CONTENTS

  •  Keep Facebook private
    •  
  •  Popular Facebook scams & hoaxes
    •  
  •  Facebook charging scam
    •  
  •  Facebook privacy policy scam
    •  
  •  How to avoid Facebook Messenger scam
Facebook is the biggest and best-known social network, but that doesn’t mean its users don’t need to keep their wits about them. Here’s how to secure your Facebook account and protect your privacy on Facebook. Plus: the Facebook hoaxes you can ignore. Also see: Best Facebook tips & tricks
If you’re going to share intimate details of your life on Facebook, it’s important to consider who can see what you’re posting and, also, if you’re potentially sharing a personal detail too far. Follow our tips to below to make sure your Facebook account is secure from threats of all shapes and forms.
Update January 2017: Facebook has announced it is adding Security Key support to its social network to help protect against phishing attacks. Not only will it safeguard your login but speed it up. A Security Key is a USB device you plug into your PC and then tap it to allow access to your Facebook account when required. Without the key you don't get in, though note that the Security Key is not supported via the mobile app. Full details are here.

How to secure Facebook: Keep Facebook private

The best way to see what you’re publically sharing is to put yourself in the public’s shoes. Go to your profile page, tap the three dots icon on your cover photo and choose View as. By default you will see your Facebook profile as seen by a random member of the public with whom you’re not friends, but you can also click ‘View as specific person’ if there is a certain friend for whom you have limited your posts (see below). If you’re not happy with what you see, follow the tips below to secure your Facebook profile.
Facebook privacy
It’s also worth checking out Facebook Privacy Basics for a real beginner’s step-by-step guide to Facebook security. 

How to secure Facebook: Don't accept all friend requests

If you don’t know them, don’t add them. Simple. It’s worth going through your friends list every so often and weeding out all the randoms - who knows how they got there.
Facebook security

How to secure Facebook: Keep an eye on kids

Facebook has an age limit of 13 years, but it’s easy to get around and even 13-year-olds need protecting online. If you have a young child using Facebook, check that they know who they are talking to, that those people really are who they say they are, and that what they are saying is appropriate - cyberbullies, pedos and groomers are not something you want your child to experience.

How to secure Facebook: Consider what you post

Have you ever read someone’s posts every day on Facebook but walked past them in the street and not even acknowledged them? If the answer to that question is not yes then you’re in the minority. Not everyone who views your profile is your friend, and not all can be trusted with your most intimate personal details. One that really bugs us is the airport check-in posts. We might well be jealous that you’re off to soak up the sun for a week, but we won’t be jealous when you return to find your home ransacked and your irreplaceable personal belongings gone.

How to secure Facebook: Share posts privately

Ensure your profile is locked down so that only approved friends see what you share. To do so, open Facebook and click on the downward triangle at the top right corner of the page and choose Settings. Under the privacy tab you’ll find an option for who can see your future posts. Click Edit and choose Friends, or choose More Options to select a custom list. (Certainly do not choose Public, and you should choose Only Me only if you wish to be a loner. In which case Facebook might not be the best place for you.)

This is a global setting, but you can also specify who can see individual posts. Before you hit Post on a new status, click the drop-down to the left of the Post button and again choose Friends or select More Options to specify a custom list.
Content continues below
Facebook security

How to secure Facebook: Secure old Facebook posts

That takes care of future posts, but what about those you shared before you became concerned about Facebook privacy? Still in Settings, Privacy, Who can see my stuff is an option to ‘Limit the audience for posts you’ve shared with friends of friends or public?’ Set this to ‘Limit Old Posts’.

How to secure Facebook: Secure posts you're tagged in

Facebook is a social network, which means it’s not all about what you do but also what your friends do. And they can tag you in all sorts of stuff that will be visible to all on your profile and in the News feed - if you let them. Open Settings, Timeline and Tagging and carefully check each option here. You can control who can post on your timeline, who can see posts you’ve been tagged in and even set Facebook to gain your approval before the tag is applied.
Facebook security

How to secure Facebook: How to hide your phone number on Facebook

Facebook mobile nags and nags until you add your phone number to the service, but you don’t necessarily want that information to be visible to all who view your profile. Open the drop-down for Who can look you up using the phone number you provided under Settings Privacy, Who can look me up. You can do the same for your email address above, and below you can specify whether your Facebook profile should be listed by search engines such as Google.
Facebook security

How to secure Facebook: How to block people on Facebook

Having followed the above steps your Facebook profile will be reasonably secure from people not in your friends list. But it’s the ones you don’t get on with who could become an issue. To block a Facebook member from being able to see your profile, go to Settings, Blocking and add their name under Block users. Click Block to save the change.
If it’s a friend who you’ve decided is no longer a particularly good friend you want to block, go to their profile and tap the three dots icon on their cover photo. Choose Block.

