+38 (044) 338 83 44 [email protected]
What to do if your social media account is hacked

What to do if your social media account is hacked

What is the danger of hacking an account in social networks? Much depends on the data that it contains, but in many cases you risk reputation, loss of funds on linked cards, relationships with friends and, in fact, the loss of your profile on the network. 

According to statistics, 29% of users lose their accounts after being hacked on social networks. Of course, if the account was created solely for entertainment, it was new, then maybe it’s not a pity. But if you have been developing it for several years, you have many friends in your database, you are a well-known blogger, or you planned to use social networks for business, then you should fight for your image, your profile on the Internet.  

Moreover, even one compromised account, password or phone number can give a scammer access to your other accounts.

    How to know if your account has been compromised

    If your account has been hacked, it is not guaranteed that you will find it quickly. Much depends on the goals of the scammer. It happens that it does not disconnect you from the server immediately after logging into your account, does not change passwords, but simply continues to be in your account, collecting data and periodically sending malware to your friends.

    However, there is an opportunity to detect unwanted presence.

    • Go through the correspondence, make sure that they do not contain suspicious messages like sending information from you or complaints from friends.
    • Check your mail, if you have notifications configured, then for sure you will receive messages from the security system about suspicious actions in your accounts: login (attempt to log in) from someone else’s IP or device.
    • View the status of your account. It may be penalized for spam or other violations.
    • Check your wallets, bank accounts for suspicious transactions or invoices issued for orders that you did not make.
    • Check your account settings to see what devices and apps are connected to your account. Look for this information in the section responsible for security. For example, on Facebook, you can see this in the “Security and Authorization” → “Active Sessions” section. You should be alerted in the list of both devices through which you did not enter, and “Unknown device types”.

    Users lose their accounts after hacking

    Accounts are repeatedly hacked by hackers

    How to remove a scammer from your account and what to do next

    1. Remove all unknown devices from your accounts. Sign out of all sessions on other devices. If this option is not available in the settings, write to the service support.
    2. Change your password immediately. Make it as difficult as possible. Let it contain letters in different cases, special characters and numbers.
    3. Set up two-factor authentication where possible. The most secure option is to set up using OTP passwords or security keys. Only today such opportunities are not available in all services. But on Facebook, Google and Twitter — the most popular sites — there is.
    4. Turn on security alerts if they were turned off.
    5. Check social media links to other apps. To the maximum, unsubscribe from all suspicious communities. Try, if possible, not to register using social networks on little-known or unverified sites. There are situations when a platform with a multi-million audience has vulnerabilities. By hacking it, the scammer can gain access to your social networks.
    6. Delete suspicious files on the computer, including from the bootloader.
    7. Turn on your antivirus. Check for updates to your antivirus program.
    8. Check other accounts — of mail services, stores that are linked to social networks. They, too, can be compromised.

    If your payment information was stolen during an account hack, block your bank cards as soon as possible.

    How to recover lost access to accounts

    The situation when you cannot log into your account due to the fact that the system does not recognize your username and password is unpleasant. In this case, you will have to fight for the profile.

    We recommend the following steps for recovery:

    1. Before restoring access, check the system for viruses. Delete suspicious files.
    2. You may be lucky and just be able to restore access through the “forgot password” function. This is possible if the scammer has not cleared additional recovery contacts in your account: mail or phone. And, of course, if you specified them. 
    3. If the password reset did not lead to anything — you did not receive the appropriate notifications from the service within an hour, did not find the letter in the Spam folder, then you will have to contact support. Restoring your account this way can take a while, as support needs to make sure you’re the real owner of the account. You may be asked for information about the first mailbox, the first transaction, a secret word, or some other private information from your profile. If you manage to remember it, then there should be no problems with recovery.

    How to secure your account in the future

    It is noteworthy that in almost 40% of cases, hackers “visit” hacked accounts again. Therefore, if you managed to remove the attacker or restore access, do not relax.

    First, let’s figure out how a scammer could get access to your data.

