How to Prevent Your Facebook/Instagram Account from Getting Hacked

Turn on 2-Factor Authentication with the Google Authenticator App

1. This is very very important.

2. HOW?

   1. Open up your personal Meta (Facebook) account

   2. Go to Settings & Privacy (on the right-hand side)

   3. Go to the Account Center (click on “See more in Account Center” on the left side)

   4. Click on “Passwords and security” on the left side under Account Settings

   5. Go to “Two Factor Authentication

REMOVE the phone number as an option for Two Factor Authentication

Get a YubiKey

1. It has been famously said that the best online protection is offline. Read an article on this here

Make sure you have access to the email address that is connected to Facebook

1. Go to Settings & privacy → Settings → Meta Account Center → Personal details → Contact Info. If you only see an old email address here, click Add new contact → Add email. Enter the new email address you want to use and select which Meta accounts you want to use it for. Next, you can go back and delete the old email address or keep them both.

BE AWARE of Fake Meta emails and texts

1. This is how it works: It’s called Phishing. Phishing is one of the most common types of Internet crimes. It involves emails that appear to come from legitimate companies, organizations or government agencies and aim to get recipients to share personal or account information

2. Here are the signs

   1. Wrong email sender address: The sender might appear to be Facebook. However, if you open the email, you should be able to see the email address of the sender. According to Facebook, emails about users’ accounts come from fb.com, facebook.com or facebookmail.com. So if you get an email from an address such as facebook@gmail.com, it’s a scam. Typos, poor spelling and grammatical mistakes in the body of an email are a common sign that the email you have received is a scam. Suspicious links: If you hover your mouse cursor over the link without clicking on it, you should be able to see the web address. In a scam email, the link will direct you to a fraudulent website, not Facebook’s site. A sense of urgency: Scam emails and messages typically warn of a problem or issue that must be addressed immediately. Facebook cautions not to trust messages that demand money, offer gifts or threaten to delete or ban your account.

   2. Don’t click on any links or attachments in emails or text messages that appear to come from Facebook. If the message claims that there is a problem with your account, log directly into your Facebook account rather than clicking on any links in emails or text messages. Those links could take you to a fake site that will steal your personal information.

3. How to know if you actually got an email from Facebook?

   1. The legitimate email from Facebook is the domain https://facebookmail.com/ but even this could be fake. 

   2. The way you can really check is

      1. Go to Settings. On your own Facebook profile page, click your face at top right, then choose Settings & Privacy > Settings to open the main Settings page.

      2. Find Facebook's List. Near the top left you should find Security and Login. Click that and scroll down to the Advanced section. Click the item titled “See recent emails from Facebook.”

      3. Match Your Message. If you see a match for the questionable message’s subject line, you can be pretty sure it’s legitimate. Be sure to look both in the list of Security-related messages and in the list titled Other. Note that Instagram has a very similar feature—not surprising, as both Facebook and Instagram are owned by Meta Platforms.

4. Things to keep in mind

   1. Don’t click on ANY links via emails and texts from Facebook unless you directly initiated it. If you didn’t, never ever click it.

   2. You will rarely get a text from Facebook unless it’s to get a 6-digit security code. Other than that, I would view every other text as a scam.

   3. You may have seen messages directly on the Facebook app or messenger app claiming to be from Facebook and that “You’re Facebook account will be deactivated unless you take immediate action!” or something like that. You will NEVER get a message from Facebook through this medium unless you open a support ticket so I regard ALL these messages as spams.

   4. If you have a business account with Facebook and you have employees that have admin access, make sure they are up-to-date with these protocols because if they get hacked, your business accounts can be hacked as a result of that as well.