Social media account takeovers are on the rise. For many victims, having their account hacked is just the start of a series of problems that can extend to their friends and followers. Here’s how to spot the danger signs and keep your accounts locked down.
It was not the way Gayle had wanted to start her morning. As she went through her pre-work routine—walk the dog, get coffee, check her favorite social media sites—something made her pause. There in her social feed was a photo and message from her account she had no recollection of posting. Checking her messages in the app, she found two from concerned friends telling her they’d received DMs from her that looked like phishing scams. Next, she discovered she was locked out of her account.
Gayle knew enough to recognize the tell-tale signs her social account had been hijacked. Fortunately, she caught it early and was able to take the steps needed to regain control of her account before lasting damage could be done. Many others are not so fortunate. All too often, discovering your social account has been hacked is just the start of a series of headaches—and not just for you, but for your friends and followers, too.
Social media account takeovers are rising faster than other kinds of attacks by identity criminals. In 2022, the Identity Theft Resource Center (ITRC) received four times more inquiries about social media account takeovers than in 2021, and 40 times more than in 2020. In many cases, victims were permanently locked out of their accounts, with criminals continuing to post as the account owner and contacting people in the victims’ friend lists.
A treasure trove of sensitive data
Why are social accounts such an attractive target? Because they’re a treasure trove of personally identifiable information (PII) such as a user’s real name, email address, birth date, relationship status, physical address, and more. Add to that private messages, photos and videos, and feed posts.
It’s the kind of data thieves can use to steal a person’s identity or turn into cash (hacked social media accounts go for around $25 to $60 apiece on the dark web, according to the Dark Web Price Index 2023). More sinisterly, bad actors can also use this information to spy on an account owner, perhaps posting offensive or embarrassing content on their behalf, or using it to blackmail or gather intelligence about an individual or organization. Unfortunately, a hacked social media account may also expose children to risks, such as cyberbullying, dangerous TikTok challenges, and inappropriate content.
How social media takeovers work
Hackers typically use social engineering techniques to win the trust of account holders. A common scheme is to pose as a “friend” and lure the victim in with an email or private message saying they need help getting back into their own social media account. The message includes a malicious link which, when clicked on, locks the victim out of their account and gives access to the hacker.
In addition to keeping your own account secure (by using strong passwords and multi-factor authentication, for example), it’s vital to learn to recognize the red flags that signal a hacked account. These can include spam messages or comments on your posts, or strange messages or friend requests from people you don’t know. Beware also of odd activity coming from your online friends.
Messages like “Hey, could you do me a favor?” with a request to buy a gift card should trigger alarm bells, as should a message like “Help, my kid is sick and I’m overseas” with a request to transfer money. Other times, scammers might try to use your account to sell fake goods online or to plant ads to fake websites.
Other common social media schemes include requests for cash, friend requests from existing friends (these invariably come from a hacked account), and clickbait that takes you to a fake login page in a ploy to capture your credentials, to name a few.
How to regain control of your account
If you’re sure your account has been hacked, taking swift action is key. Here are a few actions you should consider taking:
- Alert your friends and followers that your account has been hacked.
- Reset your password, especially if the hacker has changed it. Use a strong, unique password you haven’t used before.
- Enable multi-factor authentication to add an extra layer of security.
- Report the takeover to the social media platform.
- Review your account for changes the hacker may have made to your settings, profile picture, personal information, friend list, apps, and more, and change them back to your liking.
Sound like a lot of work? You’re not done yet. If a hacker managed to take over one of your social media accounts, there’s a good chance they also have access to some of your other accounts around the web. So it’s a good idea to change your passwords for other online accounts, especially if you use the same password for multiple websites. And stay alert for any signs of identity theft.
To help keep your social media accounts safe from the broad spectrum of risks and massive inconvenience of a takeover, you can also take advantage of Social Media Monitoring—a LifeLock feature that monitors your accounts on the most popular social media sites and notifies you of suspicious activity, such as changes to your account settings and risky links. It can also monitor your children’s accounts and notify you of potential cyberbullying, dangerous TikTok challenges, explicit content, or hate speech.