    • Password. In the first place of all hacks is the brute-force attack method, that is, password guessing. Think about how complex your password is, whether it contains a phrase from your status or the name of your loved one. Another common user error is using the same password on different services. Then the scammer, having learned one password, will get to the rest of your accounts.
    • Registration using social networks. We understand that there is no time, or you don’t want to come up with passwords during a new registration, so there is a desire to go through the procedure by pressing one button. But this, unfortunately, is not always safe. Try not to register in this way on sites where there is no way to set up two-factor authentication — they are easier to hack. Of course, the scammer will not have direct access from a third-party service, but the application will have access to your contacts, name, and profile link. Further, knowing which service you use, the hacker can send you a phishing site where you compromise the rest of the information: passwords.
    • Phishing. Often scammers use phishing sites to steal passwords. At the same time, they can send any messages, even about supposedly hacked accounts, saying that you need to enter a password to restore them. But in no case should you follow the links in such messages, and even more so enter data, otherwise you will compromise them.
    • Malicious programs. With the help of spyware or keyloggers that transmit information about what keys you press on the keyboard, scammers easily steal your passwords. And the distribution of malware can be carried out through infected links and files. 
    • There is no additional protection. As a rule, if an account has two-factor authentication, it will be more difficult for a fraudster to hack it. And if you use security keys, it’s next to impossible.

    In total, our defense will be based on the following steps:

    • Complex passwords. Security experts recommend creating 16-20-character passwords for accounts using complex characters, numbers, and letters in different cases. They must be changed at least once every three months, since technical means are constantly being improved, and it is possible that even complex passwords will be cracked by scammers in just a few weeks. If remembering passwords is difficult, use password managers or security keys.
    • Two-factor authentication. Given the weak strength of passwords, it is imperative to activate two-factor authentication in your accounts. This can be entering a secret phrase, a one-time password from mail, SMS, or an application, confirmation through a notification on your phone, or connecting a security key.
    • Caution in correspondence. Do not trust provocative messages. Fraudsters often use people’s weaknesses to provoke them into doing what they want.
    • Website check before registration. It is better to first register on the service, check what opportunities it has to protect your account, and only then link it.
    • Antivirus protection. Even if you accidentally download unwanted files, reliable antivirus protection can save you. The main thing is to monitor the timely updating of antivirus programs.

    Additional benefits of security keys

    • Burglary protection. A security key is essentially a physical device, without which it is impossible to open access. Even if the password is stolen, the scammer will be stuck on the second step. 
    •  

    • Phishing protection. Security keys (hardware devices) work on the basis of cryptography, which means that they can generate two types of keys (data arrays) — public and private (the latter can only be read by a program, but not by a person). During authentication, the key (hardware device) responds to the server’s request by sending it the previously registered private key (data array). If the site is not real, the key (hardware device) will not receive a corresponding request.
    •  

    • Ease of use. Security keys are supported by popular password managers. And in order to open an account with a key, a simple touch with a fingertip to the key scanner is enough, instead of waiting for a one-time password and typing it later for confirmation.
    • Can be used instead of passwords. FIDO2-certified security keys can be used not only for two-factor authentication, but also as a substitute for passwords. At least that’s what we offer our customers.

    These are not all the advantages of security keys, we can talk about them for a long time, so next time we will prepare a detailed review. The purpose of this article was to give you useful information on protecting your profiles. But if you want to learn more about the keys right now or purchase them, write to our managers!

    White hat methods of protecting a company’s reputation against competitors’ black marketing approaches

    Reputation is not only the recognition of the company, it is an important issue affecting its development as a whole. The competition is very high now, and if you are not recognized, they will not buy goods or services. This is due to the fact that buyers prefer to...

    What to do if your social media account is hacked

    What is the danger of hacking an account in social networks? Much depends on the data that it contains, but in many cases you risk reputation, loss of funds on linked cards, relationships with friends and, in fact, the loss of your profile on the network.  According...

    Online security – why is it important

    The Internet is not the most secure channel for transmitting information because it can be intercepted. Even social media accounts can be of interest to attackers. Your list of friends, subscriptions to bloggers and media, correspondence containing secret information,...

