Blog Roll
Security Blog
Posted on September 13th, 2011 in Personal and Small Business Security

Facebook, Twitter, Google+, and Pinterest -all popular social networking sites and all popular havens for hackers. Whether clicking a link which launches several SPAM laden posts on your friend’s walls or having someone hijack your account for other reasons, there are several information security risks on social network sites. For this article, we will discuss the vulnerability of a bad password practice. This is the vulnerability of setting your password for your social networking and email address accounts to the same passwords. It takes seconds for Bad Guys to steal your email account once they have your social networking account.

How The Bad Guys Hijack your Facebook account?
The hijacking of Facebook or social networking accounts is a very common type of “phishing” attack used on the internet. “Phishing” is a term used to describe the act of tricking a person into giving up information to what they think is a legitimate location. An actual “phishing” web site will appear to be so legitimate it will actually take you to a legitimate looking login site and then move you to the real site once your username and password or “credentials” are captured.

An example of this is as follows:
Hacker creates a fake Facebook site residing at wwwfacebooknet. This site will look almost exactly like wwwfacebookcom. The hacker tricks people into believing this is a real site by putting real Facebook images on the fake site.
Have you ever received a “Facebook notification” email?
Have you ever looked closely to make sure the email is not legitimate and the link actually takes you to a “spoofed” site aka “phishing” site?
These kind of hacking or “phishing” attacks are a normal occurrence on the internet.

It’s important to note that “phishing” is not the only way Bad Guys will take over your account. By clicking on “untrusted” links, you could also be allowing a virus or Bad Guy the ability to hijack your account. Additonally, using weak passwords such as “123456”, “password”, and your “username” can also allow the Bad Guys to easily hijack your accounts.

How Do I Prevent the Bad Guys from Taking Over Both my Accounts?

More importantly a simple step will prevent you from having more then your Facebook site hijacked. By keeping your email address password different! I can not stress this enough. I have seen countless times where once a hacker gets a Facebook account they then make the jump to the registered email address used for that account. The sole reason this happens is because the person keeps their Facebook and emaill account password the same.

Some of you may ask why would they want my email account? Well, hackers look for a wealth of information. How many of you receive bank information, utility bill, conversations with friends/family,tax info…etc. all in your email account? There was one recent incident where a person was blackmailed because of pictures they had in their “hijacked” email account. Please also see the article

So what can you do?
Keep different passwords for different accounts. Follow good password management practices. Use phrases, special characters and numbers to create strong passwords that are not easily guessed.
For example,
WelcomeMiami
could be translated to a strong password of:
W3lc0m3M!@m!
This password could not be easily guessed.

There is a wealth of information on the Internet on password management and good practices. If it so happens that you have bad memory like me, use a free software like PasswordSafe, KeePass or 1Passwd for the MAC to manage your passwords.