You need to protect yourself from these Facebook hacks and spam attacks

facebook security

If you have an Internet connection, you’re probably on Facebook. Despite this nearly ubiquitous use, it’s still fairly shocking how much information we and the network are willing to surrender. Our phone numbers, identities, interests, home address, email addresses, and other personally identifiable information is sitting in an insecure vault behind an easily crackable password. And if you are a hacker, you’re more than aware of this. 

Rob Rachwald, Director of Security and Strategy at Imperva, a security firm in California, revealed to us the many strategies that hackers are using to gain access to your personal information and credit card info, all through Facebook. “In general Facebook is not written to be secure. In fact the purpose of Facebook is to violate your privacy as much as possible. So what you’re doing in essence, you’re getting closer to people through an electronic medium at the expense of divulging information about yourself. That’s their business model.” But Rachwald credits Facebook for avoiding massive data breaches, like the Korean social networking competitor CyWorld that was speculated to have 35 million passwords stolen by the Chinese government. In many instances, Rachwald says, it’s actually the users that are divulging too much information or signing up for different sites, although Facebook is not without fault entirely since its platform is inadvertently hosting malicious activities.

With that in mind, here’s a 101 course on what Facebook hacks and attacks you need to keep an eye out for. 

Hacker strategies

Picture trolling

While this is an earlier practice that people would use to make money from, it’s evident it still goes on today. Facebook “friends” would sell images of attractive women, usually found in a user’s public Facebook album, to porn sites or publish them on public forums that would then circulate around the Web and without the users’ consent.


People have gotten smarter these days and are using more sophisticated measures, Rachwald tells me. One trend he’s noticed is hackers that are emulating profile information about an existing user and using that profile to deceive the victim’s friends into befriending them again on Facebook. What this means is that a hacker will create a new profile with the same or similar information about that person, including the profile photo, and “re-friend” all of the victim’s friends. In a matter of a few days, the profile created under misleading pretenses could have access to several hundred friends, while in the background a crawler is downloading all the personal data about these new “friends,” including email addresses, phone number, pictures, and other information.

One instance where this could be a particularly dangerous attack is that these “hackers” could ask the victim’s Facebook friends for money due to financial duress – and they might indulge, given that it appears that the request is coming from the friend.


If you’re in an authoritative position and a hacker wants to target you, organizational mapping is one strategy that professionals should be vigilant of. It’s not only on Facebook, and Rachwald says that it’s more of a threat on LinkedIn. Hackers will find out information about the friends of the victim through Facebook and find out who their best friend is. By assuming the false identity of the victim’s “friend,” the chances are greater that the victim will be comfortable clicking on a link with a virus, malware, or spyware embedded in the opened website. This is especially dangerous for individuals like bankers, politicians, and other authoritative professionals.

A tip for anyone who’s wary of opening up suspicious URLs, even if it is from a friend, a personal favorite that I like to use is

Geolocation information

What few of you might realize is that all of the photos that you take on a smartphone with GPS logs the exact location where you’ve taken that photo. So if you’re sharing these images to Facebook or another social network for that matter, and you’ve taken one in front or around your home, I could easily find out where you live. And there are a number of websites that can pull this type of information from your photos in an instant.

How hackers are abusing Facebook

Now specific to Facebook, these are the most popular ways that hackers are abusing Facebook.


Facebook for a long time has supported attachments in Facebook Messenger, and there are no in-app precautionary features that help to detect malware in suspicious attachments. Although users can scan files using Facebook endorsed third-party antivirus software. However a file can only be scanned once the attachment has been downloaded and it would be too late by then.

Photo baiting

We’ve all seen this before. False photos of Osama Bin Laden’s death for example, when news first broke, circulated on Facebook. Built using a Facebook app that automatically shared the image to your wall when you clicked on it, some versions of it opened up a porn site. Intriguingly enough, some hackers were using this as an opportunity to improve their SEO ranking in Google’s search results. What would happen was that by baiting Facebook users to click on the Bin Laden photo that opened up a porn site, it would improve the site’s ranking in search results when searching for Bin Laden.

Social Engineering

Facebook Pages have become a psychological indicator of authority for a website or brand. If there are 100,000 likes on a Facebook Page for a luxury car reseller, it must be legitimate, right? Unfortunately this thought process has deceived many Facebook users. One example of this that Rachwald explains to me was an elaborate scheme that “social” hackers socially engineered to lure users who checked out the Facebook page into purchasing luxury cars on a sham Website for a fraction of its cost. Of course the money being sent was being pocketed and there were no luxury cars to be sold in the first place.

Cracking passwords

You’d be surprised at how easily you can attain a password hacking program from the Web. Rachwald tells me about one that he’s seen making rounds, and it’s apparently supported by tutorials on YouTube. We wouldn’t recommend that you to look around for these tools since in many instances these programs are laced with Trojans themselves. But with the right program, which use a brute force method to figure out your password, the effects can be devastating to any victim. Especially now, with features like Photo Sync, which automatically syncs every photo that you take from your smartphone, a hacker could get a hold of intimate or personal images that you wouldn’t want see publicly online.

