A couple of weeks ago Winnie Okeyo took a few minutes during her lunch break to log into her Facebook page and keep in touch with her friends.
She was accessing the site from her phone and thought it strange when she received the usual log in page instead of her home page since she had not logged out the last time she was on line.
She promptly typed her log in information but received an error message telling her she had input the wrong password.
She tried again but after several attempts to log in with the password she had been using since she joined Facebook, she gave up and blamed the hitch on her phone browser.
She later tried logging on from a cyber café and still could not access her account.
She thought the site was down but a look around the cyber café at other users gleefully Facebooking sent her into a panic.
“I tried to remember if I had changed my password but I could not recall ever doing that,” she says. “I had never shared my password with anyone and I thought I was losing my mind”.
Soon her friends started to receive inbox messages from her account.
“I was surprised when a few hours after my account mysteriously got locked one of my friends called me and told me she had received my inbox but could not make sense out of my message”, she said.
“I began getting calls from irritated friends asking me to stop filling their inboxes with spam”, she said. “I had a hard time explaining to them that I was not sending the messages and it was quite frustrating.” It soon became apparent to Winnie and her friends that her Facebook account had been hijacked.
Many Facebookers and Twiterers go about their social lives oblivious of the host of hackers and spammers eager to get hold of their accounts.
Over the last few years, the number of social media users has considerably increased .
Facebook recently announced it had hit the 500 million user mark an increase of 100 million users in five months.
But it is not only Mark Zukerberg and his team that were celebrating the milestone.
To the large underground hacking community, this news translates to 100 million new accounts to pilfer.
Online user account hijacking has been a concern worldwide with many users reporting to have lost control of their account at one time or another.
In March this year, a French hacker hit a bevy of Twitter accounts including that of US president Barack Obama.
According to Mr Martin Gicheru, a programmer and a web designer, hackers attack users’ accounts for a wide range of reasons.
“Hackers generally want an unfair advantage by getting unsolicited data for their own use,” he said. “They want to gain access of your profile that has a large following to reach out to a large number of people in a short time.”.
“Other hackers seek to sell their products online and use this new following to make contact with users and potentially make a sale when they have that hype. Some will target prominent personalities in the media who rely on good publicity and attempt to ruin their reputations by posting damaging updates on their profiles”.
One method is the less sophisticated one where a hacker attempts to crack the user’s password.
The hacker will attempt to log in like the legitimate user and attempt to hack into the account by guessing the right combination of characters that make up the password.
Many users have easy password combinations like their birth or anniversary dates.
If the user has a security question, the hacker can try and guess the right answer to gain him access into the account.
According to Mr Gicheru, many hackers deploy programming tools like Trojans.
“This could come in the form of free software that is loaded with Trojan horses that install in your system and proceed to perform various instructions in your computer, like tracking all your online movements,” he said.
“They can copy user data like passwords and user names and send these to the hacker over the internet. The hacker can even acquire administration rights over your computer and virtually get into your organisation network via shared file settings”.
Phishing sites are another method used to gain entry into users’ accounts.
Phishing sites are bogus websites that are created by hackers to enable them to snag sensitive information of users who visit the site.
Usually, users receive a message in their inbox with interesting links like “How to Get 1,000 followers”.
The link then directs the inadvertent user to a phishing site that saves their log in information.
As the users navigate the site, they promptly come across an empty page or an error message.
Unknown to them, they have effectively surrendered control of their account to the nefarious whims of hackers.
Mr Gicheru says that a number of third party apps have also been known to pose considerable danger particularly to Facebook users.
“They harvest your username and password and if you don’t change this you will find your account with status updates and wall post you know nothing about on your friends profiles,” he says.
“The latest application doing the rounds on the site is the Profile Watcher/Stalker. The application promises users the ability to keep track of anyone who views their profile in real time. The programme then goes ahead to repost the link several times on the walls of the user’s friends”.
Measures to safeguard against hacking are straight forward. The first is to use stronger passwords. Passwords made up of birthday and anniversary dates, nicknames, favourite movies, actors and musicians are all relatively easy for the conventional hacker to guess.
A long password made of a combination of characters is often recommended over a shorter password made of numbers or letters alone.
Many users go for months and even years on end with the same password thus rendering their account vulnerable. Mr Gicheru advises users to change passwords regularly to safeguard against attacks.
Users are alo discouraged from having the same password for all accounts they hold online.
Using the same account for Facebook and Yahoo Mail for example raises the amount of damage one is exposed to should the password be successfully guessed by a hacker.
“When using a shared computer, remember to log off your account, and never select the option of remember password on your browser,” he said.
Hackers are also known to create phony accounts in a bid to reach out to unsuspecting users.
Users are asked to scrutinise their friends’ requests before accepting them.
Requests from unknown users and those with no common friends with the user should generally be avoided.
Links that promise some new quiz, page or application should also be avoided. If it looks dubious, it probably is.
Some applications or quizzes ask to be allowed to access the user’s information.
Such apps more often than not are designed to phish sensitive information from users.
Since email accounts are a means of accessing social networking accounts, users are advised to be careful when dealing with them.
All spam should be deleted without opening to avoid the possibility of letting malware into the system.