Via email, you may receive a legitimate looking email saying that your account has been compromised and have a link within the body of the email to log in. DON'T USE THE LINK!! Instead, go directly to Facebook and attempt to log in as usual. IF your account is truly compromised, you will receive a message from Facebook on attempted login.
To comment on someone's trade note, just navigate to their notes section and find it yourself. If they have multiple notes, ask which one to leave a comment on.
Also, stay away from trading within Facebook's chat or email. Scammers and hackers prefer to "trade" this way because it keeps them from prying eyes... like ours at KTM!
The next way any hacker can get your password is by brute force. These are simple hacking tools that use number/letter combination and try again and again until your password is found. They might need 2 things for this to work. 1) your user name (email account) and 2) possibly your date of birth. These are easily found within your info page within your profile. FIRST... hide these from prying eyes.
Go to Account>Account Settings>Privacy Settings and change your birthday settings to "Only Me".
Then go back to Privacy>Contact Information and set your email to "Only Me".
By doing this, you have just removed the most easily accessible 2/3 of the information any hacker needs.
The final step is your password. This is the single-most important piece of the equation... and you should follow this advice in ALL your important web sites you visit, especially banking, PayPal, eBay, Credit Cards and other critical sites.
MOST brute force hacking tools can only do number/letter combinations up to 8 digits... some can do more. The key here is the combinations of what they can do. I HIGHLY recommend the use of special characters in your password such as _ - + = / \ | * & ^ % $ # @ ! ~ etc. Brute force hackers CAN'T do these symbols! Also, make your password more than 8 characters. Use number/letter/special character combinations with the use of capital letters thrown in.
If you want to make sure you don't forget what it is, use common words, like your own name, but substitute numbers for letters that look similar.
e.g. my name is David Reedy. I can do a password using my name as an example like "Mah1_G33ri" or variations. Notice the underscore? The likelihood of this password being hacked by brute force is slim to none!
The variants make it so that if a brute force hacking tool was used, and it was able to try a new combination every second, it would take at least 12-billion seconds to crack it. How long is 12-billion seconds?? Almost 380 years!!! Long enough for me to not care less if and when they finally hack it!
I hope that this has given you some ideas to better safeguard your personal accounts. And remember, if YOU get hacked, you are going to lose more than your loot and lotto, you're going to potentially lose your well established name and reputation. And others who have come to trust your name and reputation will suffer also when they in turn get scammed by the hacker.
Make sure your personal identity; your email, birth date and password follow the rule of The Lord of the Rings... "Keep it secret. Keep it safe"!