phone but make sure you look at the (url) link to confirm its YouTube | accounts.google.com. In fact take a second and Subscribe to my YouTube channel for more tips like this.
- Update your Facebook profile security settings so that any post you are tagged in will NOT appear in your profile not unless you review and approve before it shows up in your profile.
- Add your phone number and email as your account recovery options so that you can easily reset your account logins just in case it’s compromised.
How to Recover Your Account
- Reset your account with the option of forgot password and follow the available prompts given by Facebook. This is now the importance of having linked your phone number and email to your profile because you can use them to recover your account.
So, What Next?
- Don’t click on posts such as the ones explained above, avoid opening links that ask you to provide your login credentials if you are unsure.
- If you haven’t updated your Facebook account recovery details such as phone number and email, do so now.
You can comment below, or share this article with someone. Keep safe!
