Facebook/System information and account hacking?

[Sohaib]

Help required- my FB acount is not secured

Hi Mates,
i am facing a swear problem with Facebook. and is very depressed. Someone has put me in tension and i am feeling total unsafe in the world of Facebook.

before we go to issue, i would like to describe situation. please read patiently. i ll be thankful.

1-
i have one (say A) main/personal facebook account and two (say B & C) visiting Facebook accounts.
A has no link with B and C, neither in terms of Name, nether in terms of ID, neither in terms of behavior. But only one similarity that A & B,C have same phone number but that number is hidden and available to public and even friends.

2-
Email-ID and phone number are hidden in all three accounts

3
i access all three accounts from one system but different browsers. and that system is secured and no other person can access that. this is for sure.

4
i know about fake pages and fake links. so i have never gave any password on a page opened by a link. i always open FB by URL.

5
A has no link/similarity with B and C (except number which is hidden). even name is different. totally different. even different friends, different page, different groups.

6
B and are fake accounts. so no one from B and C knows the real identity of mine in those accounts.

Now we come to the point

someone kept an eye on my IP (I believe) and he/she messaged me on account A from his newly made fake account that

7
you are the person who owns fake B and C accounts. and i was astonished and depressed at his discovery. because only I know about B and C accounts. How can he knows that I own B and C accounts ???

8
He even knows about my email ids of all accounts and phone numbers associated to each account , …….. by the way, email-ids and phone are not public. And are available to me only

9
I am in mental torture by this action of un safety. I believe that my privacy has been destroyed. I don’t want that anyone able to knows about my activities about my fb accounts. Hacker is using these information for blackmailing against me.

10
Now I want help from you guys please regarding:
10-A: how is it possible that he knows such a complete and 100% details about my all accounts ? and how he knows that fake accounts are belong to A ??? is this IP tracking or system tracking or something else ?

10-B: what is the solution ? how can I prevent my system and accounts to avoid hacking attacks ??i want security. Fool proof security. I have listened that some tools are available ,, like IP lock etc which restrict hacker to hack accounts.

10-C: how can I know about the person who hacked my information ??? I want to trace him out. His talk shows that he knows me very well and his is very close to me. (please note, consider point#3. No person can access my laptop)

Can someone please help me in finding the answers of above THREE Questions ??? please help

Thanks for your kind help and interest.
Regards,

[Alex]

How You Are Helping Hackers
Here, we will see some obvious things you can do to make yourself immune to hacking.

1. Facebook Profiles
As the largest social network, Facebook profile is the first thing you need to secure. Go, check it out from the outside. Log out of your Facebook then look your account up, from an outsider’s point of view.

If your Facebook profile shows too much information, you will likely victimize yourself.

It is good to share your email address with the people you know. Otherwise, it is better not to share it at all.

Let’s do an experiment. Pretend you forgot your password, then go into Facebook. Facebook may ask you for your email address, your user name or your mobile number. You can provide that information, and it will send you an email with instructions to reset your password.

Previously, there was a method employed by Facebook to reset the password, and that method had your trusted friends involved for the purpose. It sounds foolproof unless you accept a lot of friend requests on Facebook. Picture this: You get a friend request from a few people that you don’t know. If you are the friendly type, you’d probably accept those four requests.

One thing you don’t know is that those accounts may be operated by one or more hackers. What they will do is simply raise a password reset request on your account, and select three of those four accounts as your "trusted friends". Facebook emails security codes to those trusted accounts, and boom, the hacker takes over your Facebook account. If you have problems with that, then you should take a look at this post of mine to figure out what to do.

Fortunately, Facebook no longer uses this particular method. It also doesn’t rely on security questions any more. Right now, in order to gather access to a Facebook account, the only way is by securing access to the original email address.
Hence, a hacker needs access to your email account to get into your Facebook account.

Which email service are you using? Depending on that, the security differs. If it is Gmail, I would extremely recommend that you start using the two-factor authentication.

Here are the steps:

1. Go to your Google Account settings (not Gmail settings) and go to the Security option.

2. You will see 2-Step verification option. Turn the status ON.

3. Add your phone number. Select to receive the codes by text messages or voice call.

4. Enter the code received to verify your account. Make sure you update the records if you change your phone number.

Another important thing on Gmail is notifications about suspicious login attempts. You can opt for email as well as phone notifications if any suspicious login is detected on your Gmail account.

Google has a security question that you need to set. Make sure it is set properly. While I was working with email security for AT&T, I have encountered elderly customers answering security questions very truthfully. Even though I took time in explaining to them what a security question is and why they needn’t submit the true answer all the time, most of them did not quite understand it.

Most people don’t realize the fact that a security question answer works exactly like a password, only less secure depending on how you through your information about. Talking about your pet Rover on Facebook a lot then setting it it as your Security question maybe risking it a little. Anybody can access your account, whether or not they know the password, just by making educated guess about your preferences, which would work if you are truthful with your security questions.

If you are using the customer service option to reset your password for your email, the customer service executive may ask you your security question. Within AT&T, we used to use security questions to verify customers, questions like "Who is your favorite hero?", and answers like "Batman".

Not only that, we were authorized to provide the first letter of the answer if the customer gets it wrong the first time. A hacker can easily fake it since the random operator cannot identify the voice of the caller, and is supposed to divulge a password if the caller gives the correct answer.

In other companies also, the customer service executives can easily give a hacker your password or other important information from your account (such as your birth date) based on a trivial verification process. The information obtained from this call, may be used to verify an account in another service, and the chain goes on. It is very important to know what services you are using and how you can successfully verify yourself with the customer care department of those services.

Today, we are using not a few but a huge number of online services to get things done. Social media and email may be somewhat unimportant to some of you but what about online banking? It goes without saying how important it is to secure your banking account. I know there are elderly people who have no idea what Phishing is or how to create a good password.

A painful truth is that the security experts working in the companies you trust with your information actually expect you to know a little more about security. A security expert barely stresses the importance of these things. They cannot explain how to make a good password to each and every customer while trying to come up with better and more powerful ways to keep your online accounts safe. It is hence the responsibility of each and every one of us to know more about security in today’s world and act intelligently.

Good luck!

-Alex

[Bob B]

It's hard to say exactly what has happened, but facebook has had some problems like this in the past- even if something is set to private, sometimes it still shows up. Also when facebook updates, sometimes it resets privacy settings as well.

It's probably unlikely that someone has used IP tracing, hacking, or anything like that (except possibly guessing the password)- while it's not impossible, it's very difficult and very few people know how to do it.

The other thing that is worth mentioning that even if nobody can access your laptop, it's not impossible that someone saw you use it at some point, which can be enough. If you think this person might know you in the real world, then they may have been able to figure out that way.

The only way to make sure that nobody can link your accounts is to make sure they have nothing in common at all. That means no shared phone numbers, emails, etc, private or otherwise, nothing at all. Even if the number is set to private, if it's the same number on each one, it's still a way they can be linked (also, I can't think of any reason why you'd want to put your phone number on facebook anyway. I don't put any of my contact details on facebook, and I have a separate email for facebook only).

What I'd do is close the B and C accounts, and indeed if you're not sure, close all your facebook accounts and set up a new one from scratch (use a different email when setting it up so there's no link with the old one).

Also remember that in general, there isn't much privacy on facebook. Only post or do anything on facebook if you're ok with the fact that other people will know about it.