Part One: Why Your Passwords Are Hackable

This post is Part One of Three. Part One will discuss passwords and password formulas and basic hacking. Part Two will talk about the most used (not the most common) pet names. Part Three will show you how to make a good password that you don't have to remember.

As much as you have read that you shouldn't use your passwords more than once, it's human nature. Everyone does it.    

By the time you are done reading all three parts, if you don't want to change the passwords that you use on your websites, then we can only assume that:

• you feel 100% safe because you have chosen the perfect passwords OR
• you already use your passwords only once, OR
• you are lazy, OR 
• the job is too big because of how many passwords you have to change, OR
• you don't care about your online security

Hackers are able to hack so many accounts
 because users choose weak guessable passwords

When users think that their chosen password is the absolute best password ever that no one will ever guess, this makes them feel so secure so that they are more likely to use it on more than one website.  

The longer they go without an intrusion or a hacking scare, the more likely they are to not change them for long periods of time because they assume if nothing bad happened all this time, then there is no reason to change their passwords.  

  
The Top Reasons Why People Re-Use Passwords

People re-use passwords for a variety of reasons, the most common one is that it's easy to remember.  The average online user:

• changes their password every three to five years 
• will not make up a new password and instead will re-use one that they have used in the past
• often keeps a list of five or more passwords they have used for years and they recycle them whenever they change their password  
• likes to pick a new password from something old, something that is familiar

Humor us and take a look at these lists of passwords and password formulas. 

If your password (or a variation of it) is on any of the lists, and if you have used it on more than one website, then you seriously need to consider changing it or, at the very least, enhancing it to make it stronger.  


These lists are commonly used passwords as defined by experts which are the most hackable.  We admins have seen these passwords used by hacked accounts that we have helped to recover.


In no particular order, both with or without capitalization and with or without a mixture of numbers, letters or symbols:

Examples of Bad Passwords

• the word "password" in any format
• username or myusernameis
• 00001234
• yournamehere
• password123456
• qwerty 
• letmeinnow
• asdf_jkl; 
• numbers in sequences:  987654321 or 123456789
• abc123
• dragon
• admin1234
• starwars
• helloitsme
• mypasswordis
• JFK11221963
• 11111111
• charlie tuna
• youvegotmail
• barack obama
• the word "welcome"
• donald trump
• mactheknife
• facebook1234
• hilary clinton
•  q1w2e3r4t5y6 
• abcdefg or abcd1234
• the words "iloveyou"
• the words "your name here"
• 
  

Examples of Bad Password Formulas  

• city of birth (belonging to you or a family member) and a birth year
• a pet's name, no matter if it is your pet or not
• your first, middle, maiden or divorced name or an immediate family member
• your child's name - first, middle or last
• a favorite sports team's name or mascot's name
• dates that are important to you with or without a year - an anniversary, a birthdate of you, a child, a spouse, pet's birthdate, a relative's death date, a graduation date
• a favorite holiday of the year
• a favorite vacation spot
• your honeymoon destination
• your present city
• a present or former street address of yours or a close family member 

Geez, I guess you're thinking that there's nothing left.    

There is, but you have to put on your thinking cap.  

Before we go further, we want to point out the obvious and that is how a hacker gets any of the above information in the first place. 

As much as we don't like to blame the distraught Facebook user who has been hacked, it's usually his own fault that he has been hacked because of his privacy settings, or lack thereof. Leaving personal information exposed - like a present city of residence, locations of past schools jobs -  these give the hacker enough information to steal the user's whole identity.  

Remember: Facebook doesn't "need" to know where you went to school, where you work, and the names of relatives, which by the way, they connect to you with 'live' links to their Facebook accounts.  Facebook will ask, but they don't need it.    

So take a look at your Facebook settings, and hide or remove any information in the bio, introduction, "about" section, timeline posts, and comments that provide personal information so that a hacker can pick you out among a list of people with your same name.  

How People Find You

When anyone wants to know information about you, the first thing they usually do is check to see what you have exposed on social media. They will check for accounts on Facebook, Instagram, Tumblr, and other social media accounts.  Then they will type your name in Google's search box with your zip code or city.

You would be amazed at the wealth of information in the search returns.  Sometimes there's stuff you thought no one knew because you kept it private.  

The results also give them links to your social media accounts and any websites or blogs you might own, have contributed to, wrote as a guest blogger, or left comments.

There is one site, Radaris dot com that provides far too much information, including your current phone number and email address. Their terms of service states that the info can only be removed from their site by you after you prove your identity to them.  

A word to the wise.  You might be motivated to follow their process to prove your identity because your eye is on the prize of having your information removed from their website.  But you have to keep in mind that these websites also sell information which means you don't know how many times your info has been sold or how many sites already have it.  

Don't get conned by believing they will remove your information from their site because sometimes the hoops you have to jump through to get them to do that are not worth it.  I looked into it to see what they would require as proof and I chose not to follow through because proving my identity meant uploading my photo driver's license. That is the one piece of information you should be guarding with your life because it irrevocably links your information to the picture on Google and other search engines as well as facial recognition programs.

Since the photo driver's license was one piece of information I pretty much knew they did not have, I wondered what they would be comparing it to in order to verify my identity.  

So guard it with your life and don't give it to any website so they can further link you to their search results or sell it as a "premium" with other information.

Besides, if they do remove your information from their site, there's no guarantee they won't put it back on their site again, so tread lightly.

