It has been 6 years since I left my job at Facebook, but I still get requests from friends and acquaintances to help take down their fake profiles from Facebook or restore access to their account that got hacked. Almost all these cases could have been prevented by following a few basic tips.
How to stay safe on Facebook?
To be fair to Facebook, the company has teams that work day in day out to keep the platform safe. But there isn’t much Facebook (or any other company for that matter) can do technically to prevent social engineering.
There are, however, certain best practices that you can follow to prevent anyone from creating your fake profile or gaining access to your account.
But let’s first understand how a fraudster uses social engineering to defraud you.
A person who wants to gain access to your account or create your fake profile would first go through your profile to figure out details about you – where were you born, your birth date, name of your spouse, your school, etc.
If they get all of this information, it gets easier to gain access to your account – not just Facebook but any account. Think about the security questions that you provided some of the websites when creating your account:
what’s your mother’s maiden name?
where were you born?
where did you first meet your spouse?
Do these questions sound familiar? While the new-age websites have advanced security features to prevent unauthorized access, a lot of websites still use such security questions to identify you if you forget your password.
Such questions made sense 20 years ago when this information was known only to you. But today this information could be available to anyone who is on your Facebook friend list! Armed with this information they can easily impersonate you online to ask for money from your friends or gain access to your financial accounts.
So, let’s see what we can do to prevent this!
1. Only add people you personally know to your friend list.
This should be obvious, but a lot of people add strangers to their Friend List without knowing anything about them, because they interacted with them in a group, or like their posts, or just to increase their friends count!
A famous Quoran built his entire online persona on lies, got 40K followers through his answers on Quora, conned many of those followers into lending him money, and then vanished.
So, keep your friend list only for people you know personally.
2. Use Restricted Friend List.
If, for some reason, you have to add a person you don’t know well enough then add them to the Restricted friend list. People added to Restricted friend lists can only see posts that you set as public.
To add someone in the Restricted list, go to their profile, click on ‘Friends’, go to ‘Edit Friend List’ and then select ‘Restricted’ from the dropdown.
3. Hide your friend list.
A lot of people keep their friend list visible to everyone, others keep it visible to their friends. You must do neither of that! Your friend list should be visible only to you.
- If your friend list is open to all, anyone who wants to target you can create your fake profile and start sending friend requests to your friends.
- If your friend list is visible to only your friends, you are in a better situation but not completely secure. If one of your friend’s accounts gets compromised the imposter can then go through your friend list, create a fake account, add your friends, and ask them for money in your name.
To hide your friend list, go to:
-> Account (click on the heart icon at the top right of your Facebook account on Desktop or Menu icon on the mobile app)
-> Settings & Privacy
-> Privacy (Privacy Settings if you are on the app)
-> How People Can Find And Contact You
-> Who Can See Your Friend List
New Around Here?
Subscribe to receive updates when new content is published.
4. Hide your personal details.
The more information available publicly on your profile, the easier it is for an imposter to create your fake profile and convince others that it’s actually you! So, avoid sharing personal details, such as the date you got married, your spouse’s name, etc publicly. Either keep this information visible only to you or if you can’t live without sharing it then at least change the privacy to friends only.
To do that, go to:
-> Your Profile (click on your photo when you open Facebook to go to your profile)
-> Edit Profile
-> Edit Your About Info
-> Go through each section and change privacy settings where required
5. Lock your profile.
Facebook introduced a useful security feature some time back that lets you lock your profile completely. The most significant change that happens on locking your profile is that only your friends can see your full-size profile picture and cover photo. This ensures that a stranger can’t use your profile photo or cover photo for creating a fake profile.
You can get more information about locking the profile here.
6. Set up 2-fac authentication on your account.
Two-factor authentication is an added security layer on top of your account password.
In a normal scenario, anyone can access your account if they know your log-in id and password. But if you enable 2-factor authentication on your account, Facebook will ask for a code when you (or someone) try to log in from an unrecognized device.
To enable this, on your Facebook homepage go to:
Account -> Settings & Privacy -> Settings -> Security & Login -> Two-factor Authentication
You can also use this direct link to reach the Security & Login page and then scroll down to the Two-factor Authentication section.
You will see 3 options to get a 2-fac authentication code – Text Message, App and Recovery Codes. Enable all three, or at least two.
I prefer keeping Recovery Codes as one of the options because you need to have your phone with you for the other two options. Recovery Codes will help you get access in case you do not have your phone. But make sure that the recovery codes are stored safely, such as inside a password manager.
7. Turn on alerts about unrecognized logins.
Facebook can notify you if someone tries to log in from a device that you don’t generally use. After turning on two-fac authentication, scroll further down on the Security & Login page to reach the “Setting up extra security” section, and turn on “Get alerts about unrecognized logins”.
8. Add trusted contacts.
While you are there you can add up to 5 of your friends as Trusted Contacts. Your trusted contacts can securely help gain access to your account if you ever lose access to it.
9. Use a strong and unique password.
Use a strong and unique password for all your accounts and don’t share it with anyone, don’t write it down. Don’t have a password that can easily be guessed.
This is the most basic step, but you will be surprised to know how many people miss this.
There is a practical challenge when it comes to creating strong and unique passwords. It’s difficult to memorize so many passwords. But there is a solution for that – Password Managers.
Password Manager is like a bank vault that stores your passwords. You only need to remember one master password that is used to access all other passwords. Your passwords are stored in an encrypted format that can only be decrypted using the master password that you have. So even if the password manager gets hacked your password would still be safe; well, most probably – it depends on how good is the encryption mechanism used by the password manager.
There is a lot of literature out there on password managers so I won’t go into the details of how they function, but I’ll recommend two services – BitWarden and LastPass.
While following the points above will keep your account secure, the first point (not adding strangers as friends on Fb), and the last point (using a strong password) are your first line of defense.
You won’t use a cheap lock at your home, and you won’t let strangers inside your home.
Apply the same caution when it comes to your digital life!
Check these articles on the blog that you might like.