If you have a Facebook account, you’ve likely seen a post such as this: “Don’t accept a friend request from me! I’ve been hacked!” You may have even posted this very thing. So, what does “hacked” mean? What do we do about it? Most importantly, how can you keep it from happening? It all has to do with your Facebook security settings. That’s what we’re talking about today.

No, you don’t need to change your password

Even though the most common suggestion is, “Change your password,” that doesn’t fix the problem with your account because there’s nothing wrong with your account. Nobody has logged into it. (In fact, if someone did somehow know your password and attempt to log in, you would get a notification from Facebook saying a request had been made from a new device.)

Let’s look at the motive of the “bad guy” and how this person seeks to accomplish it. The bottom line for this bad actor is to get money from your friends.

The person starts by creating a new Facebook account. For the “name,” he puts your name. He makes a copy of your profile picture and some of the pictures you posted. It’s easy. Right-click on the image and choose “Save image as.” In just a few minutes, the bad guy can have a pretty good-looking page.

Let’s get some friends

Next, the bad guy looks at your page to see who is on your Friends list. He clicks on one and then clicks “Add Friend.” He repeats that process with another one of your friends, and another, and another, until he thinks he has a good pool of unsuspecting people.

If you have ever gotten one of these requests, you know the drill. If you accept the request, the bad guy sends a Facebook message, something very generic such as, “Hi, how are you?”

If you reply, the generic pleasantries continue. Then, the bad actor starts talking about a worthy charity or great opportunity and asks you if you know about it. Of course you haven’t, because it doesn’t exist.

The aim of the conversation is to get the new “friend” to give money, a credit card number, or sensitive information to the bad guy. Don’t fall for the trap.

What to do when you get a request

When you get a request and know you are already friends with the “real” person, report the account. Instead of accepting the request, click on the name to go to the fake page. Click the three dots on the right and choose “Find support or report profile.” The process is easy from there and Facebook will likely take down the account within the same day.

How to keep it from happening to you?

You can do something to make yourself a less-attractive target. It all has to do with the security settings you choose on your Facebook account.

The bad guy is going to send requests to your friends, tricking them into being his “friend,” right? Well then, let’s not let him know who our friends are. Here’s how to do it:

  1. Click the downward-pointing arrow at the upper-right of your Facebook page.
  2. Select “Settings and Privacy.”
  3. On the next screen, select “Settings.”
  4. In the left column, select “Privacy.”
  5. Look for “Who can see your friends list?” Click “Edit.”
  6. Here’s the golden goodie. If it’s set to “Public,” change it. “Friends” is a much better choice.

You can use this link to simply skip to step #5.

If they can’t see your friends, you’re no longer an attractive target, and they’ll likely move on. Tighten up those Facebook security settings.

Before you go, how’s your Facebook cover photo? Are the heads cut off? For many people, the answer is “yes.” Come over and see how to solve Facebook decapitation easily.