Within the search results, there are always advertisements but they are usually advertisements with an ulterior motive.  While most users skip over the ads, sometimes there's a fact in one of the ads that might catch your eye enough to raise your curiosity.  That's because the ads are geared to show certain key facts about you that are absolutely true, to persuade a user to click on it to investigate. Nine times out of ten, it is a con, but most people are curious and will click on the  ad.

Once you do, the webmaster or website moderator can see who you are, where you are located and all the information that is attached to the account you are using.

If you are new to their website, a login box will popup to ask you to create an account. It goes directly into their database and is compared against any info about you that they already have and if they see anything different, they will use it to update their records.

This is another reason why we always teach that you should Google yourself once or twice every month to see what Google is telling searchers about you.  If there are any surprises, you might be able to take action.


After the ads, the rest of the results will include tracking sites like ancestry.com, truthfinders.com, radaris.com, and intellius.com.  These sites provide a lot of information about you and they didn't even have to hack you to get it. It is all available online for free - compliments of the Freedom of Information Act (which in our opinion is one of the worst infringements on our privacy). 

This law allows anyone to see key details about your life such as your credit rating, important dates like birthdates (with or without the birth year) email addresses, former residences, etc. for not only you but sometimes your immediate family members too, your past and present employment, schools attended, and graduation years, if you have a mortgage and with whom, etc. 

This law is how most of those sites collected your information so they could use it to populate their websites. Without it, they'd have to resort to other tactics to gather the information or they wouldn't have a website anyone would want to use. 

The search results from Googling your name are similar to the information that we showed above for a password formula:

• your birthdate, some portion of your social security number with the rest "blacked out;"  
• any other names you now use or have used in the past, your credit rating, dates like birthdate or just the birth year, your schools and graduation years, your mortgage company, if you have a car loan or lease and whom you pay;
• your marriage and divorce date;
• names and/or birthdates of your children, their ages, their names and addresses of spouses or significant others where they have had mail sent to their addresses;  
• your former and present phone numbers and mailing addresses; (Two sites have a list of all your neighbors, their addresses and their phone numbers)
• your former and present employment including dates and addresses;
• if you are affiliated with any websites.

A hacker doesn't need all of the information found in search results. He can target his next victim with minimal information such as:   

• your birthdate OR
• a phone number (as seen on your Facebook account)
• your present location with or without an actual street address (a zip code or city is enough) OR
•  the name and location of your high school.

All hope is not lost. You do have some options to protect yourself which we will explain in the next two parts of this series.  

Please share our link with your friends so they can enjoy our websites too. Thank you for stopping by. 

Part Two: Most Used Pet Names Passwords

This post is Part Two of Three. We will discuss the use of pet names as passwords and give you a list of the most used pet names. 

Many people use their pet's name, or some variation of it, as their password.  When they change their password, they stay "with the theme" which means they keep using their pet's name but may change it slightly, for example, adding symbols or numbers to the name.  t 

There are users who keep a short list of "My Frequently Used Passwords" so when they change their passwords, all they do is rotate or shuffle them so that those are the only passwords that they ever use.   

We all love to show pictures of our pets on our social media accounts, especially when they do funny things.  But using a pet's name as part of your password is not the best idea, especially if you mention the pet's name when you are flashing their pictures.  

An alternative is to add numbers and symbols to make the password harder to hack which is good, but in some cases this is also not the best solution because people tend to add 12345, or their address, their phone number, birthdate, pin number or other significant number.

Don't do that.


The following list is not a list of the most common names that people name their pet.   It is a list of pet names that are most used as passwords and are also the most hackable. 

It's a happy day when a hacker has guessed a password

If your pet's name is on the list, you should consider not using that name anymore and make a different password.  We'll give you some more examples in Part Three. 

In alphabetical order, the most popular pet names used as passwords are:

• Apollo
• Atticus
• Baby or Babe
• Bailey
• Bandit
• Bear
• Beau
• Bella
• Benji or Benjy
• Benny or Bennie
• Biscuit
• Blade
• Brady
• Brandy
• Brutus
• Bubba
• Buddy
• Buffy
• Buster
• Butkus
• Caesar
• Cat 
• Champ
• Charlie
• Chico
• Chloe
• Cinnamon
• Coco
• Cookie
• Cooper
• Cowboy
• Daisy
• Dakota
• Diesel
• Dog or Doggie
• Dollar
• Dolly or Dollie
• Drax
• Duchess or Duchy
• Duke
• Elvis
• Fido
• Fred or Freddie
• Ginger
• Gizmo
• Gracie
• Gunner
• Harley
• Harry
• Izzy
• Izzy
• Jack
• Jake
• Jaws
• King
• Kitty
• Kono
• Lady
• Ladybug
• Lex
• Lily
• Logan
• Lola
• Lucky
• Lucy or Lucie
• Lulu
• Luna
• Maddie or Maddy
• Maggie
• Manny
• Max
• Maya
• Micky 
• Midnight
• Milo
• Minnie
• Missy
• Misty
• Molly
• Monk or Monkey
• Muffin
• Oliver
• Oscar
• Peanut
• Pearl
• Penny
• Pepe
• Pepper
• Plato
• Prince
• Puff or Puffy
• Queen or Queenie
• Quinn
• Ranger
• Raven
• Rocco
• Rocky
• Romeo
• Rover
• Roxy or Roxie
• Rusty
• Sadie 
• Sam or Sammy or Samantha
• Sandy
• Scooter
• Scout
• Shadow
• Sheba
• Simba
• Smoky or Smokey or Smokie
• Snow or Snowy
• Sophie
• Spike
• Stella
• Sugar
• Sully
• Sushi
• Sweetie or Sweety
• Taco
• Tank
• Teddy
• Tiger
• Tigger
• Tracker
• Truck
• Tucker
• Widget
• Willie
• Yugo
• Zeus
• Ziggy
• Zoe or Zoey

 Is your pet's name on the list?  

