What to Do If Your Facebook Account Is Hacked

December 28, 2016 | Article

Steps You Can Take to Gain Back Control and Avoid a Hack in the First Place

It’s a common scenario: You’re hanging out online and you start to get messages from friends on Facebook asking why you are sending them links, or uncharacteristic pics are being posted on your Facebook account. You’ve been hacked.

If it hasn’t happened to you, chances are you have seen it happen to someone else. I’ve even called my mother, ex-girlfriend and real estate agent before to tell them that something was amiss on their accounts.

So how did it happen? Common methods include:

  • Man-In-The-Middle attacks
  • Phishing
  • Websites you visit that have been hacked via sql injections
  • Malware

We’re not going to define each of these, but it is important to know how your Facebook account can be hacked. Numerous articles have already been written on each type of hack, but there are some things I'd like to note about malware. Malware includes keystroke logging and remotely browsing file systems that store certain encrypted passwords, which can be exploited if you know what you are doing (it’s not hard). This can include your computer passwords, as well as the website credentials you save to your machine because you get tired of logging in over and over again. This is a bad idea, FYI.

Malware can also include spying on users via their webcams and microphones. It can also include opening pics in text messages from unknown people that have steganography in them. This is malicious code concealed within something like a picture that executes upon you opening it. This article can help you learn more about “Stego,” as we call it. The data is a bit outdated, but the principles still apply.

Keeping Your Facebook Account from Being Hacked

Here is what to do to prevent your Facebook account from being hacked in the first place.

  1. Don’t use the same password across multiple sites. Hackers are counting on you doing this. If you do this for two accounts like Facebook and Instagram, chances are that you have done it on your bank account login as well. Make sense? Multiple passwords are annoying, but it is much more annoying to get hacked.
  2. Enable two-factor authentication. This can also be annoying, but as long as you have your phone with you it is not a big deal. This sends a code to your phone that changes each time you log in to various accounts. If an account doesn’t offer it, don’t use it.

If Your Facebook Account Is Hacked

If you do find that you have been hacked, start by trying to change passwords on that account and then move out to other accounts. DO NOT forget to change banking and other sites with personal information. As you do this, set up two-factor authentication (see a pattern here) for higher security across your logins. It is a best practice to follow your website/social media steps for reporting unusual behavior.

This next part is the one most people don’t do because it is time consuming and frustrating: Purge your devices of data that may be malicious. This includes cell phones and tablets. I hate to rain on the parade of iOS device users, but you are part of this as well. I have personally found malicious software on clients’ iOS devices, and the methods of how they work are interesting to say the least, but I digress.

Adding antivirus processes comes in all shapes, sizes and prices. Don’t be fooled by a scam that will only put more malicious code onto your devices. Read reviews and pay for protection, rather than going the free route.

If you have vital or semi-vital information on your machines or devices, have a competent digital forensics firm run a series of obfuscation tests on everything running on your machine or device and give you a listing of what was found and where it was found. From that point, Google is your friend, and you can look into each of them to see if they are harmful or if they are supposed to be there.

Lastly, check and double check that your financial accounts are intact and secure. Then you can make an announcement on Facebook that you were recently hacked and apologize, letting everyone know what you have learned. Better yet, share this article and help your friends know what to do in the event they are hacked.

Stay current on your favorite topics


Applicable Offerings

Take a deeper dive into this Insight’s subject matter.

Fraud & Forensic Advisory Mobile Forensics