First and foremost, you must make sure your computer is protected so that no viruses or spyware get a foothold there and hereby gain control over your files, your online accounts, and more. It is extremely difficult to really get rid of the problem once your computer has been infected, but much easier to not get infected at all if you're vigilant and follow some simple guidelines.
To protect yourself against eavesdropping by unauthorized persons, you should enable HTTPS on your Facebook account if it is not already on.
Lightweight passwords are a major security issue that can be cracked by any hacker in next to no time, which will then give them access to your account. Just with a little patience and a little information about you as a person, anyone can break into your account if you have a simple password. You should always opt for a password that has capital letters, numbers and special symbols, for example using a random password such as "FastbUck@5502" is a very secure, while using your name and date of birth would not be.
This step is perhaps a bit extreme and not many users use it, but can be very effective to maintain control over your Facebook Account.
It involves registering your mobile phone number with Facebook and every time you (or anyone else) wants to log into your account from a new/unknown computer or browser, Facebook will send a pin code via SMS to your mobile, which is needed in addition to your regular login details to access the account. This is a very good and effective way to protect your account.
A phishing attacks is to get you to voluntarily give out your username, password or credit card details, etc., or to install a virus in the belief that you are installing a utility or even protection for your computer!
Most often, phishing attacks come from emails, where you are requested to immediately log into any account (bank, facebook, email) for any reason. With in the email contains a link that takes you to a page that is an exact copy of the real side, but it's completely fake and controlled by hackers. Therefore, you should never click any links that take to Facebook (or other login sites), but instead always type in the address yourself in your browser, or save it to your favourites and access it from there.
The second method of phishing is by posting on forums and chat rooms asking you to click on the link to see something funny or exciting. However, you must install 'software' to be able to see the funny video. Once you've installed that so-called software it will be able to register and log all your login details. Today, many viruses infect computers using this method.
The third method is when you land on any website and get a message that you have dozens of infections on your computer and need to install this recommended software to overcome the problem. The software advertised is none other than the virus itself, called a fake antivirus.
Be frugal with applications or games and be 100% sure you want to use/purchase them before you give permission to Facebook. Beware of new/unknown programs.
Never click on 'strange' messages coming from your contacts. When you receive a strange message that is different to what your contact usually types, or when it is about something very topical or exciting, for example: Check this video that teaches you to make £1 million! These usually lead to sites that try to infect your computer and will almost never be from the real person themselve, but have been tricked into sending this message, or is sent automatically by the their infected computer.
Hide your email address in your profile. Some hackers are trying to break into your email account, where they then request for your password to be reset so they can gain access to your Facebook account.