Continue to Part Three where we will show you how to make a good password that you don't have to remember.

Please share our links with your friends so they can enjoy our websites too. Thank you.

Part Three: Making Passwords You Don't Have To Remember

In Part Three, you will learn how to make a good password with a little trick to do so that you don't have to remember it.    

How to make a good password 

Tracking Visitors

Many websites track their visitors in some way, but it is usually confined to their activity while on their website.  You'll know this is true when you see a banner or sidebar box showing the products or topics you just viewed, or when you get an email that you left an item in your cart that you chose not to purchase, or that the product was all of a sudden reduced in price.

Some sites slip extra permissions in the clauses of their terms of service (TOS), which most people don't read.  They'll say by accepting the TOS that you are giving them access to your friends list. If they don't tell you this up front, you'll find out when your friends say they are getting many more popup and sidebar ads.  It's all legal, as long as each visitor accepts their terms of service.

A strong password is not going to help you on those kinds of websites.  The best you can do is to leave the site as soon as they tell you they want to access your friends list or if their TOS requests or permissions goes beyond the scope of using their site.  

It is almost impossible not to accept cookies but you can and should customize your preferences and restrict their access to the least amount of your personal information.

How Did They Know That?

Some websites want their new visitors to create an account. When they come back on their next visit, usually they are required to verify their identity using multiple-choice security questions. The correct answer will always be one of the choices and the website will know if you select the wrong answer because they only choose questions with answers that are already public information, like the year/model/ or color of your first car; the street you lived on in a particular state; or the name of your grade school.  

Just know if they used public information for their security check questions, then even an amateur hacker knows that information too and can hack your account in a heartbeat. 

Passwords are also tracked on many websites. To remember screen names and passwords, many people tick the "Remember Me" box.  It really is so easy - too easy  - because if your computer is remembering your login information, then so is the website.  How else will they know if you entered the correct login information?

Make It Long and Strong

A hacker assumes that you re-used the same password, or a variation of it, from site to site. Stop doing that because you are making the hacker's job very easy. The one thing that will make a hacker move on to other victims is if he has to waste too much time trying to crack your password.   

Internet security experts say that the best passwords are between 18 and 26 characters long, with a combination of upper and lower case letters, sprinkled intermittently with numbers and symbols. Don't use a real word as any part of your password. If you do, then mix it up by inserting numbers and symbols after each letter.  

If you use a short personal password that defines you, think about which of your friends and associates know that about you too. Then go change it to something else.

Your password box on each login screen shows an asterisk for each letter or number which tells the length of your password. If a hacker sees a lot of asterisks, he will know your password is a combination of random letters and numbers, will give up, and find someone else to hack. 

Hacking is a time-sensitive activity. He must get into your account, steal it and get away as fast as possible. 

Choosing Passwords

The most common passwords are the names of your pets, so it should go without saying that you should never use the names of your pets as a password on any website and certainly not on multiple websites.  It's too easy to forget that you mentioned their names on a photo, or you talked about them on a blog, or in a comment on Facebook. 

A hacker who figures out one password for one of your accounts will keep trying it because he hopes you used it on other websites too.  Don't give him that satisfaction; use different passwords.  If you must use familiar names and passwords, then add digits or symbols up to 26 characters.

Most people generally have a harder time choosing the beginning of their password, but adding numbers and symbols seems to be much easier.  

So you might be thinking "How will I ever remember so many different passwords?"

There's an app for that! 

In the early 2000s, the advice to remember passwords used to be to make up a sentence so the first letter of each word corresponded to each character in your password.  The sentence idea wasn't the best because people who couldn't remember a password were expected to remember the sentence they used for each site.

Gone are the days when you had to write down your passwords in a notebook, or forward your newest change of password to your email for safekeeping, most likely put in a dedicated folder. 

By the way, keeping your passwords in one of your email folders is not as safe as it used to be because emails tend to get hacked much more often than Facebook accounts.

The best way to remember your passwords is to let something else do the remembering for you - a password manager.  

Some people shy away from this idea because they don't understand how they work or they don't want to learn something new.  You will see that password managers are easier to use than you might think.

Password Managers 101

Anyone who has been hacked in the past may think they need to buy an expensive password manager, but it really isn't necessary. 

Some add a few bells and whistles to make them more attractive or to validate their price. Some have built-in password generators to offer stronger passwords. Others protect your credit card and bank account numbers by offering encryption.

Today's most popular internet security measure is requiring two-step authentication where a code is sent to your email or cellphone before granting access to your information. This only works well if you have the same cellphone or email at the time they send the code.  

We know one guy who set up his Facebook account with one phone number and ten years later when someone reported him so that his identity was called into question, the code was sent to a phone he no longer owned. He got his account back by answering security questions.  

