How cybercriminals are hacking your Facebook and Instagram accounts…

How cybercriminals are hacking your Facebook and Instagram accounts…

February 14 2017 | Published by Jennifer Bullock | Blog

Hate to be the bearer of bad news but you’re not special. Everyone is hackable, you included.

In 2016 alone we saw one bank lose $81million in 2 hours. Russian spies allegedly hack their way into the US election. Millions of CCTV cameras hacked into, in order to bring down (pretty much) the entire internet. Some very nervous looking fetish hunters had their details hacked on Adult Friend Finder  and the past came back to haunt us as confirmation of big hacks (and our details being compromised) came to light!

So trust us when we say hacking into your Facebook, Instagram or Snapchat would be no issue, probably because your password is ‘password’… No? Ok, ‘qwerty’… No? Ok, I’ll stop now but you get the idea!

Because we’re a nice bunch, we’re going to run you through some ways in which to keep your social media locked down. We’ve included some useful tools and tips on password management, because whilst you may not be targeted by Russian hackers… (not pointing any fingers Putin)… I’m sure you can think of at least one or two people who would quite like to set their eyes on your DM’s.


Common as muck passwords

Passwords… If you want a social media account you need them (note plural, not just one!). Much like house keys- Imagine you’re a house owner and all of your prized belongings lay inside your home. Do you want the easiest shaped house key, which would take next to no time and very little effort to replicate? Or do you want the most complex available ensuring your safety? …. Yes, that’s what we thought…

Ok, so analogy continued. Imagine you are fortunate enough to own many houses. You have prized belongings in each property… But for convenience, you use only ONE house key to access ALL of the properties. Ease being the main priority here. One day you lose that one key and Mr Thief finds it. He now has access to ALL of your houses.

You wouldn’t have one key for every single lock you own so why on earth are 17% of you using ONE password (lord give us strength!), yes ONE password for all of your online accounts? Your banking… ‘QWERTY’, Your social media accounts… ‘QWERTY’, your email account…. ‘QWERTY’ … JACKPOT.

So first and foremost have different passwords for each account.

Worryingly, a list of the most commonly used 25 passwords in the world was realised last week, here are the top ten to really make you heart sink…

most commonly used 10 passwords in the world 2017


Here we could charge into a disappointed dad speech but instead, we’re just going to trust you read and understood the first half of this blog. Seriously though, if your password for anything is listed above… change it. Now.

Our friend, Paul Ducklin, who is a Senior Security Advisor at Sophos who writes daily for a great cybersecurity blog called naked security had these wise words to say about creating passwords:

"Go as long and complex as you can - with a bit of practice it's easy to create complex passwords that are unusual but easy for you to remember."
Paul Ducklin, Senior Security Advisor at Sophos


Other ways to hack your Facebook and Instagram accounts 

Why and how are hackers able to compromise my password? Well aside from the above, hackers have their ways and means.

One technique is; Malware, which by definition, is a software specifically designed to disrupt, damage or gain unauthorised access to a computer system. Hackers use malware to hack into your computer, capture every word that is typed on your keyboard… thus accessing your passwords.

The other classic is …

Dear Mr X,

Thanks for purchasing a life-size pink elephant ornament for your garden, £1,500 will be debited from your account and your item will then be on its way.

Sincerely,

Amazon

If you did not order this item, please click here.


You’re then asked for your Amazon login details in order to right this wrong of the life-size pink elephant ornament (which is about to clear your account as well as seriously upset your neighbours) and …. Boom. You’ve fallen into the net. You’ve been hoisted on board and are about to be suffocated, gutted and consumed hungry hackers.

…Well OK, not quite that dramatic, but once your details are filled in, you have been ‘phished’. And this my friends is a phishing scam.  

And finally brute force… Pretty self-explanatory, hackers will try hundreds of thousands of passwords until they guess the right one.

On the above note, here’s a handy little tool to check your password strength.

Also whilst you’re there, spare two minutes for this video outlining exactly how to conjure up an unhackable password - ‘How to pick a proper password’ – there’s a tongue twister for you!

