Account takeover

For many of us, social media is our gateway to connecting with the world, staying in touch with friends and family, and even conducting business. Losing control of a social media account can feel invasive. Moreover, when cybercriminals take over your social media accounts, they can impersonate you, access your sensitive personal information, and take your money.

Account Takeover attacks on financial accounts can lead to identity theft, financial loss, privacy invasion, and reputational damage. 

Don't immediately trust urgent messages claiming your account has been hacked. Instead, investigate the situation thoroughly. 

• Pay attention if friends report unusual posts or messages from your profile, such as promotions for suspicious deals.
• Unauthorized transactions or changes.
• Unfamiliar devices accessing the account.
• Notifications of password changes or security alerts.
• Being locked out of your account.
• Receiving alerts about failed login attempts.
• Receiving emails or messages from your accounts that you did not send.
• Notices of new accounts or services you didn't sign up for.

• Use unique complex passwords with a mix of characters, or use multiple-word passphrases. 
• Avoid using the same password for multiple accounts. A  password manager makes this much more manageable. 
• Enable multifactor authentication for an additional layer of security.
• Frequently check account statements and activity logs.
• Use antivirus software and keep devices updated.
• Avoid using public Wi-Fi for sensitive transactions. If that is not feasible, use a virtual private network (VPN). 
• Do not click on suspicious links or provide personal information in response to unsolicited messages.

If you suspect that your social media or financial account has been compromised, follow these steps to regain control:

• Log in to verify that you've truly lost control of your account. 
• Contact the service managing the stolen account.
• Immediately change passwords for the stolen accounts, if possible.
• If you still have access, enable multifactor authentication.
• Review your account for sensitive information, such as credit card numbers or private communications. Assume this data has been compromised and take necessary steps to protect yourself, such as contacting your credit card issuer to cancel your card.
• See if privacy or security settings were changed and  adjust them to your comfort level.
• Inform your bank, credit card companies, and any affected service providers.
• Review recent transactions and report any discrepancies.
• Check to see what devices have logged into the account and make a record of anything suspicious.
• Record everything using screenshots and create a timeline. You can send this documentation to the social media platform or law enforcement. Then delete anything posted or sent by the hacker. 
• File a report with the police department and other relevant agencies. See How to Report a Fraud.
• For financial account takeover, visit IdentityTheft.gov for steps you should take right away to protect yourself and your finances.
• Place a fraud alert on your credit reports and consider a credit freeze to prevent further misuse of your personal information. See Identity Theft for more on how to do this.
• Inform your followers that your social media account was hacked, even if it feels embarrassing. Candor is the best way to mitigate any reputational damage from the hack. Warn them to be wary of any strange messages or unusual posts from your profile.

References:

• Consumer Reports. (2024). Password Managers. Retrieved from  https://www.consumerreports.org/electronics-computers/password-managers/.
• Cybersecurity & Infrastructure Security Agency (CISA). (n.d.). Shields Up Guidance for Families. Retrieved from  https://www.cisa.gov/shields-guidance-families.
• Federal Trade Commission. (n.d.).  Retrieved from https://www.identitytheft.gov/.
• National Cybersecurity Alliance. (2023 April 27). Share with Care: Staying Safe on Social Media. Retrieved from https://staysafeonline.org/resources/social-media/.