We know a gal who was locked out of her Facebook account because it was hacked. The phone number and security questions were no longer valid because the hacker changed them when he took over the account. She had to make a new Facebook account and try to get back hundreds of friends.

So for the two-step authentication to work, you have to change the information each time you get a new phone number or email address.

For purchasing password managers, the prices range from free to $100 and some are sold by yearly subscription. By the way, if you have a Norton virus protector, one of the features is a Password Vault which is free with your Norton purchase.

We don't like to wait for a code to get access to our information so for us, a password manager has to be simple and free.  We don't think that paying for one makes it function any better. It either works or it doesn't. Your money isn't going to make it work any better.  

The main idea is to keep all your "different" passwords in ONE place guarded by ONE master password. 

So the first thing you'll need to do is to make one really terrific master password, preferably using 26 characters.  After that, every time you create a new account or change a password, you will be prompted to save the login information to your password manager.  

Which password manager you use depends on what you want it to do, how easy it is to use, and the way you want to access your passwords.

Review of Password Managers

In no particular order, here's a little info about the most popular password managers.  

CHROME

 

If you use CHROME web browser, you don't need anything else. 

The Perks:  it has a built-in password manager that prompts and remembers your passwords as soon as you type them. All you have to do is sign-in to CHROME with ONE password. Then when you go to any website, your password will be auto-filled.

 

Another advantage of using CHROME is that your password manager and your bookmarks are available across all your devices as long as you are signed in to the same CHROME account. 

 

The only downside is if more than one person uses your device, they will already be signed in to your CHROME and can access your password manager.  So if you are the only user of your device, CHROME is a good choice. The link gives you step-by-step instructions. 

LASTPASS

LASTPASS

LASTPASS is a password manager and password generator.  There are extensions available in your App stores for Chrome, Firefox, Edge, Safari, Opera, and Microsoft.  

The Perks: It has two-factor authentication, automatic password capture as soon as you create a new password, auto form-filling, and a separate Secure Notes feature that stores bank account and social security numbers, etc.  As with all password managers, you have to create an account.

Keeper

Keeper Password Manager

Keeper is available for Windows, Linux, MacOS, Android, IOS and has extensions in your App stores for various web browsers.  

The Perks:  Unlimited passwords, storage of your payment details and a built-in auditing tool that alerts you when passwords are used more than once, or if a password is particularly weak and needs to be made stronger.

Symantec Norton Identity Safe

Norton Password Manager and Generator

You don't have to buy a Norton Anti-Virus to get the Symantec Norton Identity Safe password manager because it is free in your App Store. It is both a password manager and a password generator. 

 

The Perks: besides the security of having Norton's name on it, this password manager and password generator helps you to make strong passwords using prompts. It has a Safe Web feature to alert you to malicious web pages and an automatic password prompter to change a password whenever it is used on more than one website.   You can either download the program or go to your Extension store to add it as an extension.

Enpass Password Generator

Enpass 

Enpass supports these operating systems: Windows, Mac, Linux, IOS, Android, Chrome OS, and about seven others. 

There is a pay version, but here are the Perks for the free version:  Offers cloud backup, fingerprint support, password generator, web form autofill, and data import. It has separate vaults for personal, work, and family passwords.  

The downside:  Enpass limits storage for Android device users to 20 passwords, so if you are a heavy website user, you might want to skip this one.

LogMeOnce Password Manager

LogMeOnce 

LogMeOnce password manager has a free and a paid version. 

The Free Perks:  Gives emergency access to photos only. There is a kill switch for wiping off data stored on any device that is stolen, and a secure wallet for storing credit card and banking information. 

An automatic password changer prompts you to change passwords at timely intervals. LogMeOnce also allows you to add a person as a beneficiary who can take control of your account if something happens to you.

True Key (owned by McAfee)

True Key Password Manager

True Key password manager supports Windows, MacOS, IOS, and Android. It supports CHROME, Firefox, and Edge web browsers.  

The Perks: You can sign in using 1) a password, 2) facial recognition, 3) fingerprint , 4) Windows Hello, or 5) two-step authentication. 

 

You aren't required to have a master password if you use two-step authentication. It has a password generator to help you make stronger passwords, a digital wallet to store financial information, and it encrypts your login credentials if you use the manager on more than one device. 

 

The downside:  The free version only allows you to save 15 passwords, while the paid version allows you to save unlimited passwords.  So if you have more than 15 passwords to store, True Key isn't for you unless you want to pay for it.

 

Dashlane

Dashlane Password Manager

The free version of Dashlane password manager stores 50 passwords but only for ONE device. You will need to put a separate Dash Lane password manager on each device.

 The paid version (about $5/month in 2019) allows access on unlimited devices, an unlimited number of passwords, cross-syncing, and cloud backup. 

The Perks: Dashlane is available for Windows, Mac, IOS, and Android operating systems. It has a strong password generator tool to help you make the best passwords, and emergency contact option if you forget the master password. Dashlane uses Secure Notes to store bank and credit card information. 

The downside: the free version is only for one device, so if you only have one device, this is a good choice.

We know this three-part tutorial was a lot of information to digest at one time, so please read it over once, then come back later for another read.  We hope this tutorial will discourage you from using the same password on multiple websites.  

Please let us know how we are doing in the comments.  Thanks for stopping by. 