How to secure Facebook: How to restrict what others see on Facebook

There is a middle ground between your best friends or acquaintances and your enemies, of course. For instance: your boss. You can’t reasonably reject his friend request, but you don’t want him to see what you get up to on a Friday night. Go to Settings, Blocking and choose Edit List next to Restricted List. Add their name here and they will see only what you publically share (which is hopefully not very much).
Facebook security

How to secure Facebook: How to hide your birthday and other details on Facebook

If you’re using the desktop version of Facebook, click the padlock with three lines icon to the left of the downward arrow at the top right of the page. Select Privacy Check-up. The first two steps will take you through limiting who can see your posts and which apps have access to your account. The third option lets you hide certain elements of your personal information, such as your birthday or birth year from your profile. If there’s something here you don’t want anyone to see, tap on the drop-down and choose Only Me. You can also access these settings from the About tab on your profile page.

How to secure Facebook: How to stop people adding you on Facebook

If you get a lot of randoms trying to add you on Facebook, you can set Facebook to allow only the people who may have a genuine link to you from adding you. In Settings, Privacy, Who can contact me is an option for ‘Who can send me friend requests?’ By default this will be set to Everyone, but you can change this to Friends of friends only using the drop-down menu. If they don’t know any of the people you know, they won’t be able to add you.

How to secure Facebook: How to specify which apps can post to Facebook

Every time you like a game or service on Facebook it is added to your apps list, and some of these apps may have been unwittingly granted permission to post to your profile whenever they like without first requiring your approval. Go to Settings, Apps and have a browse through the apps listed here. Underneath each app is information about who they can share information with. I set all mine to Only Me, since I find apps and games that post your achievements an annoyance, especially when they clog up the News feed, but you can also choose Public, Friends, Friends of Friends or Custom. In this pop-up window you can also see what information is shared with the app - if you’re not happy, hover the mouse cursor over the app and click the X to remove it.
Facebook security

How to secure Facebook: How to protect Facebook from hackers

Forget about what people can see on your profile for a moment. Consider that with the correct knowledge they could directly access your account and make posts on your behalf, read your private messages and even lock you out of your account. Facebook has a whole section of its Settings menu devoted to this - you’ll find it in Settings, Security.
Here you’ll be able to do such things as approve only certain apps and browsers from accessing your profile (in other words those on your own phone or PC), get a notification when someone logs into your account, use your phone as an extra layer of security and more.
If you ever have any reason to suspect someone has access to your account, change your password. You can do this in Settings, General. Be sure to use a strong password that won’t be easily guessed.
Facebook security

How to secure Facebook: How to protect Facebook from advertisers

Facebook is a free service, but increasingly makes money from adverts displayed on the site. Targetted advertising is that which looks at your activity, likes and history in order to serve up ads most likely to appeal to you. In many ways that’s a good thing, but some people just don’t like advertisers having access to so much information about them. Open Settings, Adverts and study the options here. You can choose to allow or deny targetted advertising, and also stipulate whether your friends can see adverts about things you appear to endorse.
Content continues below
If you’ve done all this and still aren’t satisfied, the best way to go off the Facebook radar is to delete your account.

Popular Facebook scams & hoaxes

All it takes is for one person to fall for a hoax on Facebook and they spread like wildfire through the social network. Many people when quizzed will say they knew it wasn't true, but they thought they had better share it just in case. Which makes no sense whatsoever.
Facebook scams usually focus on the idea that Facebook is either going to start charging users, or that Facebook's privacy options are changing. By copying and pasting a status you can somehow protect yourself from either having to pay a fee or losing the rights to any of your stuff saved on the network.
Exactly why people start spreading these scams isn't clear, but there is one thing we can guarantee: they are all absolute rubbish and you can safely ignore them. Certainly do not share them, which does nothing other than keep the rumour alive and allow people to falsely believe they are protected.
Worryingly, though, more recent scams can have more malicious intentions and steal personal data, such as the new Facebook Messenger scam detailed further down this page.
Back in November 2012 when these hoax posts first began doing the rounds, the company stated: "There is a rumour circulating that Facebook is making a change related to ownership of users' information or the content they post to the site. This is false. Anyone who uses Facebook owns and controls the content and information they post, as stated in our terms. They control how that content and information is shared. That is our policy, and it always has been. Click here to learn more: facebook.com/policies."
It's important to note that any terms and conditions to which you are bound were explained when you signed up to Facebook. Facebook can't change the terms without telling you, and posting a status update won't protect you from those you've already agreed to - if you don't like its terms (the actual terms, not the rumoured ones) then deactivate your account and stop using the social network.
We've outlined some of the most popular Facebook scams below. If you see any of these, ignore them:

