How to Survive a Facebook Hack
Here we go again. Radware’s threat research group recently announced that over 40,000 Facebook users were tricked into downloading the Relieve Stress Paint app with a sneaky phishing email that stole their login credentials and browser cookies while pretending to paint in the app. … Worse, the attack was smart enough not to get flagged by a typical antivirus application.
So how can you keep your data safe in such cases? Let’s consider:
Don’t download crappy apps
Seriously. Since you’re a discerning reader of Lifehacker, you probably have a pretty good Spidey Sense when you see a website that looks like this that asks you to download an app, which sounds a little odd:
In fact, this is a screenshot of the website that these phishing emails were directed at to less experienced recipients. The site is also accessible via Google search if you somehow create a query weird enough to show up in your results.
In both cases, malware writers use Unicode to make the website URL appear in the email (or list) as something much more innocent: aol.net, or, in my case, picc.com. Hover your mouse over the link, or view the address bar when clicked, and you’ll see something completely different: xn—p1aca6f.com , for example.
I got distracted. Rule number one so you don’t get sucked in by malware is not to download stuff that looks or sounds completely fake. I understand that this advice may not apply to everyone – your parents who are not overly tech-savvy, your kids who love to click, or your pet who walks on your keyboard and mouse when you sleep.
For them, consider using a browser extension or application (for example, OpenDNS ) for entering into a whitelist of several sites that they are allowed to attend. You can even whitelist apps right in Windows and macOS , which can help your friends and loved ones not launch apps they shouldn’t, and ultimately relieve them of stress.
But if you are deceived anyway …
It happens. If you later find out that something you downloaded may have leaked your Facebook credentials to a bunch of hackers or spammers, you have several options. (And we’re assuming you’ve already removed malware / scanned your system with a powerful antivirus and malware removal app / destroyed your computer from orbit .)
First, change your Facebook password – this is the easiest way. Make a good, strong password (or passphrase) while you do this. This will not protect your data from disclosure on the Internet, but at least other users will no longer be able to log in with your name. This is the best and most important step you can take.
Second, enable two-factor authentication for your account. As Dan Goodin of Ars Technica notes, it may not have helped you with this latest malware attack, but it’s still an important security measure:
“It is always a good idea to protect accounts with multi-factor authentication, but it is not yet clear if this protection would prevent attackers in this campaign from gaining access to compromised accounts. Since the malware has stolen both passwords and cookies, they may have allowed attackers to bypass security. ”
Third, use the same page (Facebook security and login settings page ) to enable alerts for unrecognized logins. Then click on “Learn more” under “Where are you signed in”. If you do not recognize any systems on this list, or if you see a system entry from some foreign country that you did not visit, say yesterday, then you have been compromised. While you’re here, scroll down the expanded list and find the Log Out All Sessions link. Click this.
Fourth, this is a great time to let your friends and family know about View Latest Facebook Emails. If they receive an email from a social network that seems questionable, they can check if the email is from Facebook in this section. We doubt Facebook will ever ask anyone to install, say, a stress-relieving app, but there are definitely smarter spoofs of legitimate Facebook emails that can convince a more gullible user to “log in” to a fake Facebook site.
Finally, open the Facebook Payments screen located on the left sidebar of the settings page. Click Account Settings. If you’ve entered one of your credit or debit cards on Facebook for any kind of payment processing, such as in-app purchases, consider deleting it if you’re no longer using it. If someone gains access to your account, they will not be able to make any payments on your behalf or create fake advertisements to further spread malware.