Did Your Facebook Account Get Hijacked?
No? Are You Sure?
In This Article
• Hijacked accounts are in high demand
• They're sold by hackers on the dark web
• Hackers use them to spread malware
• It's hard to know if your account got hijacked
• But you can protect yourself
No time to read right now? Here's a quick list of things to know.
Click for free PDF version of this article.
Introduction
Hijacked Facebook accounts are in high demand on the dark web and sell for around $55 each. Hackers love hijacked Facebook accounts because they come with hundreds, if not thousands, of trusted friends and other connected people.
What is the dark web?
It's part of the web that requires special software to access and is invisible to search engines. While there are legitimate and legal uses, the dark web is used by hackers, scammers, and criminals. Among other uses are the selling of hacked email accounts, stolen credit card info, and hijacked Facebook accounts.
How Hackers Use Hijacked Accounts
Hackers can post messages, impersonating the real owner, trying to get the owner's friends to click on links. Those links can lead to several things, such as…
Normal looking web pages that download malware in the background
Posts claiming the Facebook account owner is in a bad situation and needs money wired immediately
Trying to get “friends of friends” to connect, thereby increasing the size of the pool the hacker can target
Would We Know if Our Account Got Hijacked?
Most of us do not watch our own Facebook feed 24/7. And although Facebook might notify you when someone else posts to their page, they do not notify you when you (or a hacker who hijacked your account) posts to your own page.
So if someone hijacked your account and started posting, you would not immediately be aware of it. The hijacker can see your previous posts and then post new messages mimicking your style.
Your Facebook friends would have no way to detect that it wasn't actually you adding those posts.
If you're lucky, the hacker who hijacked your account will be sloppy and either use poor English or post things that look suspicious. In that case, you'll hopefully have some friends who contact you to ask what's going on.
Your Best Self-Defense Against a Facebook Account Hijack
Set up two-factor / multi-factor authentication (What is 2FA / MFA?)
1. In Facebook, go to Security and Login Settings
2. Scroll down to “Use two-factor authentication” and click “Edit”
3. Choose method to use (authentication app or text messages)
4. Follow the instructions to complete the setup
In Facebook, go to “settings > security > where you're logged in” and look for unfamiliar locations
Avoid logging into Facebook when you're on public WiFi
Always log out when you're not actively using Facebook
Always use a strong password
Run the Facebook security checkup
Periodically check friend requests made from your account to see if there are people you don't recognize
Never accept friend requests from people you don't know (or have a trusted friend vouch for)
Be careful with friend requests from people you do know — check their profile first to make sure it's not a hacker pretending to be the other person
Be careful clicking links in Facebook posts — it's always safer to go directly to the website in your browser
Periodically check the name and birthday on your account to make sure they haven't been changed (a common tactic for hackers)
If you think your account was hijacked, report it to Facebook and warn your Facebook connections via email, text, or phone calls (don't do it via Facebook)
Questions?
If you have any questions about anything here or if there's an issue you'd like us to write about please get in touch.
Want More Info Like This?
Get our Free Newsletter