Facebook Apps

Any developer, or wannabe developer, with a little knowledge of code can use readily available resources to put together a Facebook app intended for malicious purposes. And it’s an effective medium since all information that you share with these developers, including your email, access to your News Feed, phone number, photos, and other personal data can be logged and used against Facebook’s Terms of Use. For example if you find a credit card form in a gaming app and add your information, that developers has access to your credit card number.

It’s up to you to protect yourself

In the majority of cases, Rachwald tells me, it’s the consumers, or third-party sites that have access to your Facebook data, that are being breached from hackers or being tricked into revealing personal information. Rachwald brings to my attention that in 2009, third-party Facebook game developer RockYou was hacked by an SQL injection method, which Imperva first recognized, and over 30 million names and social media passwords was exposed.

But on some occasions, Facebook will leave itself open to vulnerabilities. For example an anonymous tipster from a hacker forum recognized that when you delete Facebook Messenger’s desktop app, it stays in your registry. The danger here was that Facebook User ID was left exposed, which could easily be copied with a Trojan virus. I checked that vulnerability recently and recognized that it appeared to have been silently patched by Facebook, although the file in my registry remains.

At the end of the day, you’re left on your own to protect your personal information. Rachwald himself isn’t on Facebook for the reasons discussed above. Despite the precautions you might take, Facebook’s obvious reluctance to address its security vulnerabilities means hackers are always coming up with new and innovative measures to manipulate users. Facebook is the largest social network with more than one billion users,  making it a hacker’s playground and paradise – and nothing is going to change that. 

Social Media

Facebook says it unintentionally uploaded email contacts of 1.5 million users

Facebook says that over the last two years it unintentionally uploaded the email contacts of 1.5 million users as they signed up to the social networking service. The process has ended and the email addresses are being deleted.

Amazon and Best Buy halve the price of the Facebook Portal for Mother’s Day

Amazon and Best Buy both cut the price in half for the Facebook Portal smart display for Mother's Day. The Portal's smart camera will follow you as you move around the room during video calls. The Portal also has Amazon Alexa built in.
Social Media

No more moon showers as Facebook Messenger’s dark mode gets official rollout

Facebook Messenger launched a dark mode last month, but to activate it you had to message the crescent moon to someone. Now it's been rolled out officially, and it can be accessed in a far more sensible way — via settings.

Federal jury convicts malware creators of hijacking 400,000 computers

Two Romanian men have been convicted by a federal jury for using malware to hijack 400,000 computers in order to steal credit card information, engage in cryptomining, and commit online auction fraud, among a number of other crimes.
Social Media

Looking to officially rid your inbox of Facebook messages? Here's how

Deleting messages from Facebook Messenger is almost as easy as scrolling through your News Feed. Here, we show you how to delete an entire conversation or a single message, both of which take seconds.
Social Media

LinkedIn: Now you can express love, curiosity, and more with new Reactions

LinkedIn is following in the footsteps of Facebook (three years later!) with the rollout of new reactions that give users more ways to express themselves when responding to posts in their feed.
Social Media

Twitter’s experimental Twttr app is even more popular than the real thing

Twttr, the new app that lets regular Twitter users test new features, is proving more popular than the main app, according to the company. The revelation suggests some of the innovations may land for all Twitter users soon.
Social Media

Messenger and Facebook, together again? Facebook tests integrating chats

Longing for the old days where Facebook and Messenger were one app? Facebook is testing an integrated chat option. While Messenger remains more feature-rich, the test brings some chat functionality back into the Facebook app.
Social Media

How to download Instagram Stories on iOS, Android, and desktop

Curious about how to save someone's Instagram Story to your phone? Lucky for you, it can be done -- but it does take a few extra steps. Here's what you need to know to save Instagram Stories on both iOS and Android.
Social Media

Facebook, Instagram, and WhatsApp went down worldwide for 2 hours this morning

Chaos erupted on the internet this morning, as Facebook, Instagram, and Whatsapp all went down from 6:30 a.m. to approximately 9 a.m. Thousands of users were unable to access the sites or send or receive Whatsapp messages.

Skype screen sharing for mobile will let you share your swipes on dating apps

Skype is prepping the launch of screen sharing for mobile so you can share your swipes on dating apps, shop with buddies, or, perhaps, show a PowerPoint presentation to coworkers. It's in beta just now, but anyone can try it.
Social Media

Facebook toys with mixing Stories and News Feed into one swipeable carousel

Facebook's News Feed could look a lot like Stories if a prototype the social media giant is working on rolls out to users. The design change mixes Stories and News Feed posts into a full-screen slideshow that users swipe left to navigate.

Twitter has revealed a launch date for its handy hide replies features

Twitter has revealed a launch date for a feature that lets users hide replies to their tweets. The hope is that it will help the original poster filter out offensive or irrelevant content from conversation threads.
Smart Home

Oh, Zuck, no! Facebook rumored to be creating a voice assistant to rival Alexa

Facebook hasn't been a big player in the smart speaker market, but that may be changing: The social media giant is reportedly working on a digital assistant to compete against Alexa and others.