Protection is all well and good, and if you are frantically trying to sort out the mess your passwords are currently in… Good!

However, what if it’s too late and somebody has already got all of your password(s)… Never fear, we are here with yet another handy little resource, called 'have I been pwned?', which will categorically tell you whether or not your accounts have been compromised.

Obviously, ‘Too late’ may have been a slightly melodramatic term to use; unless you’ve noticed a wad leaving your account, it’s not too late. But seriously if your passwords have been listed at any point in this blog i.e. ‘QWERTY’, go… now, and make the suggested changes before it is too late.



How can further I protect my Facebook, Instagram and Snapchat accounts? 

So what do the social platforms your using have in place to protect you?..

Facebook, nearly 2 billion of us have it, so what are they offering to keep us protected?

Facebook Security: 
- 2 Factor Authentication (2FA), means Facebook send you a one-time code each time you log into your account on a new device. This stops new devices logging into your account without you being notified first (usually via your mobile phone), they cannot get into your account without the code.
- You can control where you are logged in and see the devices logged into your account. Instantly recognising any anomalies should they occur.
-‘Login Alerts’ send you a notification if Facebook suspect there may be fraudulent logins into your account.
-‘Password security review’ – Facebook will go over and investigate password security with you.

Where and how to apply Facebook security and login approvals

Instagram Security: 
- Also offer a 2FA login security.
-Offer an alert ‘are you sure’ when authorising third party apps through Instagram.

Snapchat Security:
… You guessed it, they also offer 2FA! Here’s a nice step-by-step guide on how to enable it.

If your main argument is that you can’t possibly remember multiple passwords, then THANK THE LORD you are living in 2017, as my childhood was spent memorising multiple telephone numbers to be able to contact my friends… FROM THE LANDLINE. I jest, I jest.

Seriously, if you’re going to struggle to remember numerous passwords… get a password manager. They’re free.

One of the top, top security guys in World, Troy Hunt, who happened to and have a chat with us just before Christmas agrees wholeheartedly with using a password manager. When we emailed him for the single best bit of advice on the subject of password security he replied with;

“My number one piece of advice on password security is to get a good a password manager and start creating genuinely unique, strong passwords for every single site you use. That one thing, more than anything, will best protect people’s online identities.”
Troy Hunt, Pluralsight Author & Microsoft Regional Director


So what to take away from this?

Stop being an idiot, you’re hackable.

People want to hack for you. Maybe not highbrow spies, but your bitter ex, your boss, or even just somebody that doesn’t like you that much probably wouldn’t mind a snoop through your Facebook messages. (Not to mention the millions of cyber criminals trying to hack everything under the sun for financial game).

Take it from a cyber security specialist there are four simple ways to avert disaster!

  1. Use 12 or more characters, combining all character types
  2. Use a unique password for every account
  3. Use multi-factor authentication (or 2FA)
  4. Never share your passwords with anyone. ANYONE.


Want more password do’s and don’ts? This article by one of the hottest cybersecurity writers on planet earth, Brian Krebbs, who writes the Krebbs on security blog should cover pretty much any questions you have.

If you have a spare 10 minutes, you should consider listening to this entertaining security podcast. In this episode, they focus on password security and offer some more sound and practical advice.  

I want to sign off this article by giving a few pointers from an industry thought leader. We emailed Jennifer Arcuri, CEO & Founder of My Hacker House, and asked her for her advice on setting up passwords. She said:

“The best passwords are those who use long phrases ; my favourite advice for those trying to come up with a good pass phrase is to use lyrics from their favourite song or poem. I personally also like to use quote from my favourite  movies or plays.  But always interject numbers and symbols to help keep things harder for the attacker. This always helps keep things personal, yet maintains the integrity of password sophistication. “
Jennifer Arcuri, CEO & Founder of My Hacker House


There we have it, is it rocket science? No. Is it doable? Yes.

Passwords, no longer are passwords, they are passphrases, passcodes, passriddles, passcombinations. But for goodness sake do not have a passWORD.

Stay safe. Have fun.