Improving your Facebook security
Here are a few tips to improve your Facebook security. These will not only help your security but everyone one else on FB as well.
Restrict viewing of your friends list
You'll greatly reduce the number of FB security issues by not allowing everyone to see the names of all your FB friends. If you're using a desktop computer and web browser to access Facebook, you do this by going to your Privacy Settings and Tools page. Look for the How People Find and Contact You section and Who can see your friends list? item. Set this to Only me.
Now, when someone views your timeline, they will only see the list of friends that you both have in common.
If you're using a smartphone or tablet, you'll have to dig through the privacy menus. You're looking for something that resembles this:
Only friend people who are secure
If you have a FB friend who allows anyone to see their friends list, they're putting you at risk since your name is on their list of friends. You may want to encourage and require people to restrict the viewing of their friends list before you accept their friend request.
Be a black hole
If someone sends you a message or email telling you that you've been hacked and that you should send a message to all of your friends, do nothing - absolutely nothing. The message may not be legitimate. It may be coming from a bad guy who will in some way use your action against you. Even if it is coming from a real friend, you're not helping by contributing to the melee that some bad guy may have engineered.
It's unlikely that your Facebook account has really been "hacked".
If you get a friend request from someone who is already your friend, do nothing. Chances are good this is a bad guy who has created an account with the same name as your existing friend. It might be someone who happens to have the same name of your friend and you'll want to be friends with but probably not. Be careful.
Facebook and other social media systems are not the place for your private information that can be used against you in an identity theft attack. Unfortunately, this means no birthdays, home addresses, phone numbers, credit card numbers, etc. You should also consider not placing your photo on your Facebook pages.