Facebook. Chances are you either hate it or grudgingly feed your daily addiction to friends’ updates, photos and posts. But while users continue to build out their online lives, the risk of having all that personal information out there in cyberspace continues to grow. Sure, many Facebook hackers do little more than post spammy links, but when hackers gain access to your account, it can also provide them with enough personal information to steal your identity. So how do these cybercriminals get a hold of your password? Check out some of the key strategies and find out what you can do to protect yourself. (Scams are common on Facebook, too. Find out how to spot one in 7 Signs of a Facebook Scam.)

Phishing Links

It’s human nature to be compelled to click provocative links. Don’t feel bad - attention-grabbing headlines have been around as long as news has been a commodity. But whatever you do, don’t click them on Facebook. These over-the-top updates - often about celebrities - are often produced by hackers looking to steal your Facebook password. It usually works like this: Users click the phishing link and are then prompted to log in to a site that looks like Facebook, but isn’t. Instead, this duplicate site sends usernames and passwords straight to a hacker’s email account.

Reduce Your Risk:
Links that are so juicy you can hardly resist them are probably too good to be true - don’t click! If you really need to know, check it out on Google. Chances are your search will reveal that the link’s headline is fake - and its contents are a scam.

Fake Account Phishing

You may not remember everyone from your freshman poli-sci class. Don’t beat yourself up about it - and don’t let a desire to be polite compel you to add people you don’t know to Facebook. Anyone can set up a Facebook profile, and scammers have been known to set up accounts designed to look like they belong to Facebook personnel in an attempt to convince users to provide login info for "security reasons." Even scarier, is a new type of malware known as a "socialbot." This automated program builds up a profile and spams out friend requests in order to gain access to user accounts. And once a fake friend gains access to your profile, you're at risk of being hacked.

Reduce Your Risk:
Yes, maybe that guy you think you recognize really was sitting one row back - or maybe the account is fake. If you must add acquaintances to Facebook, check out their profiles first. If you don’t have much in common, such as friends, schools and jobs, chances are you’ve never met. And never give your login credentials to anyone. The real Facebook will never ask.

Mobile Phone Hacking

According to Facebook’s February 2012 IPO statement, the company had more than 425 million active mobile users per month in 2011, a number that continues to grow around the world. The problem is if hackers can gain access to your cellphone - whether by using mobile spying software, or just by picking it up where you left it - they can probably hack in to your Facebook account too.

Reduce Your Risk:
Block hacking action by skipping downloads from untrusted sources, sticking to secure Wi-Fi connections, turning off Bluetooth or Wi-Fi when you’re not using it, and keeping your cellphone under password protection at all times.

Facebook Apps

The days of daily Facebook app invitations are (thankfully) gone. Even so, Symantec reported that in 2011, 20 million Facebook apps were still being installed each and every day. The risk of password theft here stems from the fact that most Facebook third-party applications access users' personal information. Although they ask permission for this, providing access to your account is tricky business, especially if that access is not secure - or the app was designed to do more than just allow the user to access a service or play a game. Most often, your information goes to advertisers, but there’s also a possibility it could land in a hacker’s hands and provide them with enough access to gain control of your account.

Reduce Your Risk:
Avoid downloading apps, especially from companies or organizations you've never heard of. You can also delete the ones you have by visiting the Account Settings area in your Facebook account.

Facebook Like and Share Buttons

Just about every site out there has Facebook "Like" and "Share" buttons, which automatically post content to your Facebook feed when you click them. These buttons are a great way for sites to promote content and for users to share it, but they aren’t risk-free. Hackers can camouflage a false Facebook login page by making a button that looks like the real deal. Enter your credentials, and you’ll be sending them straight to a cyber-criminal.

Reduce Your Risk:
You can protect yourself by signing into Facebook in a new tab, then opening a second tab for surfing. When you click the "Like" button, the site should automatically recognize that you’re authorized on Facebook and post the content. If it still prompts you for a password, you should be suspicious.

Worms

In January 2012, the Ramnit worm re-emerged on Facebook and scored a payload of 45,000 Facebook login credentials. This piece of malware was originally spread through network security gaps and infected USB drives. In 2012, an updated version made the leap to Facebook, where it is believed to have spread via stolen Facebook login credentials.

Reduce Your Risk:
How can you protect yourself? Avoid clicking on links and attachments, even from friends. And, because Ramnit may also have gained access to users’ Gmail and other accounts, avoid using the same credentials for different online services.

Third-Party Sign Ins

Websites of all kinds are increasingly encouraging users to login through Facebook. It saves you the trouble of having to set up a new account. With all the logins required these days, that convenience is a godsend, but it also has some potential for risk. In March 2012, researchers reported that single sign-on services (SSO) weren’t always properly integrated into the websites that used them. SSOs relay a visitor’s login information to Facebook. If the user credentials are valid, Facebook sends a certified token. Then, the third-party website gives the user access to the requested account. However, because these credentials are sent to the user’s browser first, an attacker can obtain a token that grants access to the user’s account without having to supply the username and password that are usually required.

Reduce Your Risk:
Although Facebook reported that the bug had been fixed, using a new login and password for new accounts keeps your login info locked down, so it’s always a safer move.

Facebook Friends ... and Enemies

Worried about hackers getting into your Facebook? Whether you’re worried about private information or just panicking at the prospect of being locked out of your account, there are a few things you can do to protect yourself. Above all else, be aware. On Facebook, not everything is as it seems. No matter how many friends you have, enemies may be lurking there as well.