You need to protect yourself from these Facebook hacks and spam attacks

facebook security

If you have an Internet connection, you’re probably on Facebook. Despite this nearly ubiquitous use, it’s still fairly shocking how much information we and the network are willing to surrender. Our phone numbers, identities, interests, home address, email addresses, and other personally identifiable information is sitting in an insecure vault behind an easily crackable password. And if you are a hacker, you’re more than aware of this. 

Rob Rachwald, Director of Security and Strategy at Imperva, a security firm in California, revealed to us the many strategies that hackers are using to gain access to your personal information and credit card info, all through Facebook. “In general Facebook is not written to be secure. In fact the purpose of Facebook is to violate your privacy as much as possible. So what you’re doing in essence, you’re getting closer to people through an electronic medium at the expense of divulging information about yourself. That’s their business model.” But Rachwald credits Facebook for avoiding massive data breaches, like the Korean social networking competitor CyWorld that was speculated to have 35 million passwords stolen by the Chinese government. In many instances, Rachwald says, it’s actually the users that are divulging too much information or signing up for different sites, although Facebook is not without fault entirely since its platform is inadvertently hosting malicious activities.

With that in mind, here’s a 101 course on what Facebook hacks and attacks you need to keep an eye out for. 

Hacker strategies

Picture trolling

While this is an earlier practice that people would use to make money from, it’s evident it still goes on today. Facebook “friends” would sell images of attractive women, usually found in a user’s public Facebook album, to porn sites or publish them on public forums that would then circulate around the Web and without the users’ consent.


People have gotten smarter these days and are using more sophisticated measures, Rachwald tells me. One trend he’s noticed is hackers that are emulating profile information about an existing user and using that profile to deceive the victim’s friends into befriending them again on Facebook. What this means is that a hacker will create a new profile with the same or similar information about that person, including the profile photo, and “re-friend” all of the victim’s friends. In a matter of a few days, the profile created under misleading pretenses could have access to several hundred friends, while in the background a crawler is downloading all the personal data about these new “friends,” including email addresses, phone number, pictures, and other information.

One instance where this could be a particularly dangerous attack is that these “hackers” could ask the victim’s Facebook friends for money due to financial duress – and they might indulge, given that it appears that the request is coming from the friend.


If you’re in an authoritative position and a hacker wants to target you, organizational mapping is one strategy that professionals should be vigilant of. It’s not only on Facebook, and Rachwald says that it’s more of a threat on LinkedIn. Hackers will find out information about the friends of the victim through Facebook and find out who their best friend is. By assuming the false identity of the victim’s “friend,” the chances are greater that the victim will be comfortable clicking on a link with a virus, malware, or spyware embedded in the opened website. This is especially dangerous for individuals like bankers, politicians, and other authoritative professionals.

A tip for anyone who’s wary of opening up suspicious URLs, even if it is from a friend, a personal favorite that I like to use is

Geolocation information

What few of you might realize is that all of the photos that you take on a smartphone with GPS logs the exact location where you’ve taken that photo. So if you’re sharing these images to Facebook or another social network for that matter, and you’ve taken one in front or around your home, I could easily find out where you live. And there are a number of websites that can pull this type of information from your photos in an instant.

How hackers are abusing Facebook

Now specific to Facebook, these are the most popular ways that hackers are abusing Facebook.


Facebook for a long time has supported attachments in Facebook Messenger, and there are no in-app precautionary features that help to detect malware in suspicious attachments. Although users can scan files using Facebook endorsed third-party antivirus software. However a file can only be scanned once the attachment has been downloaded and it would be too late by then.

Photo baiting

We’ve all seen this before. False photos of Osama Bin Laden’s death for example, when news first broke, circulated on Facebook. Built using a Facebook app that automatically shared the image to your wall when you clicked on it, some versions of it opened up a porn site. Intriguingly enough, some hackers were using this as an opportunity to improve their SEO ranking in Google’s search results. What would happen was that by baiting Facebook users to click on the Bin Laden photo that opened up a porn site, it would improve the site’s ranking in search results when searching for Bin Laden.

Social Engineering

Facebook Pages have become a psychological indicator of authority for a website or brand. If there are 100,000 likes on a Facebook Page for a luxury car reseller, it must be legitimate, right? Unfortunately this thought process has deceived many Facebook users. One example of this that Rachwald explains to me was an elaborate scheme that “social” hackers socially engineered to lure users who checked out the Facebook page into purchasing luxury cars on a sham Website for a fraction of its cost. Of course the money being sent was being pocketed and there were no luxury cars to be sold in the first place.

Cracking passwords

You’d be surprised at how easily you can attain a password hacking program from the Web. Rachwald tells me about one that he’s seen making rounds, and it’s apparently supported by tutorials on YouTube. We wouldn’t recommend that you to look around for these tools since in many instances these programs are laced with Trojans themselves. But with the right program, which use a brute force method to figure out your password, the effects can be devastating to any victim. Especially now, with features like Photo Sync, which automatically syncs every photo that you take from your smartphone, a hacker could get a hold of intimate or personal images that you wouldn’t want see publicly online.

