Internet Security

Share Article
05 January, 2024
|
3 min read

Your social media account has been hijacked. Now what?

BC

Brenna Cleary

Principal social media marketing manager; security and privacy advocate

+ More
Woman on tablet looking at her social accounts.

Social media account takeovers are on the rise. For many victims, having their account hacked is just the start of a series of problems that can extend to their friends and followers. Here’s how to spot the danger signs and keep your accounts locked down.

It was not the way Gayle had wanted to start her morning. As she went through her pre-work routine—walk the dog, get coffee, check her favorite social media sites—something made her pause. There in her social feed was a photo and message from her account she had no recollection of posting. Checking her messages in the app, she found two from concerned friends telling her they’d received DMs from her that looked like phishing scams. Next, she discovered she was locked out of her account.

Gayle knew enough to recognize the tell-tale signs her social account had been hijacked. Fortunately, she caught it early and was able to take the steps needed to regain control of her account before lasting damage could be done. Many others are not so fortunate. All too often, discovering your social account has been hacked is just the start of a series of headaches—and not just for you, but for your friends and followers, too.

Social media account takeovers are rising faster than other kinds of attacks by identity criminals. In 2022, the Identity Theft Resource Center (ITRC) received four times more inquiries about social media account takeovers than in 2021, and 40 times more than in 2020. In many cases, victims were permanently locked out of their accounts, with criminals continuing to post as the account owner and contacting people in the victims’ friend lists.

A treasure trove of sensitive data

Why are social accounts such an attractive target? Because they’re a treasure trove of personally identifiable information (PII) such as a user’s real name, email address, birth date, relationship status, physical address, and more. Add to that private messages, photos and videos, and feed posts.

It’s the kind of data thieves can use to steal a person’s identity or turn into cash (hacked social media accounts go for around $25 to $60 apiece on the dark web, according to the Dark Web Price Index 2023). More sinisterly, bad actors can also use this information to spy on an account owner, perhaps posting offensive or embarrassing content on their behalf, or using it to blackmail or gather intelligence about an individual or organization. Unfortunately, a hacked social media account may also expose children to risks, such as cyberbullying, dangerous TikTok challenges, and inappropriate content.

How social media takeovers work

Hackers typically use social engineering techniques to win the trust of account holders. A common scheme is to pose as a “friend” and lure the victim in with an email or private message saying they need help getting back into their own social media account. The message includes a malicious link which, when clicked on, locks the victim out of their account and gives access to the hacker.

In addition to keeping your own account secure (by using strong passwords and multi-factor authentication, for example), it’s vital to learn to recognize the red flags that signal a hacked account. These can include spam messages or comments on your posts, or strange messages or friend requests from people you don’t know. Beware also of odd activity coming from your online friends.

Messages like “Hey, could you do me a favor?” with a request to buy a gift card should trigger alarm bells, as should a message like “Help, my kid is sick and I’m overseas” with a request to transfer money. Other times, scammers might try to use your account to sell fake goods online or to plant ads to fake websites.

Other common social media schemes include requests for cash, friend requests from existing friends (these invariably come from a hacked account), and clickbait that takes you to a fake login page in a ploy to capture your credentials, to name a few.

How to regain control of your account

If you’re sure your account has been hacked, taking swift action is key. Here are a few actions you should consider taking:

  • Alert your friends and followers that your account has been hacked.
  • Reset your password, especially if the hacker has changed it. Use a strong, unique password you haven’t used before.
  • Enable multi-factor authentication to add an extra layer of security.
  • Report the takeover to the social media platform.
  • Review your account for changes the hacker may have made to your settings, profile picture, personal information, friend list, apps, and more, and change them back to your liking.

Sound like a lot of work? You’re not done yet. If a hacker managed to take over one of your social media accounts, there’s a good chance they also have access to some of your other accounts around the web. So it’s a good idea to change your passwords for other online accounts, especially if you use the same password for multiple websites. And stay alert for any signs of identity theft.

To help keep your social media accounts safe from the broad spectrum of risks and massive inconvenience of a takeover, you can also take advantage of Social Media Monitoring—a LifeLock feature that monitors your accounts on the most popular social media sites and notifies you of suspicious activity, such as changes to your account settings and risky links. It can also monitor your children’s accounts and notify you of potential cyberbullying, dangerous TikTok challenges, explicit content, or hate speech. 

Editorial note: Our articles provide educational information for you. NortonLifeLock offerings may not cover or protect against every type of crime, fraud, or threat we write about. Our goal is to increase awareness about cyber safety. Please review complete Terms during enrollment or setup. Remember that no one can prevent all identity theft or cybercrime, and that LifeLock does not monitor all transactions at all businesses.

Encryption What You Need to Know
Encryption helps keep you safe while doing things like browsing the Web, shopping online, and reading email on your computer or mobile device. Here's how.
Read More
Is a Password Manager Right for You?
A password manager is a good choice for many folks to manage their online accounts. But how do you know if one's right for you?
Read More
15 Tips for Safer Online Shopping
Scammers can suck the joy out of holiday online shopping. Check out our safety tips so you can help avoid becoming their latest victim.
Read More
13 Census Scams to Watch Out For in 2020 and How to Avoid Them
Scammers are taking advantage of the 2020 U.S. census to steal personal information. Here’s what you need to know.
Read More

Start your protection,
enroll in minutes.

Get discounts, info, protection tips, and more

Sign up for promotional emails