Blog

How Facebook Accounts get Hacked and How You Can Prevent It

There are numerous ways for malicious parties to access your Facebook account, shattering the illusion of control and privacy...

Overview 

There are many ways for malicious parties to gain access to your Facebook account, shattering that illusion of control and privacy we all value so much. The majority of which involve the hacker conducting their operations over the internet, meaning you may never see or hear your adversary in person. But more commonly used on a day-to-day and mass scale is social engineering. This entails the use of social manipulation to achieve a goal such as gaining access to your Facebook account. This could be done in person, such as someone pretending to help you with your cell phone at a coffee shop, someone phoning you and pretending to be a technician luring you into trusting them with personal information, or through other attacks falling under the general blanket term ‘phishing’.

Phishing and Spear-Phishing 

Phishing is by far the most encountered form of hacking in day-to-day life for the average person. And chances are, you’ve encountered at least one phishing attempt before. Phishing attacks can be executed in a plethora of ways. From attacks en masse to focused attacks targeting specific victims, known as spear-phishing. The stereotypical phishing attack is the fake email. It normally follows along the lines of something like “Your Facebook has been signed into by an unknown party. Use this link to sign in and take action.”. At first glance, one might wonder who would fall for something like this but this example tends to compromise only the less weary members of online society. Attacks can in fact be extremely well disguised and designed leaving us all vulnerable. In the event an attacker is executing a spear-phishing attack, the content of the email, or other forms of attack, would be tailored to you as an induvial. Preying on your tendency to trust an email that appears to be from your medical aid or a family member. In this case, however, phishing attempts targeting Facebook accounts tend to be conducted on a massive scale and seldom target individual users.

Keyloggers

Another way accounts can be compromised is by using keyloggers. This is a form of malicious software that is installed on a victim’s computer and then records all of the keystrokes made by the user. Including usernames and passwords to various websites, you might visit and sign into. This is an extremely dangerous and easy-to-use form of attack but luckily can generally be prevented by using any decent anti-virus software.

On the Matter of Passwords

Creating Them

I’m sure everyone has heard of the necessity to use strong passwords by now, some sites even force a new user to create a strong password. You should be doing this everywhere. Avoiding simple and/or generic passwords drastically increases security as the password becomes immeasurably harder to crack. The easiest way to create a strong password is to include both lowercase and uppercase characters, numbers, and special characters such as underscores and currency symbols. By doing this you increase your password security exponentially.

Secondly, it is incredibly beneficial to use different passwords across your various accounts. Should an attacker gain the login information for one account they will often test that username and password for other accounts you own as many recycle usernames and passwords. By avoiding this, you avoid a critical point of weakness and form something akin to an airlock where in the event of one account being compromised you can be sure that others are likely to remain safe from being compromised via a connection.

Storing Them

Storing your passwords and usernames in your browser’s password manager is asking for trouble. Should an attacker gain access to your password manager they gain access to any account credentials you have stored in there. If you truly are unable to remember all your passwords then it’s best to use a third party, but a trusted one, that stores your credentials in an encrypted vault.

2-Factor Authentication

One of the best and easiest ways to increase your accounts’ security is using 2-Factor Authentication. In essence, this means that access to an account or website is only granted once 2 pieces of evidence are presented. The most common method of achieving this is by first entering a password and then entering an OTP (One Time Pin) that is sent to your cell phone or email address at the time of the login. What this means is that even if an attacker gains knowledge of your password and username they would still need access to your phone or email address at the precise moment they attempt to login in as you. And should they attempt to log in you will receive the OTP thus being notified that an unauthorized attempt to log in has been made allowing you to act before any damage has been done. It is a simple and easy-to-use service and is almost always bundled in with important services such as your Google Account, Microsoft services, Banking Sites, etc. It generally takes less than a minute to put into place yet drastically improves security, you should definitely be using this!

Hijacking Cookies

Connecting to public networks such as a coffee shop’s Wi-Fi is more dangerous than one might think. When sharing a network such as this with many other users you are at risk of your information being intercepted and stolen. This is can be done by another user stealing or “hijacking” your cookies in order to gain access to your web session remotely, essentially stealing your access to a website. You can think of it as pickpocketing a digital key card. The result is that the attacker can masquerade as you for the rest of your session and you won’t even know it unless they allow you to. The best way to avoid this is simply to not use poorly secured public networks or networks you don’t trust. In the event you do, make sure to use a service such as a VPN to encrypt your traffic and keep your cookies safe.

The Role of Email

An email account such as your personal Gmail is often considered a point of critical failure as email accounts such as this are generally connected to your social media accounts as verification and recovery tools. What this means, is that should a hacker gain access to your email via phishing, social engineering, or any other method they can use your email to reset your Facebook password to one of their choosing and subsequently lock you out while maintaining their own access. They will probably also try to lock you out of your email account and by snooping through your emails they can see what other accounts are connected to the address and gain access to those too. Therefore, it is incredibly important to exercise extreme vigilance when guarding one’s email account. Incorporate all the information discussed here to create a strong unique password that isn’t stored locally, and remember to always use two-factor authentication if you can!