 

7-Eleven's Mobile App in Japan Has Been Hacked

On July 6, 2019, 7-Eleven in Japan reported that their 7Pay mobile system has been hacked.  This is a mobile app available on APPLE and GOOGLE stores.  You can read the complete post on our breach website at this link:  Security Breach Updates. 

Japan's 7-Eleven's 7Pay mobile app was hacked on July 6, 2019

Please share our posts with your friends so they can enjoy our websites too. Thank you!

HOW TO PROTECT YOUR PHONE FROM BEING CLONED, STOLEN, HACKED, OR PORTED

There has been a dramatic increase in Facebook accounts getting stolen or hacked and it is mostly phone users who are affected. 





SCENARIO: You lost your Facebook account to a scammer when he cloned your phone. How in the world was he able to do that for you not be aware of it? I am about to make your head spin.




1) When you get more wrong numbers than usual on your cellphone. A scammer will usually try several attempts to take over your phone by posing as a wrong number and hanging up.




2) You might have seen EMERGENCY USE ONLY on your screen at random times. When a phone is being cloned, service is interrupted for a minute here and a minute there.





3) You might have been the victim of scams on Facebook recently. Some of your Facebook account information becomes known to scammers once you LIKE their pages, join or are added to their groups, or fall for the Free Coins scam by giving them certain information to get free coins that never come.




4) You used your phone to verify your identity to any agency, bank or credit card company by giving them your name, phone number, Social Security number, date of birth. This info soon appears on the Dark Web when a bank or credit card company is breached.




5) You haven't had any interaction with your cell provider other than paying your bill. If your cell provider has never heard from you, a scammer has a better chance of convincing the provider that HE is YOU. Put a security code on your account so that the provider's customer service rep has to ask you for it BEFORE they can conduct any business over the phone.






6) You haven't changed your privacy settings in a long time. Some people never look at privacy settings once they set them up. An update can undo any privacy setting or reset to default.




7) You have no password protection on your device. If your device has no password to get INTO the device, anyone can pick up your phone without your knowledge and change your settings, put your calls on CALL FORWARD or worse.




8) You allowed a stranger to use your phone - even though it was only a one time emergency use. It only takes one phone call to clone a phone. Usually it starts by CALL FORWARD or putting phone on ignore which stops all incoming calls.





9) You lost your phone and someone returned it to you. You never rechecked the settings to see if anything was changed.





10) You allowed someone else (child, adult) to use your phone to play games or to do an internet search.


********************************


PORTING 

Once the criminal has 3 out of 5 bits of your personal information, they call your mobile phone service provider pretending to be you, and tell them that you're switching to another company but want to keep your existing phone number.




Transferring your number from one provider to another - for example from Verizon to AT&T - this is a process called porting.





If you have two-factor authentication set up on your bank accounts, or any other online sites, the scammer will be able to get the code needed to log into your account when it is texted to your phone. From there, you could become a victim of identity theft and even have money stolen from your bank accounts.




Porting takes up to 24 hours to complete. During this time both phones will be functional. Any text messages that you receive on your phone will also be seen by the phone that your number is being transferred to. You will not get any notifications that this is being done, unless you have a backup notification - like an email address or second phone where your provider can reach you.




*************************************** 


HERE IS WHAT YOU CAN DO:

1 -- Ask your wireless provider about port-out authorization - Every major wireless carrier has some sort of additional security for accounts or for port-out authorization that customers can set up.





*****This can be a verification question OR an added PIN /special code (as discussed above) where they have to ask you for it before making any changes. This will make it more difficult for someone to port-out your phone. Contact your mobile provider and speak to them specifically about porting and/or port out security on your account.





2 -- Watch out for unexpected "Emergency Calls Only" status - Call your mobile phone company if your phone suddenly switches to "Emergency Call Service Only" or something similar. That's what happens when your phone number has been transferred to another phone.





3 -- Be alert about the communications you receive - Watch out for phishing attempts, special alert messages from financial institutions, texts that are code responses to two-factor authorization requests.





****If you are getting a code that you didn't ask for, you'll know that someone asked for it, and you need to change passwords on your Facebook, Google, bank and credit card accounts immediately. BUT FIRST - on your Facebook account, check SECURITY AND ACTIVITY tab to make sure YOU are the only person on your account at the moment.





*****If you see login locations from strange locations on that screen, then YOU ARE NOT ALONE. Immediately click END ACTIVITY on every entry. After you are sure you are the only one left on your Facebook account, CHANGE PASSWORD. 





If you accidentally End your Own Activity, no worries, just log in again. When you know you are the only one on your account, then change password immediately so scammers can't get back onto your account.




The best protection is using a landline to call every credit card, bank, and especially your cellphone provider to put a code on your accounts so they have to ask you for it before proceeding to do business. IF THEY DO NOT, make sure the CSR agent knows they screwed up by not asking you. It will be duly noted and each CSR after that one will be prompted on their screen to ask you for it. Using a landline to make these calls is added security in case your cellphone is already compromised.


Was this post helpful?

HACKED VS CLONED

In order to answer that question, you have to understand the meanings, the reasons, and the repercussions of each one. Then decide what you are willing to risk.

WHAT IS HACKING?

Hacking is when someone takes over your present Facebook account to use the information on it for their own gain. 




The hacker usually logs you out by immediately terminating your login session. Then he changes your password to one of his own, and sometimes even changes the login name, email or phone number so that no matter how many times you try to get back on, the login information won't work. Then he goes to work looking through your information to see what he can steal, especially the information that's set to ONLY ME or FRIENDS.



