Now many victims began to fall due to efforts to hijack facebook accounts that
use social engineering techniques. Especially utilizing the weaknesses ofaccount procedures
free e-maillike Yahoo! The mail.
Someone or a cracker can pretend to be you and try to get unauthorized access
and hijack your email account. You do this by following theloss procedure
Usually free e-mail services will ask for a few key words for confirmation
such as a combination of “where is your honeymoon?” Or “what is the name ofpet
your first” or “what is your favorite uncle or aunt’s name?”. The answer
or keyword from a confirmation question like this you used to fill in when you first
registered the email account.
Now through Facebook, someone or a cracker can easily trick you. He
would pretend to apply as your friend. Then find out your email address.
When he learns that you are using a free e-mail address, he starts
inviting you to communicate. In a certain way he will dig up some information
that you should keep secret.
Once you provide the information needed to access theloss procedure
passwordin the free e-mail account service, the cracker will control your e-mail account.
Then he will do the same procedure to your Facebook account, which is Purapura
forgot the password and tried to hijack it.
Facebook will usually send a “temporary password” e-mail to your primary e-mail address
which unfortunately has been controlled by the cracker. So he easily mastered youraccount
Facebooktoo. Once he changes your Facebook account password, then
you will be refused access to your own Facebook account.
A cracker who hijacks your facebook account will usually use it for
some evil purposes. The first is to impersonate or falsify your
identity with a view to defaming, vilifying and degrading your dignity
as the real account owner. For example, he attacked and perform an
action that is not like your friends so that in the real world, everyone becomes
hostile to you without you knowing it.
The second is to fool your friends. There have been many reports abroad
and also in Indonesia, that a number of people were asked for help by old friends on Facebook to send some money for several reasons, the classic is to
admit to robbery or robbery or on weekends can not take money for
treatment etc. Or inviting to trade something, but actually the facebook account has been
* Prevention Tips *
1. Do not easily accept friend requests from people who you do not
know, especially those who do not have mutual friends.
2. You always have the opportunity to confirm a friend who is
in a mutual friend of someone who is trying to ask for
friendship. Because that’s one of the uses Facebook displays
mutual friend information, so you can verify it first. If
your friend references and confirms the validity of the prospective friend then the
“proposal” can be considered for acceptance.
3. Another way to confirm a friend request is to send a message
to the person concerned. With this communication you
can ask who he really is (often the account name displayed is a
nickname or alias name that does not help you to
remember who the prospective friend is) and make other necessary confirmations.
For example, communicating off line (telephone) or meeting on line web cam or
even off line is another way to confirm the validity of prospective friends.
4. Do not rush and be careful in conveying a number of personal information that at
first glance does not seem important but in fact
is the key to breaking into your email account. Questions that seem to
show enthusiasm for the same thing (pets, favorite tourist attractions
, stories about families, installing a photo album of certain events etc.) can accidentally
expose personal information that you should keep secret.
5. You may unknowingly expose confidential information that should have it in
your profile. Or in the words caption in your photo album.
For example writing the name of your beloved animal just below the picture and there are even people
who specifically made a facebook account for their pets, complete
with all their profiles. Or put a photo and mention the location of the honeymoon and or
tag family photos (including your favorite uncle) etc.
Various accidental things like that.
6. Be careful and think over and over the possible benefits and disadvantages if you
have to display personal information oninfo page
your facebook account. You have the choice not to write that information, for example
a pet, actually if anyone wants to know, you
can ask it personally through the message facility directly to you. You
can also choose settings to limit other people’s access to
certain information on your Facebook account. For example you can hideaddresses
email. Take advantage of this Facebook account security settings feature
as much as possible and think about it.
7. As much as possible and if possible avoid using free email
services for your Facebook account. Use a local email account, for example, provided
by your office (if allowed to be private), rent an email account to an ISP (actually
cheap or even free if you become an ISP customer) or youyour
createown private domain and ask for hosting services to make it , if you don’t have your own technical skills. In essence, a local ore-mail account
ownis safer than this technique of social engineering attacks mainly because the procedure for
confirming lost passwords or if a compromise occurs is usually done
manually with off line identification techniques not by automated systems but using
security algorithms that are too simple such as services free email.
8. Always add a secondary email address on your Facebook account and also on theaccount
free emailthat you use if you really have no choice but to
use the service. Hide or don’t ever show
anyone for any reason your secondary email address. And periodically change
all of your passwords according to security recommendations such as using a combination of letters,
numbers and special characters and a password length of at least 6 or 8 characters that are difficultguess
for others toand if it is difficult to memorize, do not keep the notes in an easily
known place. Or use the password management application facility to help you. There are
9. Although it’s not uncommon, but for security’s sake, backup your friend list data.
Important information such as the name of the account profile, Facebook page url, e-mail address and
telephone (if any). So if something happens you can immediately give a
warning, for example via email and will be useful if you openaccount
a new Facebookand are forced to enter one more by your friend list
. Backup is a bit troublesome but it’s important.
10. If you are already a victim of piracy on your Facebook account, you can
do 4 things.
1. First, warn everyone that your account has been hijacked. This effort you can
do through various channels such as email, telephone, mailing lists, chat, blogs etc. In order to
prevent other people, your friends, your family’s in the friend list becomes a victimfraud,for
2. Second, it’s worth as soon as possible (you race with the hijacker before he changes youraddress
primary and secondary email) trying to get your account back through the
procedure of forgetting or losing the password. If successful, immediately change your e-mail address and
password, and don’t hide it by changingaccount security settings
your. Do not rush to log out to prevent the hijacker from trying to take over too.
And don’t log out until you have successfully changed your primary and secondary email addresses
and filled in new passwords while applying moresecurity settings
closed(protecting / hiding your email address).
3. Third, report to the Facebook security team that your account has been hacked, the
http://www.facebook.com/help/?page=1023 or if the link has changed you
can look for it on the HELP page. You will be asked to fill in the form and thenwill
therebe a correspondence with the Facebook security team who will try to confirm the
truth of your report and if all goes well, maybe your account can be
returned. But make sure that before reporting, you already haveaddress
a new and safe email.
4. Fourth, if all attempts to restore your account fail, then immediately
open a new Facebook account, secure the information so that no more hijacked people and add
all your friends (hopefully you do a back up). Then together invite
them all to report your old hijacked account. As an account that
does abuse, fraud, compromise and impersonating so that it will later be closed or
blocked by Facebook.
Finally, do not use the same email address, username and password for all
online services that you follow. Always update your knowledge about the security issues of
social networking services and be vigilant when active in cyberspace.