    How to ensure information security at the enterprise if your employees work remotely

    Over the past two years, the remote work format has ceased to be news. And at the current time, it has become a real salvation for many companies where employees have the technical ability to perform tasks at home. This is especially true for IT areas: web, design,...

    Online security – why is it important

    Online security – why is it important

    The Internet is not the most secure channel for transmitting information because it can be intercepted. Even social media accounts can be of interest to attackers. Your list of friends, subscriptions to bloggers and media, correspondence containing secret information, electronic wallets, bank accounts – all this can be at risk.

     

    Next, we talk about methods of intercepting information and how to protect yourself. You can also get advice from our managers.

    Contact manager

    Among the most well-known methods of intercepting information:

    • Malicious programs.
    • Phishing.
    • Application vulnerabilities.

    The data for the last two years show that the majority of users do not take information security seriously.

    %

    Faced with a burglary

    %

    Still not using 2FA

    %

    The same passwords

    %

    Sharing passwords with colleagues

    Types of malware

    • Computer viruses are programs that can copy themselves and can extract, delete, replace or distort the original data.
    • A botnet is a network of computers infected with bots that execute certain commands: sending spam, guessing passwords, DoS attacks.
    • Cryptojacking or hidden mining.
    • Network worms are malicious programs that slow down device performance, delete files, and disable certain programs.
    • Rogue antiviruses are computer programs that pretend to be an antivirus by downloading malware or downloading data from a computer.
    • Spyware is a program that monitors user activity and can connect remote control of a computer.
    • Trojans are malicious programs that appear on computers under the guise of legitimate software.

    Protection. To protect yourself from malware, use licensed antiviruses. Also be sure to enable additional protection in your accounts: two-step or two-factor authentication. Use USB keys.

    What is phishing

    Phishing is a type of social engineering, a type of Internet fraud. It is aimed at obtaining data for authorization, most often in payment services and banking. This is done with the help of fake sites, pages on which users are prompted to enter data.

    Protection. Such sites are most often distributed through mailing lists from supposedly official companies. Be sure to check the site address by clicking on links through third-party services. Use hardware security keys: they will not work on phishing sites and you will understand that the site is fake.

    What are application vulnerabilities

    Unfortunately, not all applications are made with high quality, and vulnerabilities can lead to serious consequences, up to loss of control over the device. An up-to-date list of vulnerabilities is available on the OWASP website – a tool for developers. We list only a few for the understanding of ordinary users.

    • Access Control Violation Insufficient restriction of rights for registrant users. This results in unauthorized disclosure of information or deletion of data.
    • Insecure data storage storing data on a local server, and not on a secure one. As a result, unauthorized persons can access it.
    • Insecure communication the use of insecure protocols in instant messengers, chats. In this case, messages may be intercepted.
    • Incorrect security settings unlimited number of login attempts. This is fraught with hacking accounts by guessing passwords.
    • Lack of additional protection there is no possibility of connecting two-factor authentication. This threatens to hack accounts.

    Protection. At least before downloading applications, check how long ago they were updated, how many users were convinced of the quality, wrote reviews. Check what data the application is requesting and whether this request is justified. Stay tuned for updates to be delivered on time. Change your passwords periodically, or better yet, encrypt them using hardware security keys.

    What to do if your social media account is hacked

    What is the danger of hacking an account in social networks? Much depends on the data that it contains, but in many cases you risk reputation, loss of funds on linked cards, relationships with friends and, in fact, the loss of your profile on the network.  According...

    White hat methods of protecting a company’s reputation against competitors’ black marketing approaches

    Reputation is not only the recognition of the company, it is an important issue affecting its development as a whole. The competition is very high now, and if you are not recognized, they will not buy goods or services. This is due to the fact that buyers prefer to...

    How to ensure information security at the enterprise if your employees work remotely

    Over the past two years, the remote work format has ceased to be news. And at the current time, it has become a real salvation for many companies where employees have the technical ability to perform tasks at home. This is especially true for IT areas: web, design,...

    Online security – why is it important

    The Internet is not the most secure channel for transmitting information because it can be intercepted. Even social media accounts can be of interest to attackers. Your list of friends, subscriptions to bloggers and media, correspondence containing secret information,...