Conclusion

The CSI team hopes you find this information useful in your endeavors to remain secure in this age of online anarchy. Remember to exercise vigilance when dealing with the internet and all things related to it. In cybersecurity, for every problem, a solution can be found. You just need to look for it. However, perhaps you have found this blog slightly late and your account is already compromised. Stay tuned for our next post for a step-by-step guide on what to do in the event your Facebook account is hacked!

Contact the Cyber Security Institute 

Email: csi@cybersecurityinstitute.co.za

Contact number: 0873520466

CSI logo

Certificate in Cyber Security

Course Details

This practical, hands-on course focuses on establishing a foundation in Cyber Security by introducing candidates to cyber-crime, attack methods, and managing cyber risks.

Mode of Offering: The course is presented via facilitated    e-learning, utilising an e-learning platform and virtual classes.

Intended Audience:

This course is designed for individuals embarking on a career in Cyber Security or performing security functions.

Requirements

Applicants should have a Matric certificate or equivalent qualification with suitable IT knowledge, Internet access, and a PC or laptop on which applications can be installed and services accessed.

Costs:

R10,500 all inclusive

Duration:

6-months

Intake:

We have two main intakes, one at the end of February and another at the end of June. Additional intakes may be scheduled depending on application volumes and requirements.

Course Overview:
Cyber-crime‎ ‎ ‎ ‎ ‎ ‎ ‎ ‎ ‎ ‎ ‎ ‎ ‎ ‎ ‎ ‎ ‎ ‎ ‎ ‎ ‎ ‎ ‎ ‎ ‎ ‎
  • Introduction to cyber-crime
  • Cyber-attack methods (e.g., ransomware, sextortion, email fraud)
  • Cyber criminology (actors behind the attacks, criminal networks, state-sponsored entities, etc.)
  • Tracing the online trail
  • Dark web (criminal forums)
  • Case studies of attacks in SA & Global.
  • Crime-as-a-Service
  • Internet of (Criminal) Things.
Practical Cryptography
  • Introduction to cryptography.
  • Encryption and Decryption.
  • Hash functions
  • Blockchain
  • Virtual Currencies
  • Digital signatures
  • Digital certificates
  • Cryptographic Protocols (SSL, SSH, etc.)
Course Overview:
Cyber Governance, Risk & Compliance
  • Overview of cyber governance, risk, and compliance
  • POPIA & GDPR
  • Data Privacy
  • Policies in action
  • NIST, ISO27001
  • Controls
  • Planning for contingencies
  • Developing the security program
  • Risk analysis and management
Cyber Intelligence‎ ‎ ‎ ‎ ‎ ‎ ‎ ‎ ‎ ‎ ‎ ‎ ‎ ‎ ‎ ‎ ‎ ‎ ‎ ‎ ‎ ‎ ‎ ‎ ‎ ‎
  • Introduction to Cyber Intelligence
  • Attack Tools
  • Attack process
  • Reconnaissance and Footprinting
  • OSINT services and tools
  • Threat and vulnerability feeds and assessments

Cyber Investigations

Course Details

This course is suitable for investigators and investigation teams within the corporate environment and public sectors who are required to track online trails or utilise tools to solve online crimes. It is also intended for professionals and investigative journalists involved in investigations such as fraud, espionage, data theft, and cyber vetting.

Mode of Offering: The course is presented via facilitated    e-learning, utilising an e-learning platform and virtual classes.

Intended Audience:

This course is designed for investigation officers, cyber-crime investigators, investigative journalists, etc.

Requirements

Applicants should have a Matric certificate or equivalent qualification. Although a formal IT qualification or certification is not required, some knowledge of computer systems would be beneficial. Internet access and a PC or laptop on which applications can be installed and services accessed are required.

Costs:

R10,500 all inclusive

Duration:

6-months

Intake:

Applications are accepted throughout the year, with course starting dates in February, May, and August.

Course Overview:
  • Reconnaissance
  • Online services and tools
  • Metadata Encryption & Decryption
  • Digital signatures
  • Online investigations
  • Crime Scene Management
  • Documenting evidence
  • Investigation Process
  • Chain of Evidence
  • Protocols and emails
  • URLs & DNS information
  • Timelines
  • Decryption and deciphering
  • Virtual Currencies
  • Cyber criminology
  • Introduction to the attack process
  • Introduction to attack vectors
  • Social networks (i.e., attacks via Facebook, Twitter, etc.)
  • Dark and hidden web
  • Threat actors
  • Data Collection
  • Social Media
  • OSINT
  • HUMINT
  • SOCMINT

Cyber Intelligence

Course Details

The main objective is to equip delegates with the necessary competencies and practical skills to assist in compiling an intelligence-driven cyber security strategy to provide proactive solutions to a plethora of cyber threats.

