A 2022 survey from NordVPN found that 9 in 10 people say they know a person whose social media profile has been hacked. Social media accounts are frequently targeted by hackers, and your accounts are likely at risk. Even if you take every precaution to safeguard your login information, social engineering attacks can be difficult to resist — attackers develop more sophisticated schemes yearly.
In the event your social media accounts are compromised, don't panic. Take these steps to triage your social media profiles, lock down your information, and get a handle on the situation.
[Read more: Newly Remote Workforce? Take These 4 Cybersecurity Steps Now]
Signs your social media accounts have been compromised
The U.S. Federal Trade Commission (FTC) lists a few signs that your social media accounts may have been compromised, including the following:
- You are unable to log in to your account.
- You are notified about a change to your username or password, but you didn’t make that change.
- You are notified of an unusual login from a device you don't recognize or a location you're not at.
- Your contacts get emails or messages from your profile that you didn't send, sometimes with random links or fake pleas for help or money.
These are some of the most common signs that your account has been infiltrated, but there are others to be aware of.
"An influx of hundreds of new friends or unexpected follow requests is abnormal behavior. Hackers may increase your social media audience to widen their pool of potential targets," wrote Microsoft.
Essentially, any sudden change to your account that doesn't align with your own social media habits is a red flag.
It's also smart to set a social media policy for everyone who accesses your business profiles during their day-to-day work
How to recover your accounts
The first thing to do if you see unusual behavior or get a notification that something is different is to verify that something nefarious is really going on.
"You might get an alert through email or other means saying that your social media account has been compromised. You shouldn't take any unexpected urgent message like this at face value," wrote the National Cybersecurity Alliance.
Sometimes, hackers use these notification emails in phishing attempts to trick you into sending your login information. Therefore, the first thing you should do is try to log in to your social media account. If you can, take the following measures:
- Reset your password to something unique and complicated.
- Enable multifactor authentication (MFA) to add an extra layer of security to your account.
- Report the incident to the social media platform so they can investigate if needed.
- Change passwords to linked accounts if you use your social media profiles to log in to other platforms.
The FTC also recommends scanning your device to see if any malware has been detected.
If you can't log in to your account, then you need to escalate the issue to the platform's support team. Many platforms have a way to report an account takeover through their online support desk. Follow the instructions on the platform's Forgot My Account or Account Recovery webpage. Here are links to the support pages for major social media websites:
Each platform will guide you through the account recovery steps. Once you get back into your compromised profile, change your passwords and enable MFA to secure your access. Then record and delete anything that was posted or sent by the hacker. Keep screenshots for your records in case your account gets flagged as suspicious. See what devices have logged into the account and remove access to anything suspicious.
How to prevent social media hacks
Ideally, you'll take measures to ensure any attempts to compromise your account aren't successful. One way to do this is to use strong, unique passwords — a password manager makes this step easy.
It's also smart to set a social media policy for everyone who accesses your business profiles during their day-to-day work. For instance, telling your employees to be selective about the friend requests they accept is one easy step toward securing your accounts.
"Out-and-out strangers could be more than just a stranger, they could be a fake account designed to gather information on users for purposes of cybercrime, or they could be an account designed to spread false information. In fact, in Q3 of 2021 alone, Facebook took action on 1.8 billion fake accounts," wrote McAfee.
Write a comprehensive security policy for your social media accounts that covers user access, behavior on the platform, and training to detect and avoid common scams.
[Read more: How to Simplify Employee Security Regulations and Improve Your Company Cybersecurity]
CO— aims to bring you inspiration from leading respected experts. However, before making any business decision, you should consult a professional who can advise you based on your individual situation.
CO—is committed to helping you start, run and grow your small business. Learn more about the benefits of small business membership in the U.S. Chamber of Commerce, here.