In this article:
You might have experienced it yourself or seen a friend post that someone hacked their social media account. The Identity Theft Resource Center's 2022 Consumer Impact Report found that social media account takeovers increased by over 1,000% in 12 months. But you can help protect yourself from social media scams with a few simple security measures, including verifying external links, using multifactor authentication and securing your passwords.
What Scammers Can Do After Accessing Your Account
The goal of some hacks and account takeover scams is obvious. Someone might want to take over your credit card or bank accounts to spend or steal your money. Or they go after your loyalty programs and ecommerce accounts to get at the points and store credit you've saved up.
While a social media account might not lead to direct payout in the same way, it can be valuable. Scammers can turn their access into profit by:
- Blackmailing you: Depending on the platform, they might look through your saved messages and information and look for anything embarrassing. They might try to blackmail you into giving them money or illicit photos, or posting a video endorsing their scam.
- Looking for your personal information: Your profile might contain a wealth of information, including your birthday, what school you went to and other details that they can then use to impersonate you or break into your other accounts.
- Targeting your connections: The scammer might use your account to contact your friends, family and connections and trick them into sharing their personal information. Or, they might send direct messages with phishing links or attachments that will infect the recipient's device with malware.
- Spreading a scam: Scammers will use a hacked account to post about a great investment opportunity that "you" used to make money. Your connections might be intrigued and send money to the scammer or click on a malicious link.
- Embarrassing you: In a targeted attack, they might post embarrassing messages or photos they find in your account.
- Selling your account: Hacked Twitter, Instagram and Facebook accounts can fetch a pretty penny on the dark web.
- Selling likes or follows: People can also buy likes, follows, retweets, streaming plays and other social media interactions on the dark web. Some go for less than $5 per 1,000 followers or likes, and the seller might use bots and stolen accounts to fulfill these sales.
How to Keep Your Social Media Accounts Secure
You can implement a few technical practices and tools to keep your accounts safe. But learning how to spot a scammer and phishing attack, and keeping your guard up, also goes a long way in protecting your accounts. Here are a few important things to remember:
- Be careful when clicking on a link. Someone might take over one of your connection's accounts and try to trick you into clicking. It could start with an innocent-sounding question, like "what do you think?" that entices you to click and doesn't give you enough context to suspect anything. The link might send you to a page that infects your device. Or, it might look exactly like a legitimate website (such as the platform's login page), but it's not.
- Enable multifactor authentication. Setting up multifactor authentication (MFA) adds an extra security layer to your account. Depending on the settings you choose, you may need to enter a code sent to your phone, use a physical security key or an authentication app, in addition to your username and password, to get into your account if you're logging in from an unknown device. The small extra step can keep scammers out of your account, even if they have your login info.
- Avoid logging in on a public Wi-Fi network. Someone might be able to snoop on the information you send over a public Wi-Fi network. Nothing is foolproof, but using a virtual private network (VPN), avoiding logging in until you're on a private network or using your phone's network are safer options.
- Don't share your personal information. A "friend" or fake account might try to trick you into sharing your personal information. Be especially cautious of messages related to making money, starting a romantic relationship or helping the person with their account because these are common starting points that scammers use to build trust.
- Never tell someone your password or authentication codes. Don't do it, even if your best friend is asking you to share a code that's sent to your phone. If their account is compromised, the scammer is probably trying to get into one of your accounts and asking you to share the MFA code that will give them access.
- Create unique passwords for each account. Using the same password across accounts is dangerous because a data breach at a different company could give scammers your login information. It's best to avoid duplicates or easily recognizable patterns. Using a password manager can make this a lot easier.
You can use the steps above to keep many of your online accounts safe, not just your social media accounts. There are also a few steps you can take to protect your identity from thieves, such as making sure you never share personal information with someone who calls you unexpectedly. Monitoring your credit and getting identity theft protection can also help you quickly respond if someone uses your identity to open a new account.
What to Do if Your Account Gets Hacked
If you suspect someone has broken into your social media account, change the password right away, report the compromise and go into your settings to log other devices out of your account. You can also run an antivirus scan on your device to make sure the attacker didn't use a keylogger (a type of malware that records what you type) to get your login info.
Sometimes the scammer might lock you out of the account by changing your password, and you'll need to contact the support team to regain control. The Identity Theft Resource Center has a collection of links to the security and recovery pages on popular social media sites.
See if Your Information Is Compromised
Even if you follow all the best practices, there's a good chance that some of your information has already been compromised in a data breach. You can use Experian's free dark web scan to see what scammers might be able to find and buy on the dark web, and make sure you're not using the same login information for your social media (or other) accounts.