Derbyshire Constabulary’s Cyber Protect Team have noticed an increase in the number of reports of Facebook account compromises within Derbyshire.
Cyber Protect State, “Offenders are compromising Facebook accounts and using the profile to send messages to their contacts requesting money to be sent to an account. The messages seem to be requests for help and will usually have a sense of urgency and flattery. If you receive a request from a “friend” on Facebook, or any other platform, please verify directly with that person another way before transferring any money to a bank account.”
The most likely cause of accounts being accessed or taken over is a data breach of another website which the user has linked to Facebook (Login with Facebook), or which uses the same password.
Cyber Protect Advice on Securing Account:
• Implement a strong, complex password containing 3 random words that aren’t connected to you (no pet’s names, date of birth, family names etc)
• Add 2FA (2 Factor Authentication) to your account to add an extra layer of security (see: https://www.ncsc.gov.uk/guidance/setting-two-factor-authentication-2fa)
• Ensure your software and apps are up to date (set to automatically update)
Nailed has also noticed an increase in cloned accounts, both locally and nationally. A cloned account is where someone creates a second version of your account, using your photograph and name, and then sends friend requests to people in your Friend List. The best ways to combat cloned accounts is to set your Friends List as invisible to visitors. Facebook’s default setting is to make your Friends List visible to everyone.
How to Lock Your Friends List:
- Go to Settings (in the drop down list in the arrow in the top right corner on PC, at bottom of list on the 3 bars on the top right on mobile)
- Click Privacy/Privacy Shortcuts
- Click Edit on “Who can see your Friends List?” on PC, on Mobile you need to click “See More Privacy Settings” before clicking on “Who can see your Friends List?”
- Choose Only Me for the best security. Choose Friends to facilliate networking.
If you recieve a friend request from someone already in your Friends List, always check with the existing account or with them outside of Facebook to see if it is really them.
If it is not a deliberate second account (second accounts are not allowed on Facebook) then you should report the second profile as impersonating a friend (Go to the profile, click “…” next to Message, Choose Feedback or Report this Profile, tag the real profile of the person when asked). Facebook will then contact your friend to confirm that the second account is a cloned account.
Visit the National Cyber Security Centre for more advice: https://www.ncsc.gov.uk/