Although hackers are almost always on your friends list, sometimes they are complete strangers.  Looking from the outside of your account (as a non-friend), the hacker can only speculate what goodies you have on your account because he can't see any of the information set to ONLY ME or FRIENDS. 

But he is almost always a good guesser.

He doesn't choose his future hacks unwisely. He will have scoped out his mark - you -  by watching what you posted on your timeline and what kinds of things you share.  He is looking for survey takers, quiz takers, people who post huge game wins, who conduct public conversations with friends in the comments of posts, and who show their every move with check-in locations and times (which tells him when you are active on your account so he can determine a good time to begin your hack).  

He can also tell a good time to hack you by when you change your profile picture.

It is a Facebook glitch - and continues to be a glitch to this day - that when you change your profile picture, this is when your Facebook privacy settings are changed on your account - supposedly by accident.   It is in YOUR best interests to check your settings each and every time you change your profile picture so you are not caught unawares where your FRIENDS settings have been changed to PUBLIC or where your ONLY ME settings have been changed to FRIENDS or PUBLIC.  If your phone number is on your account, and you have it set to ONLY ME, it is a sure bet that it will be reset to FRIENDS OR PUBLIC.  No one will be more surprised than you because you know that you had it set to ONLY ME.

A word about your phone number ... the biggest lie Facebook tells is that they need your phone number to help you get back into your account if you should ever get locked out.  Far too many Facebook users provide it because they believe it.

It's not entirely true.

Facebook will use it to send you a text code to enter in the Password box so you can change your password in the event that you forgot it, lost it or got locked out of your account for some reason (usually their mistake).  But if you think about it, this is not the only method of contact for you.   If you put your email address on your account as your Recovery method, your phone number is not needed. Facebook will send you the code via email. If you list some trusted contacts, they will email a code to them for them to give to you so you can enter it in the Password box, and then be prompted to create a new password.  The trusted contacts method is the third party method - sort of like whispering down the lane. It takes a little longer but accomplishes the same result as sending you the code via email or texting the code to your phone. 

It is far too dangerous to put your phone number on ANY Social Media account because of the amount of hacking going on.  Even though Facebook says they want you to do it, they don't need it and they don't require it.  Put your email address on as the Recovery, choose some trusted contacts if you want to, but NEVER give them your phone number.

Now I want to tell you about what a hacker can do when he sees your phone number on your account.  Did you know your phone number can be compromised in less than 5 minutes?  

All a hacker has to do is replace your phone number on your Facebook account with a phone number in his surplus - he always has a surplus.  

He can also fix it so you can't use your phone at all, by looking up who your cell provider is, convincing them that your phone is lost or otherwise permanently damaged so they disconnect your number and he can get a new phone number assigned.   At that point, he will have another phone already in his possession waiting for the new phone number. He can do this very easily because you provided your family information on your Facebook account to answer the security questions of major utility companies and credit card/financial institutions.   If he chooses, he can use the new phone number as a new login for your account since he is now the new owner.   But the worst part is that he has now rendered the phone that's in your pocket totally useless.

If the hack is malicious in that the reason he wants your Facebook account is because you are on a high level in a particular game, (so he can BE you), he will also be keeping your identifying information in case he is ever called upon by Facebook to verify identity. 

If you already have it on your account, you have made it very easy for him. (City, state, phone number, work history, school history etc.). Your check-in locations also help him to zero in on exactly which Jane Doe you are, in case your city has several people with your name.




Last but not least, he will be looking for LIVE links to your family members listed in the relationship section of your account and work history and residence locations. This is so he can answer Facebook's security questions or create a new identity, or use your information to get new credit cards, bank accounts, and certain forms of government ID (driver's license, passport, etc.)  The last example alone can cause you grief by ruining your credit history and put you in financial ruin.




Once a hacker is inside a newly hacked account, if he doesn't find anything he can use, he will abandon the rest of the hack. That's why you see so many hacked accounts get returned to the owner so quickly after a hack.  There was nothing on the account that the hacker wanted, needed or could use. 




That doesn't mean the account won't get hacked again. It's been proven that 90% of hacked accounts are hacked again. A hacked account is never forgotten; it gets periodic checkups to see if the owner is updating their information, changing profile pictures, making game purchases, posting game wins, participating in surveys and/or quizzes, and allowing friend conversations to be on Public setting.  

WHO CAN POST ON MY TIMELINE?

This is another loophole on your Facebook settings that a hacker looks for.  If you have it set to FRIENDS or PUBLIC, this is another "in" to your account.  It gives the hacker promise that possibly the rest of your settings are very lax and/or your password is guessable.  

What this permission does on your end is that it allows anyone to post anything on your timeline. They can tag you in a post, attach your name to a sex video, scam tag you (Ray Ban, for example) and the worst part is - if you don't have TAG REVIEW or TIMELINE ACTIVITY set to where you have to approve any posts FIRST, these tags can sit there for years before you will ever notice someone tagged you. 

Plain and simple, you should NEVER allow anyone to post on your timeline.  The answer to the question should be NO ONE, with TAG REVIEW and TIMELINE ACTIVITY set to where you have to APPROVE FIRST.  