Mode of Offering: The course is presented via facilitated        e-learning, utilising an e-learning platform and virtual classes.

Intended Audience:

This course is designed for persons responsible for the security function, CISOs, as well as Data Protection Officers.

Requirements

Applicants should have a Matric certificate or equivalent qualification. Although a formal IT qualification or certification is not required, some knowledge of computer systems would be beneficial. Internet access and a PC or laptop on which applications can be installed and services accessed are required.

Costs:

R10,500 all inclusive

Duration:

6-months

Intake:

Applications are accepted throughout the year, with course starting dates in February, May, and August.

Course Overview:
  • Cyber Security Environment
  • Cyber Landscape
  • Cyber Threats and Exploits
  • Cyber Actors and Criminology Aspects
  • Obtaining Data
  • Sources of Data
  • Collection Operations
  • Applications, Tools, and Services
  • Analysis of Cybercriminals’ Modus Operandi
  • Analysis Techniques (Data to Information)
  • Indicators of Compromise
  • Cyber Intelligence
  • Intelligence Platforms, Applications, and Services
  • Data – Information – Intelligence
  • Intelligence Strategy
  • Incident Management
  • Cyber Warfare
  • Political and Commercial
  • Developing an Intelligence-Driven Strategy
  • Strategic and Tactical Intelligence Function
  • Risk Management

Cyber Governance

Course Details

Establishing a security strategy and defining a suitable implementation plan focused on managing cyber risks in a volatile and dynamic environment requires a solid understanding of the threat space and frameworks. This course unpacks cyber governance and approaches to manage risk and adhere to compliance regulations.

Mode of Offering: The course is presented via facilitated    e-learning, utilising an e-learning platform and virtual classes.

Intended Audience:

This course is designed for Managers and C-Suites responsible for security, Board members, as well as prospective leaders in the Cyber Security space.

Requirements

Applicants should have a Matric certificate or equivalent qualification. Although a formal IT qualification or certification is not required, some knowledge of computer systems would be beneficial. Internet access and a PC or laptop on which applications can be installed and services accessed are required.

Costs:

R10,500 all inclusive

Duration:

6-months

Intake:

Applications are accepted throughout the year, with course starting dates in February, May, and August.

Course Overview:
  • Security Management Program
  • Cyber-crime
  • Threat Environment
  • Cyber Criminology
  • Regulations – GDPR, POPI, Electronic Act, PCI-DSS
  • Skills Frameworks
  • Cyber Awareness Programs
  • Risk management
  • Controls – Choice, Implementation, and Management
  • Security Frameworks and Models
  • Policies and Procedures
  • Data Protection
  • The road to ISO 27001 Compliance and Certification

IT and Cyber Security Program

Course Details

Our courses combine essentials from both industry and academia to provide valid, unique, practical content that is innovatively presented via facilitated e-learning.

The IT and Cyber Security Program is a practical course consisting of coursework, virtual classes, and practical cyber range exercises.

Mode of Offering: Learning will be conducted through a facilitated online format, utilising an e-learning platform to provide an interactive and engaging educational experience. Additionally, hands-on practical sessions and virtual labs will be conducted every Friday from 9:00 AM to 12:00 PM, offering participants the opportunity to apply theoretical knowledge in a real-world context. This blend of online facilitated learning and scheduled virtual sessions aims to create a comprehensive and dynamic learning environment, ensuring a well-rounded educational experience for participants.

Intended Audience:

This course is designed for school leavers, those on a gap year, graduates looking to add industry credentials, and individuals looking to make a career change.

Requirements

Applicants should have a Matric certificate or equivalent qualification. Internet access and a PC or laptop on which applications can be installed and services accessed are required.

Costs:

R 31,350 all inclusive

Duration:

10-months

Intake:

24 February 2024

Course Overview:
IT Foundation for Cyber Security
  • IT Hardware Fundamentals
  • Network Fundamentals
  • Introduction to Operating Systems (Windows and Linux) 
  • Introduction to Cloud Computing (Office 365 and MS Azure) 
  • Protocols 
  • Technical Research and Writing
  • Algorithms and Problem Solving
  • File and Database Systems
  • Scripting
  • New Technologies: AI and Quantum Computing
  • Soft Skills
Certificate in Cyber Security
  • Cyber Security Fundamentals 
  • The Cybercrime Eco-System
  • Actors in Cyber Space – State and Non-State Actors
  • Cyber Incidents: Attacks, Breaches, and Espionage
  • Understanding Tactics, Techniques, and Procedures (TTPs) using the Mitre Attack Framework
  • Cryptography (Symmetric/Asymmetric/Hashes)
  • Secure Protocols
  • Reconnaissance and OSINT (Open-Source Intelligence)
  • Cyber Security Frameworks and Standards: Introduction to the NIST CS Framework and ISO 27000 Series
  • Cyber Risk Management, Cyber Governance, and the Implementation of Security Controls
Facilitated online course with virtual classes, and practical training and skills development on the cyber range platform.