Quick and easy actions to secure your Facebook and Instagram accounts from hackers.
*Updated November 2022
Wondering how you tagged a bunch of other people in a random article about financial success?
Wondering why you got a bill from Facebook for some ads you ran for footwear using your landscaping business page?
Or maybe you’re having trouble logging into your account, thinking you’ve just misplaced your password. Meanwhile, your friends are receiving random messages from you.
You’re not alone.
The New York Post cited over 160,000 Facebook accounts were reported as hacked in 2019.
With the amount of personal data stored in Facebook, it’s no wonder it’s a popular playground for hackers. The trouble is, we often make it easy for them. And once they are in, they can mine your data – and your friends’ data - for more opportunities.
I like to present solutions, rather than talk about problems though, so here are some quick and easy actions you can today to secure your Facebook and Instagram profiles against hackers.
Firstly don’t let the hackers in
It’s a common misconception that people break into Facebook/Instagram directly and there have been a lot of data breaches lately so that is very possible. But it’s more likely they’ve hacked in through an unprotected email account, which is an even bigger problem. Many people have had the same email for years (Hotmail, Yahoo, AOL etc) and it probably has the same, easy to remember password from when you created the account. This is because when we set up this stuff, we often used our ‘junk email’ to not get bothered by updates. Back in the early 2000’s when we were just getting started with social media, we also had no idea how quickly it would take over our lives, nor how much data it would retain.
When someone has control of your email they can send password recovery emails there and break into more than just your social media before you even realise it. They can be tricky too - deleting all evidence so you’re none the wiser.
Secure your email first
Please update your email AND your recovery email passwords and use two factor authentication. This is when a verification code is sent to your phone, via an app or sms, as a second layer of proof that your email account or Facebook account is yours. It might take a minute more to log in but it’s definitely worth it. If you have an old Optus email (Australia) then you should definitely remove it from everything - they had a huge data breach in 2022.
Passwords
Don’t use the same password twice.
Use a secure, randomly generated password.
Keep your passwords somewhere safe.
Consider using a password manager - here’s an article that compares the leading ones.
Two factor authentication
You should have this on all your social media accounts - head to security settings to set it up. You should also have it on your email accounts. And, if you’re a business, everyone who has access to your business pages should have two-factor authentication on all their accounts. Through Meta’s Business Suite you can go to business info in the main menu and, after you add in all your business details, at the bottom you’ll see a toggle switch to say that everyone who has access to the page must have two factor set up. Insist on this with your staff!
Don’t use Facebook or Instagram to log into anything else
I know it’s easy to use it to login to apps and shopping sites and all kinds of things but don’t do it. Regularly check what access all these apps have to your accounts and please consider instead just setting up an account using your email and a unique secure password. And when you’re done using that app, remember to go back in and close that account and delete all the information.
To check what you’ve used to login, go to your Facebook settings / security / apps and website and you’ll see a list of what you’ve used your Facebook credentials to log into. Remove access to everything you don’t use anymore and see if you can change your login to be email and password for those you do still use.
To check if any external apps have access to Instagram go to settings / security / data and history / apps and websites and this will, again, show a list of apps that you have authorised to use your Instagram credentials.
Don’t use your Facebook login to do ‘fun quizzes’
Seriously don’t. Finding out which Harry Potter character you are is usually just an attempt to mine your data.
Run regular spot checks in your Facebook and Instagram privacy and security settings
Some great features here include: receive alerts about unrecognised logins; see your activity log (check if ‘you’ are doing anything you don’t recognise); review apps, websites and games to revoke access; and check what you are logged into using Facebook. When was the last time you checked your security and privacy settings?
Did you know that both Facebook and Instagram have a section where they will list any emails they have sent you? Don’t EVER respond to an email from either Instagram or Facebook without checking there first. If you get an email saying your account has violated something just take a deep breath and go and check inside the app. If it’s a real violation you will find it in the app or on the desktop version and can respond directly.
If you aren’t using your social media profiles, lock them down even harder
One last thing for those of you who have Facebook or Instagram accounts but rarely use them – you are the most likely to get hacked and not know about it. Even if you rarely use Facebook, you should take steps to secure your account to protect yourself and your friends from these types of attacks.
Now while I’ve got your attention…
Here are some other security issues you should be aware of.
Phishing: when the hacker creates a portal identical to Facebook and then they send you an email asking you to login or asking you to provide proof of ID or risk losing your account. When you log into their fake account, they collect your password and use it to lock you out of your real Facebook account. Always double check any communication from Facebook, especially the email address it has come from.
Gaming? Make sure you don’t leave your Xbox or similar open to hackers. Same advice applies - strong passwords and two factor authentication.
Keylogging: Avoid using public computers for anything you need to log into as they may have a key logging program installed. This records everything you type into your computer. They can also be downloaded as a ‘virus’ so maintain your virus checking software and be on the lookout for anything suspicious. Make sure you log out of any public sessions and clear the history and cache.
Memorable passwords: Some of the information you have in the public domain can be used to guess your passwords using intelligent software. Avoid birthdays, kids names, pets names and anything that has relevance to you. Consider using a secure password manager such as Last Pass to create and store your passwords so they are always unique and random.
I don’t like being the scary lady here, but I am constantly amazed at how many people I meet who have the door ajar to their personal information. Make yourself a cuppa, put on some music and spend an hour locking yourself down. It will be time well spent.
Stay safe!
❤️ Hi I’m Erika ✌️ I’m a marketing specialist with a BA in Media and Comms, Masters of Marketing, Certificate in CX (Customer Experience) and over 25 years experience. I’m well placed to help you navigate the sometimes overwhelming world of marketing and social media. I work with you one on one or create fun and action-oriented workshops and webinars for groups, organisations and businesses. Book a free discovery call with me or simply email me to get the conversation started.
For more tips, connect with me on Facebook and Instagram or just get in touch, I'm always happy to help.
A version of this article was first published by me in ‘The Paper’ South Gippsland News.