Anyone looking at your account will see that the STATUS BOX is removed from their view. They can't type on your timeline because there is no Status Box to type in.  Your answer of NO ONE disabled anyone from being able to leave you messages, tag you on new posts or embarrass you with scams or porn.  You can see it from your view, but no one else can.  You can still be tagged in a comment on your timeline but if you have Tag Review set to ON, you will be brought to your attention for approval or remove tag action.

While hackers are looking mostly for financial information in many cases.  The dead giveaway that gamers have it on their account is when they are posting frequent game wins.  A series of game wins is the reward for buying and a few are quite huge.  When players brag on their accounts, hackers know they have a short window of time to strike.




In the hacking business, time is of the essence. A good hacker doesn't need to keep your account very long if he is only after certain kinds of information. He will locate whatever he needs and be off your account in less than an hour.  

In that hour, the hacker can do a tremendous amount of damage. He can clean out your bank account and run up your credit cards, gather enough info to make new identities using your personal information and still have time to select a few people off your friends list to hack them when he found the same desired information on their accounts OR because they changed their profile picture which relaxes settings on their Facebook. 

It is a well known fact among hackers that changing your profile picture also changes some of the privacy settings on your account. This is why we always advise to go over your settings right after changing a profile picture. 


Regarding hacked accounts, we always tell you to unfriend any friend who has been hacked because, as a name on their friends list, you can be on the hacker's radar very quickly. 

If you have a catchy name, if you expose your friends list to PUBLIC, if you post many game wins, if you change your profile picture frequently or if you have your timeline posts set to PUBLIC, very quickly you can be on the hacker's radar as his next choice.  It is VERY important to Unfriend so that you are not next in line to be hacked. 




When accounts are hacked, there is no rhyme or reason. It can be very high level Game players OR very low level Game players or even Non Gamers who are hacked.  It depends on the hacker's preference and exactly what he is looking for.



As a low level player, you may be hacked because you don't have many friends yet or your Facebook account might be new.  A hacker can masquerade as you, sending friend requests, playing the game and enjoying the wins that lower level players are given by developers.  Low level players win more when they start to play a game than they do when they are in middle levels. Higher level players win a lot more because the developer is moving them into being one of their "stars."  

The hacker can hold on to a low level player's account for a very long time without it being reclaimed by owner, or caught by Facebook.  But, once the heat is on, they abandon the account.  The player should have a facilitator - someone to help them get their account back and it should be within the first 24 hours, but not longer than 3 days.  The fact that the hacker changed the password doesn't mean the account is lost. A good facilitator can have the account back in 10 minutes.   

If you are a higher level player who posts a lot of wins, then you obviously buy game coins.  Besides gaining access to your financial and identity information, then second reason the hacker wants your Facebook account is because you are well established in the gaming community, and he can enjoy the higher wins and daily bonuses that you get - he can BE You.  He doesn't have to work to get to the high game levels - he can steal it. 

A hacker will nearly always be a friend already on the hacked account's friends list. While he sits on your friends list, he will be constantly on the lookout for more of your friends that will fill his needs. 





You might get mad at losing all your friends when they unfriend you. It is a good thing for them, but it isn't always good for you.  Sure, it is time consuming to go to the trouble of re-friending them - if and when you get your account back.   If that is the least of your problems after getting hacked, you should count yourself lucky to have your account back.

If you don't change your settings after being hacked, you will get hacked again.  Soon.  Count on it.


WHAT IS CLONING?

Cloning is when a brand new Facebook account is created in your name, using all or most of the information and photos that you allowed to be seen on your account  - in Friends view or Public view, on timeline or info you shared with 3rd party APPs (like surveys, quizzes, and sites that promise free game coins). 

In this case, you don't lose your present account; there is another YOU on Facebook.



Cloned Facebook accounts are more of a nuisance than anything. They will usually friend up your friends, telling them that they are You, to gain the trust of your friends.





It is important to IMMEDIATELY report the Cloned account to Facebook as soon as you are aware that someone is impersonating you.   Then go to your timeline, make a post set to PUBLIC, and put up the link to the Cloned account to let your friends know exactly who is impersonating you.  The sooner you warn your friends, the sooner the cloned account is rendered useless. 




If a Cloned account confines their activities to Facebook, and doesn't extend to the world at large, then this type of Cloning is more of a nuisance than a danger.  But if they were able to Clone your information to the point of opening credit cards and buying goods online, that is a Malicious Cloning which has its own set of repercussions.  They have moved into Hacking.

SO, WHAT'S WORSE?

Cloned accounts are definitely the lesser of the two evils. 

It is easier to get positive reaction from Facebook after reporting them because there are more reporting options for Cloned accounts than there are for Hacked accounts. 

Facebook disables the Cloned account until the person on the Cloned account can prove their identity.  

In the meantime, you are also asked to prove your identity to Facebook so Facebook can play King Solomon to decide which one  of you is the real mother of the baby. lol

PROVING YOUR IDENTITY 

Sometimes Cloned accounts can prove identity easier and faster than you can prove that you are the owner. That's because of the amount of information you allow to be seen in Friend and Public view on your account.  

If you have named your family members - with or without live links to their Facebook accounts - all the Cloned user has to do is answer the same type of family questions that most places use for security measures.  They are:

1) What is your mother's name?

2) Who is your current employer?

3) What is your brother's name?

4) Which family member lives in (city) in (state),

5) What family function photos did you post on your timeline in the last 3 months?  

  

It's a stupid test, and no way is it definitive in proving identity BUT if you have all that info on your account, the Cloned account has no problem proving to Facebook that they are You.

