The bigger a platform is, the larger a target it becomes for attack. Just like Macs have less of a malware problem because they’re not as popular as Windows, Facebook is a malicious person’s dream when it comes to hitting as many people as possible.
While Facebook is a great place to connect with friends and share all sorts of content, it’s also full of threats. Let’s take a look at some practical ways to reduce the chance of being hammered with malware on Facebook.
Beware Rogue Applications
Facebook’s ubiquity means that all sorts of sites and applications allow you to log in using your FB credentials. While this is convenient, you shouldn’t trust every app that comes around, because many of them are rogue.
Make sure to review the permissions that an app asks for when you authorize it. If you don’t trust it, don’t let it use your account. Even worse, if you click a link that immediately leads you to authorize an app, it’s probably malicious. The generic app icon is a red flag, as well. Try Googling the name of unknown applications and see if anyone has reported on it.
Watch What You Click
This is basic advice that applies all over the internet, but it’s still worth a reminder here. Don’t ever click on something that you are unsure about or that doesn’t seem safe. It could be a Facebook ad or a message sent to you by a friend, but if looks shady, ignore it. Use a link unshortening service if you’re not sure whether a shortened URL is clean.
Typically, bad links don’t lead to Facebook malware, but rather lead you to another site that’s infected. At best these links will lead to a spam site that’s full of ads, and at worst they could infect you with ransomware.
Don’t Accept Weird Friend Requests
A friend request from someone you know with 20 mutual friends is obviously safe. Sometimes, however, random people send you friend requests out of nowhere. You can typically tell that these are spam accounts as they use a fake profile photo, have no friends, and are from outside your country. It’s common to see half-naked women as profile photos, as well.
Accepting these spammy requests opens you up to problems, as the junk account can then post on your wall with shady links or message you with questionable content. Make sure your friends list is limited to real people whom you actually know.
Know What’s Too Good to be True
Often, Facebook malware arrives through sensationalist headlines or giveaways that attract clicks. Pages like “Warren Buffett’s Million Dollar Giveaway” are completely fake and won’t allow you to actually win any money.
Similarly, random pictures of near-nude models, messages that claim someone took illicit photos of you, and iPad giveaways are all just trying to get people to click on junk links that probably lead to malware.
Secure Your Account
Keeping your own Facebook account secure is a good way to make sure that your friends don’t get infected. Often, an attacker will break into a person’s account and message their friends acting as if they’re that person. Whether they pretend to need money or send illicit links, the friends could get into some trouble from this.
Head to your Facebook security page to make sure everything looks solid:
You should have Login Alerts turned on so you know if someone logs into your account from an unknown machine.
Use the Login Approvals setting to add two-factor authentication to your account. This requires a code from your phone or an authentication app in addition to your password to log in, and adds a huge amount of security to your account.
Have a look through your Recognized Devices and Where You’re Logged in make sure that you don’t see any that seem out of place.
Regularly Prune Your Authorized Apps
Similar to the above, you should make sure that you trust all the apps that currently access your Facebook account. Visit your Applications page to see everything you’ve authorized.
Click the pencil next to an app to review its current settings. You can see whether the app can post to the public, friends, or only you. This also lets you check which permissions an app holds; some apps require a set of permissions but you can disable some of these in other cases. To revoke an app’s access completely instead, just click the X icon next to it.
If You Get Infected
If you think you’ve fallen victim to Facebook malware, after running through the above steps to remove the rogue app, you should immediately change your password from the General tab of settings. Make sure you run a security scan and don’t have a hijacked web browser.
It’s also a good idea to post a status about your mistake on Facebook so other know that your account might have been compromised. Make sure you keep an eye out for signs of infection from your friends, too. Just like it’s difficult to know if you’re sending out spam emails, your friends will appreciate you letting them know that their Facebook account was compromised.
Staying Safe on Facebook
With a bit of common sense, you shouldn’t run into any trouble with Facebook malware. Don’t click on any links without thinking, don’t accept friend requests from random accounts, and only authorize apps that you trust. Using these tips, you can browse Facebook with peace of mind and keep the attackers at bay!