What is the danger of hacking an account in social networks? Much depends on the data that it contains, but in many cases you risk reputation, loss of funds on linked cards, relationships with friends and, in fact, the loss of your profile on the network.
According to statistics, 29% of users lose their accounts after being hacked on social networks. Of course, if the account was created solely for entertainment, it was new, then maybe it’s not a pity. But if you have been developing it for several years, you have many friends in your database, you are a well-known blogger, or you planned to use social networks for business, then you should fight for your image, your profile on the Internet.
Moreover, even one compromised account, password or phone number can give a scammer access to your other accounts.
How to know if your account has been compromised
If your account has been hacked, it is not guaranteed that you will find it quickly. Much depends on the goals of the scammer. It happens that it does not disconnect you from the server immediately after logging into your account, does not change passwords, but simply continues to be in your account, collecting data and periodically sending malware to your friends.
However, there is an opportunity to detect unwanted presence.
- Go through the correspondence, make sure that they do not contain suspicious messages like sending information from you or complaints from friends.
- Check your mail, if you have notifications configured, then for sure you will receive messages from the security system about suspicious actions in your accounts: login (attempt to log in) from someone else’s IP or device.
- View the status of your account. It may be penalized for spam or other violations.
- Check your wallets, bank accounts for suspicious transactions or invoices issued for orders that you did not make.
- Check your account settings to see what devices and apps are connected to your account. Look for this information in the section responsible for security. For example, on Facebook, you can see this in the “Security and Authorization” → “Active Sessions” section. You should be alerted in the list of both devices through which you did not enter, and “Unknown device types”.
Users lose their accounts after hacking
Accounts are repeatedly hacked by hackers
How to remove a scammer from your account and what to do next
- Remove all unknown devices from your accounts. Sign out of all sessions on other devices. If this option is not available in the settings, write to the service support.
- Change your password immediately. Make it as difficult as possible. Let it contain letters in different cases, special characters and numbers.
- Set up two-factor authentication where possible. The most secure option is to set up using OTP passwords or security keys. Only today such opportunities are not available in all services. But on Facebook, Google and Twitter — the most popular sites — there is.
- Turn on security alerts if they were turned off.
- Check social media links to other apps. To the maximum, unsubscribe from all suspicious communities. Try, if possible, not to register using social networks on little-known or unverified sites. There are situations when a platform with a multi-million audience has vulnerabilities. By hacking it, the scammer can gain access to your social networks.
- Delete suspicious files on the computer, including from the bootloader.
- Turn on your antivirus. Check for updates to your antivirus program.
- Check other accounts — of mail services, stores that are linked to social networks. They, too, can be compromised.
If your payment information was stolen during an account hack, block your bank cards as soon as possible.
How to recover lost access to accounts
The situation when you cannot log into your account due to the fact that the system does not recognize your username and password is unpleasant. In this case, you will have to fight for the profile.
We recommend the following steps for recovery:
- Before restoring access, check the system for viruses. Delete suspicious files.
- You may be lucky and just be able to restore access through the “forgot password” function. This is possible if the scammer has not cleared additional recovery contacts in your account: mail or phone. And, of course, if you specified them.
- If the password reset did not lead to anything — you did not receive the appropriate notifications from the service within an hour, did not find the letter in the Spam folder, then you will have to contact support. Restoring your account this way can take a while, as support needs to make sure you’re the real owner of the account. You may be asked for information about the first mailbox, the first transaction, a secret word, or some other private information from your profile. If you manage to remember it, then there should be no problems with recovery.
How to secure your account in the future
It is noteworthy that in almost 40% of cases, hackers “visit” hacked accounts again. Therefore, if you managed to remove the attacker or restore access, do not relax.
First, let’s figure out how a scammer could get access to your data.
- Password. In the first place of all hacks is the brute-force attack method, that is, password guessing. Think about how complex your password is, whether it contains a phrase from your status or the name of your loved one. Another common user error is using the same password on different services. Then the scammer, having learned one password, will get to the rest of your accounts.
- Registration using social networks. We understand that there is no time, or you don’t want to come up with passwords during a new registration, so there is a desire to go through the procedure by pressing one button. But this, unfortunately, is not always safe. Try not to register in this way on sites where there is no way to set up two-factor authentication — they are easier to hack. Of course, the scammer will not have direct access from a third-party service, but the application will have access to your contacts, name, and profile link. Further, knowing which service you use, the hacker can send you a phishing site where you compromise the rest of the information: passwords.
- Phishing. Often scammers use phishing sites to steal passwords. At the same time, they can send any messages, even about supposedly hacked accounts, saying that you need to enter a password to restore them. But in no case should you follow the links in such messages, and even more so enter data, otherwise you will compromise them.
- Malicious programs. With the help of spyware or keyloggers that transmit information about what keys you press on the keyboard, scammers easily steal your passwords. And the distribution of malware can be carried out through infected links and files.
- There is no additional protection. As a rule, if an account has two-factor authentication, it will be more difficult for a fraudster to hack it. And if you use security keys, it’s next to impossible.
In total, our defense will be based on the following steps:
- Complex passwords. Security experts recommend creating 16-20-character passwords for accounts using complex characters, numbers, and letters in different cases. They must be changed at least once every three months, since technical means are constantly being improved, and it is possible that even complex passwords will be cracked by scammers in just a few weeks. If remembering passwords is difficult, use password managers or security keys.
- Two-factor authentication. Given the weak strength of passwords, it is imperative to activate two-factor authentication in your accounts. This can be entering a secret phrase, a one-time password from mail, SMS, or an application, confirmation through a notification on your phone, or connecting a security key.
- Caution in correspondence. Do not trust provocative messages. Fraudsters often use people’s weaknesses to provoke them into doing what they want.
- Website check before registration. It is better to first register on the service, check what opportunities it has to protect your account, and only then link it.
- Antivirus protection. Even if you accidentally download unwanted files, reliable antivirus protection can save you. The main thing is to monitor the timely updating of antivirus programs.
Additional benefits of security keys
- Burglary protection. A security key is essentially a physical device, without which it is impossible to open access. Even if the password is stolen, the scammer will be stuck on the second step.
- Phishing protection. Security keys (hardware devices) work on the basis of cryptography, which means that they can generate two types of keys (data arrays) — public and private (the latter can only be read by a program, but not by a person). During authentication, the key (hardware device) responds to the server’s request by sending it the previously registered private key (data array). If the site is not real, the key (hardware device) will not receive a corresponding request.
- Ease of use. Security keys are supported by popular password managers. And in order to open an account with a key, a simple touch with a fingertip to the key scanner is enough, instead of waiting for a one-time password and typing it later for confirmation.
- Can be used instead of passwords. FIDO2-certified security keys can be used not only for two-factor authentication, but also as a substitute for passwords. At least that’s what we offer our customers.
These are not all the advantages of security keys, we can talk about them for a long time, so next time we will prepare a detailed review. The purpose of this article was to give you useful information on protecting your profiles. But if you want to learn more about the keys right now or purchase them, write to our managers!