In the past, Facebook used to ask for two forms of photo ID - usually a driver's license and some government-recognized ID - so they knew it was you. The name and face had to match on both ID's.  But they got away from doing that because alot of people were perfectly OK with letting their accounts go lost and unrecovered because they didn't want to provide their identifying information to Facebook.  They felt it was an invasion of their privacy and they didn't trust Facebook not to bomb them with junk mail, phone calls, and worse.  

Then Facebook decided to use a Facial Recognition test. This is where they have you match names to five photos of five people on your friends list, but they didn't do this by showing you their profile pictures. That would be too easy.

They pick five of your friends, then they went to their photo albums and picked out five pictures from each one for a total of 25 pictures.  They usually pick the five friends who have tons of pictures in their albums that are set to Friends view. 


The five pictures are chosen from any of the hundreds of Facebook photos in their albums.  And the more obscure the pictures, the better.


Then they show you a screen of 5 pictures with a multiple choice of 5 names under the set. Your job is to select ONE name that all five pictures belong to.  It is a timed test.  You have 10 to 15 seconds to provide correct answers for each set of five, for a total of 55 to 60 seconds for the whole test.    

That's pretty hard to do if you aren't someone who looks through the photo albums of your friends.  

The test is equally hard to do because you can't spend much time on each one.  You can't use your own Facebook account to look up anyone's pictures because it is disabled.  




Even if you have help from a kind friend or if you are using two or more devices that have other Facebook accounts on them to look up the photo albums of each one of the 5 multiple choice names, there just isn't enough time to get back to pick an answer before the question times out.  

The killer is the Time Outs.  Once you take too long to make a guess or are using another device to research the owner of One set of pictures, it will piss you off when you come back to the test to put your answer in and find that the test moved on to the next set of pictures. There is no back button.  

There are also two SKIP buttons on the first run through of the test. If you use one SKIP on the first run through, and if you get the other 4 answers correct, you have passed the test. They will slap you on the wrist and tell you to review Facebook's Terms of Service. Then they will show you the login screen. 



The graciousness is only for the first run through and after that, you can use the SKIPs for the second run through. Even if you got the other 4 answers correct, the SKIP makes you fail the test.  The SKIPS are disabled by the third run through, so you have to get all the answers right.  

You get 4 attempts in one hour. After the second run through, in order to pass the test, you have to get all 5 profile names correctly matched to each set of pictures.  

If you exhaust your 4 attempts in the first hour, you have to wait another 4 hours before Facebook will let you have another crack at it. 



If you try to login because you are hoping to get the test offered before the 4 hours expires, each time you try to login before the 4 hours is up, you will be shown a popup telling you how much time is left before you can try the test again. 

It doesn't do any good to look up the pictures while you are waiting for the 4 hours to pass. 

They use one set of pictures for Attempts One and Two in the first hour and they use another set of pictures for Attempts Three and Four in the first hour.  

If you didn't get them right, after you have waited 4 hours to try again, the new test will give you one set of pictures for Attempt One that you have seen before and a brand new set of pictures for Attempts 2, 3, and 4.  You have one more hour to get them right, then you have to wait another 4 hours to try again.   This goes on for 24 hours or until you get them right.

If you fail after 24 hours, you will again be given the option to provide photo ID.  If you don't, you will get two more days of the above test to identify your friends and then you will get locked out for 30 days with a message that says your account has been disabled until you provide proof of identity.  

In essence, this is Facebook jail - depriving you from using your account because of some real or imagined infraction.

Here's the solution:

Let your account sit idle, and don't login or attempt to login for 30 days. On the 31st day, go to login screen, provide your login information with the wrong password.  The screen will tell you the password is wrong - click FORGOT PASSWORD.  You will be asked if you want to change your password. They will send you a link so make sure the info they show you actually is your own email or phone.  Click the link to reset password, the link takes you back to login, change the password, and you are back on your account again.  It doesn't work before 30 days time. 

Keep in mind that a Cloned account takes everything that you allowed to be seen on your Facebook, including your photographs, your information, your relatives (if named on your account), your location, your phone number, your email, and your friends list.  



If you didn't allow identifying information to be seen on your own account, then the Cloned account would have nothing to use, saying that they are You.




At the same time that the Cloned account is asked for proof of identity, you also have to prove your identity. 


You may also have to do a Facial Recognition test as the Cloned account had to do.  


If the IP address that the Cloned account is using doesn't match the location that's provided on the submitted driver's license, Facebook will then check the location of the last 30 days of logins on the reporting person's history to see if there is a duplicate.


Hopefully You were quick to report the Cloned account as the fake before the Cloned account reported You as the fake.  Get some friends to report them too - the more reports, the better.


Even if the Cloned account passes the Facial Recognition test and provides authentic driver's license or government ID, the Cloned account is the loser here ONLY IF you have enough friends reporting the account as the fake.



Hacked accounts are not as easy to get shut down after reporting them because Facebook doesn't take such reports seriously until there are at least 5 reports with the same complaint. To that end, Facebook made it even harder when they removed the "This Person Is A Hacker" option on the reporting screen. It is possible that too many reporters were abusing the privilege.




All in all, if you have to choose one, Cloning is better than being hacked. 
 

You can always get someone to stop being You on social media. 

You can rarely get a Hacker to stop cleaning out your bank account or running up credit cards that they opened in your name.