Did Your Facebook Account Get Hijacked?

No? Are You Sure?

surprised young woman

In This Article

• Hijacked accounts are in high demand

• They're sold by hackers on the dark web

• Hackers use them to spread malware

• It's hard to know if your account got hijacked

• But you can protect yourself

  No time to read right now? Here's a quick list of things to know.

  Click for free PDF version of this article.


Hijacked Facebook accounts are in high demand on the dark web and sell for around $55 each. Hackers love hijacked Facebook accounts because they come with hundreds, if not thousands, of trusted friends and other connected people.

  What is the dark web?
It's part of the web that requires special software to access and is invisible to search engines. While there are legitimate and legal uses, the dark web is used by hackers, scammers, and criminals. Among other uses are the selling of hacked email accounts, stolen credit card info, and hijacked Facebook accounts.

How Hackers Use Hijacked Accounts

Facebook hackerHackers can post messages, impersonating the real owner, trying to get the owner's friends to click on links. Those links can lead to several things, such as…

  Normal looking web pages that download malware in the background

  Posts claiming the Facebook account owner is in a bad situation and needs money wired immediately

  Trying to get “friends of friends” to connect, thereby increasing the size of the pool the hacker can target

Would We Know if Our Account Got Hijacked?

Most of us do not watch our own Facebook feed 24/7. And although Facebook might notify you when someone else posts to their page, they do not notify you when you (or a hacker who hijacked your account) posts to your own page.

Facebook on phoneSo if someone hijacked your account and started posting, you would not immediately be aware of it. The hijacker can see your previous posts and then post new messages mimicking your style.

Your Facebook friends would have no way to detect that it wasn't actually you adding those posts.

If you're lucky, the hacker who hijacked your account will be sloppy and either use poor English or post things that look suspicious. In that case, you'll hopefully have some friends who contact you to ask what's going on.

Your Best Self-Defense Against a Facebook Account Hijack

  Set up two-factor / multi-factor authentication (What is 2FA / MFA?)

1. In Facebook, go to Security and Login Settings

2. Scroll down to “Use two-factor authentication” and click “Edit”

3. Choose method to use (authentication app or text messages)

4. Follow the instructions to complete the setup

  In Facebook, go to “settings > security > where you're logged in” and look for unfamiliar locations

  Avoid logging into Facebook when you're on public WiFi

  Always log out when you're not actively using Facebook

Facebook  Always use a strong password

  Run the Facebook security checkup

  Periodically check friend requests made from your account to see if there are people you don't recognize

  Never accept friend requests from people you don't know (or have a trusted friend vouch for)

  Be careful with friend requests from people you do know — check their profile first to make sure it's not a hacker pretending to be the other person

  Be careful clicking links in Facebook posts — it's always safer to go directly to the website in your browser

  Periodically check the name and birthday on your account to make sure they haven't been changed (a common tactic for hackers)

  If you think your account was hijacked, report it to Facebook and warn your Facebook connections via email, text, or phone calls (don't do it via Facebook)


If you have any questions about anything here or if there's an issue you'd like us to write about please get in touch.

Want More Info Like This?

Get our Free Newsletter