Facebook Apps

Any developer, or wannabe developer, with a little knowledge of code can use readily available resources to put together a Facebook app intended for malicious purposes. And it’s an effective medium since all information that you share with these developers, including your email, access to your News Feed, phone number, photos, and other personal data can be logged and used against Facebook’s Terms of Use. For example if you find a credit card form in a gaming app and add your information, that developers has access to your credit card number.

It’s up to you to protect yourself

In the majority of cases, Rachwald tells me, it’s the consumers, or third-party sites that have access to your Facebook data, that are being breached from hackers or being tricked into revealing personal information. Rachwald brings to my attention that in 2009, third-party Facebook game developer RockYou was hacked by an SQL injection method, which Imperva first recognized, and over 30 million names and social media passwords was exposed.

But on some occasions, Facebook will leave itself open to vulnerabilities. For example an anonymous tipster from a hacker forum recognized that when you delete Facebook Messenger’s desktop app, it stays in your registry. The danger here was that Facebook User ID was left exposed, which could easily be copied with a Trojan virus. I checked that vulnerability recently and recognized that it appeared to have been silently patched by Facebook, although the file in my registry remains.

At the end of the day, you’re left on your own to protect your personal information. Rachwald himself isn’t on Facebook for the reasons discussed above. Despite the precautions you might take, Facebook’s obvious reluctance to address its security vulnerabilities means hackers are always coming up with new and innovative measures to manipulate users. Facebook is the largest social network with more than one billion users,  making it a hacker’s playground and paradise – and nothing is going to change that. 

Social Media

Twitter boss again teases the idea of a button to edits tweets

Twitter CEO Jack Dorsey has suggested the company is still looking at options for allowing people to edit tweets. Ideas include a function that gives you up to 30 seconds to recall a tweet before it goes live on the service.

How to keep a PS4 in your pocket with the PlayStation Mobile app

Sony built the PlayStation 4 with smartphone and mobile integration in mind. Take a look at our guide for connecting your smartphone or tablet to a PS4, so you can get the most out of the system while on the go.

Need a date for Valentine's Day? Cozy up with the best dating apps of 2019

Everyone knows online dating can be stressful, time-consuming, and downright awful. Check out our top picks for the best dating apps, so you can streamline the process and find the right date, whatever you're looking for.

Make a GIF of your favorite YouTube video with these great tools

Making a GIF from a YouTube video is easier today than ever, but choosing the right tool for the job isn't always so simple. In this guide, we'll teach you how to make a GIF from a YouTube video with our two favorite online tools.

Switch up your Reddit routine with these interesting, inspiring, and zany subs

So you've just joined the wonderful world of Reddit and want to explore it. With so many subreddits, however, navigating the "front page of the internet" can be daunting. Here are some of the best subreddits to get you started.
Social Media

‘Instagram egg’ embarks on a new adventure as man behind it is unmasked

The Instagram egg made global headlines recently after it became the most-liked post on the photo-sharing app. The person behind the account has now been revealed, as has his reason for choosing an egg for the stunt.
Social Media

Periscope tool adds guests to feeds so streamers can become talk show hosts

Periscope users can now invite viewers to chime into the conversation with more than just the comment tool. By enabling the option to add guests, livestreamers can add guests to the conversation, in audio format only.

Crouching, climbing, and creeping, the perfect Instagram shot knows no bounds

Just how far will you go for the perfect Instagram? A recent survey shows just how willing Instagram users -- and Instagram husbands -- are to climb, lie down, embarrass themselves or let their food go cold for the perfect shot.
Social Media

Facebook’s long-promised ‘unsend’ feature arrives. Here’s how to use it

Send a message to the wrong person? Messenger now gives you 10 minutes to take it back. After an update beginning to roll out today, users can now retract messages if they act within the first 10 minutes after sending the message.
Social Media

YouTube boss admits even her own kids gave the ‘Rewind’ video a thumbs down

YouTube's 2018 Rewind video went down like a lead balloon at the end of last year, becoming the most disliked video in its history. And now YouTube's CEO has admitted that even her own kids thought it was pretty darn awful.
Social Media

Snapchat finally recovers from its redesign — so here comes an Android update

Snapchat's drop in users after launching a controversial redesign has finally stagnated. During the fourth quarter and 2018 earnings report, Snapchat shared that the company is rolling out an Android update designed to increase performance.
Social Media

Skype’s new ‘blur background’ feature could help keep you from blushing

Skype's latest feature for desktop lets you blur your background during video calls. The idea is that it keeps you as the focus instead of distracting others with whatever embarrassing things you might have on show behind you.
Social Media

Twitter users are declining but more people are seeing ads every day

Twitter's end-of-the-year report for 2018 is a mix of good and bad news. The good news is that more users are seeing adds daily, the metric the company will focus on moving forward. But the bad news is that monthly active users are…

YouTube beats Apple, Netflix as the most trusted brand by millennials

The popular video sharing website YouTube climbed up in an annual Mblm study, moving up from third place in 2018 and coming ahead of both Apple and Netflix in final 2019 rankings.