Facebook to charge users: Facebook charging scam

"Now it's official! It has been published in the media. Facebook has just released the entry price: £5.99 to keep the subscription of your status to be set to "private". If you paste this message on your page, it will be offered free (I said paste not share) if not tomorrow, all your posts can become public. Even the messages that have been deleted or the photos not allowed. After all, it does not cost anything for a simple copy and paste."
This particular rumour first appeared on Facebook in 2013, and went viral in September. We're still waiting for Facebook to start charging £5.99. We'll be waiting a long time for it to do so because, apart from anything else, it is not in the business of alienating its users.
There are some other variations on the theme doing the rounds as well, such as this one:
"It's official. Signed at 10:33. It's even passed on TV. Facebook will start charging this summer. If you copy this to your wall your icon will turn blue and your Facebook will be free for you. Please pass this message, if not your icon will be deleted. P.S. this is serious, the icon will turn blue. (Copy and Paste to your wall.)"
Content continues below

Facebook data to be public: Facebook privacy policy scam

"Oh Dear Some PEOPLE COULD BE IN TROUBLE Everything you've ever posted becomes public from tomorrow. Even messages that have been deleted or the photos not allowed. It costs nothing for a simple copy and paste, better safe than sorry. Channel 13 News talked about the change in Facebook's privacy policy. I do not give Facebook or any entities associated with Facebook permission to use my pictures, information, messages or posts, both past and future. With this statement, I give notice to Facebook it is strictly forbidden to disclose, copy, distribute, or take any other action against me based on this profile and/or its contents. The content of this profile is private and confidential information. The violation of privacy can be punished by law (UCC 1-308- 1 1 308-103 and the Rome Statute). NOTE: Facebook is now a public entity. All members must post a note like this. If you prefer, you can copy and paste this version. If you do not publish a statement at least once it will be tactically allowing the use of your photos, as well as the information contained in the profile status updates. DO NOT SHARE. Copy and paste to be on the safe side."
The idea that simply copying and pasting a message would protect you from such a change is frankly ridiculous, never mind the fact Facebook would be in seriously hot water if it decided to open up its users' private data for all to see.
Here's another:
As of January 4th, 2015 at 5pm Central standard time. I do NOT give Facebook, or any entities associated with Facebook, permission to use my pictures, information, or posts, both past and future. By this statement I give notice to Facebook that it is strictly forbidden to disclose, copy, distribute, or take any other action against me based on this profile is private and confidential information. The violation of privacy can be punished by law (UCC 1-308-11 308-103 and Rome statute). NOTE: Facebook is now a public entity. All members must post a note like this. If you prefer, you can copy and paste this version. If you do not publish this statement at least once it will be tactically allowing the use of your photos, as well as information contained in the profile status updates. DO NOT SHARE. You MUST copy and paste to make this your status. I will leave a comment so it will be easier to copy and paste!!!
And another:
"In response to the new Facebook guidelines I hereby declare that my copyright is attached to all of my personal details, illustrations, comics, paintings, professional photos and videos, etc (as a result of the Berner Convention). For commercial use of the above my written consent is needed at all times."
And another:
"The content of this profile is private and confidential information. The violation of privacy can be punished by law (UCC 1-308- 1 1 308-103 and the Rome Statute). NOTE: Facebook is now a public entity. All members must post a note like this. If you prefer, you can copy and paste this version. If you do not publish a statement at least once it will be tactically allowing the use of your photos, as well as the information contained in the profile status updates. DO NOT SHARE. Copy and paste."
All of them - all of them - complete rubbish. If you wish to protect yourself on Facebook, simply follow our advice at the top of this article.

How to avoid Facebook Messenger scam

A new scam doing the rounds works slightly differently to previous scams, spreading itself via direct messages from hijacked accounts rather than the News Feed. Once an account is hijacked, the scammer will send a message to everyone in their Friends list with a link to what appears to be an image saved in .svg format. They are then taken to a site that looks like but is not YouTube, and instructed to download a browser add-on in order to watch a video. This browser add-on is in fact malware, and can steal sensitive information such as account details, passwords and even banking information. It will also spread itself further to all the friends on your own list.
Should you see such a message on Facebook Messenger, don't click on the link without confirmation from your friend that they intended to send it to you. If it wasn't them, inform them that their account has been compromised and that they must change their password in Settings, General, Password. While they're at it they should also check the Recognised Devices and 'Where you're logged in' options in Settings, Security, removing anything they don't recognise here. Using a mobile antivirus may also help you to avoid downloading malicious software.