The biggest social media network Facebook has big impacts on the lives of online consumers. These days Facebook account or profile is very common and also a bit important. It is currently our popular means of communicating, keeping updated with friends, families, and news. However, there are many types of people, creeps, enemies, and strangers outside. These negative people can hack your account and get information, blackmail you, defame you or just have fun. Regardless of the motive, the tension that an owner gets is massive. So we want to share story and security tips regarding Facebook account hacking and profile recovery.
We have heard many such cases but never worked on them. It is because most of them went to the police or didn’t care. Facebook can cause serious troubles sometimes. And according to Cybercrime investigation department of Nepal Police, crime related to Facebook profile is one of the biggest cyber crime in Nepal. Be careful because the illegal works which include defaming, blackmailing, extortion and information stealing, etc have high penalties. We have listed some major cybercrime and their penalties according to Nepal’s act and cyber law.
This recovery started when one of my relatives got their Facebook profile hacked. It was a big headache to prevent information stealth within time. I was having nightmares about the defame, blackmailing and every other thing. Going to Police is the last resort option. So I tried to try to focus on recovering the hacked Facebook account on my own. Let’s break down the analysis and investigation into parts so that we can learn it easily.
Possible Causes of Hacking
Website hacking includes SQL injection, brute force attack for login pages, etc. Similarly, some people can steal information including credentials over unprotected web transfers as well. These tech giants have (HTTP) instead of (HTTP) which is hypertext transfer protocol secure. They use SSL certificate which is insured of protecting the information exchange between server and client. They also have heavily armed protection so the Brute force isn’t easy. Companies like Google, Mozilla, Cisco are working on launching free SSL certificates named Let’s Encrypt in 2015. This has the power to change digital space and improve website security
Brute Force Attack: It is a type of attack where a computer is used to crack the system password. It is done by trying and matching every possible keyword like alphabets, numbers and special characters. This can take a very huge time regarding password length and the computer’s power. This is actually very hard for normal people.
Phishing: It is a very famous way to exploit someone’s credential. It is actually done using a fake page that resembles the look of the original website. When the user inserts their login information their password and username are captured. This is why everyone should be really careful while using someone else’s computer, mobile, and public computers at the Cyber Cafe. Public WiFi is also same way dangerous and it is very important to check the domain name and SSL status.
Keylogging and Social Engineering
Keylogging is the method of targeting a users login info using spy software. They are actually a virus and can see what you are doing. If you are careful you can prevent them. This malware spreads through software, web pages, downloads, cracks, etc. These techniques also include taking advantage of such venerable people by using phishing, scams, etc. Keyloggers record what you type using keyword. Therefore they can record the texts and login credentials. We advise everyone to use the on-screen keyboard while using online banking services.
In our view, Social Engineering is the most sophisticated way to get someone’s credential. It is basically psychological manipulation which is done to trick someone. These people get confidence, study people and get the credentials. For example, someone is a fan of a football club and a player. Then there is a high chance that the user will have a password related to those two objects. Hackers try the possible keywords around those objects and get their way in.
Prevention and Rapid Response
Once you know you have been hacked because and you can’t log in. You must notice that something is wrong. You will have to think of all the factors. Most of the hacking case we see is trust breaking. This includes phishing, keylogging, and people sniffing up the cookies and saved passwords. SQL injection, a brute-force attack is not that common because it needs special skills. It is very essential that you stop using the old device that you were using. This is because that device might be infected. Therefore we recommend resetting the phone, formatting your computer for the best. For recovering try to log in from a new device. This means a device that wasn’t used regularly before for using Facebook.
Once your Facebook account is hacked the first thing culprit does is changing the password, phone number and email associated. If the email is intact and it is not changed. Users can request a password reset for the account and gain access. However the main problem we see every time is people don’t have access to the email account as well.
If this is the case then go to the Facebook help section for hacked accounts. Then try to log in with old credentials. It will say that your password was changed a few days or weeks ago which is true because the criminal did it.
It is obvious hacker changed passwords and email. You didn’t make the change. Therefore click on the given link and then you are given two options. One of which is to reset the password and other is to lock the account.
Apparently, most people can’t reset the account because they don’t have access. So, click on “Lock my account”, this will totally lock down the account. No one can log in to the account and not even the hacker can open the account. It is because it is now pending verification. After locking you should try resetting the account. Select option that says you have no access to the old email address. After that create a new email address with a very strong password.
New Account and Identity Proof
Select the new email address for recovering the profile. After that, you will be provided with a form where you should prove your true identity. The first thing you need is your Name, Date of birth and Facebook profile or timeline URL for example (www.facebook.com/deltadigit). They will ask you to upload a Government issued ID like citizenship, drivers license, Passport, etc. If you don’t have government document you can upload two ID card which matches with the user’s name, DOB and matching picture. The details are available in their help section.
The name on the ID card, photos, DOB needs to match with the information on the profile. Therefore always be careful while putting the information on your profile. Always use your authentic name, date of birth and profile picture. It is because Facebook requires a user to have a genuine account and this also helps in the recovery process. As you are the owner of your profile and have all legitimate documents you can easily get back your account and the hacker can’t.
Prevention and Advice
Never ever click on suspicious links that someone has sent. They can be spam, phishing sites, and keylogging malware. Many of our colleges have been affected by these things from time to time. Always open links from the trusted and authentic site, Facebook pages for information. Use antivirus in computer and clean your history, browsing data and cookies regularly. Be very careful while opening your accounts from public places like Cyber cafe, public WiFi. These networks are vulnerable and maybe spy networks too.
Be very careful while installing and downloading new apps, read the reviews, find the number of users and check the credibility of the developer. Use different passwords for different services and keep them safe. Also, make them strong with using all types of alphanumeric characters as possible. Longer passwords with variations are always better. Always share things carefully with people. It is because we really can’t know what other people actually want. If things go out of hand and the hackers start defaming, blackmailing you than contact police.
Government agencies like Police have more power. They can highly help in the case of Facebook account hacking and profile recovery. They can track IP address, triangulate the cell phone and catch the culprit. The government agencies can also contact the offices in abroad and ask them for assistance in solving issues. So always be alert and use the Internet carefully. Have a happy and safe browsing experience.