As an incredibly popular and frequently used social media platform, Facebook is a prime target for hackers. Read on to learn how to tell if your Facebook account has been hacked and what you can do if it has. You’ll also discover how the various features offered by the all-in-one solution Avira Free Security can help you improve the protection of your Facebook accounts (and others) against hacker attacks.
How can I tell if my Facebook account has been hacked?
So, it wasn’t you who posted details on Facebook promoting that dodgy “work from home” scheme? Or if see activity you don’t recognize in your account, it could be a sign that your account’s been hacked. Perhaps your email, birthday, name, password, or other profile information has been changed. You could have new friends that you didn’t send requests to, and your existing contacts are receiving messages that you didn’t write. Posts could also be popping up on your timeline that you didn’t post, and your friends may report a duplicate account in your name that you didn’t create. Emails from Facebook alerting you to login attempts on strange devices are another red flag.
Fortunately, you can easily see a list of the devices which have been used to log into your account. If you’re concerned, do this: Log in to your Facebook account and click the arrow or profile picture in the upper right-hand corner to open the menu. Then:
- Click on Settings & Privacy -> Settings.
- In the left-hand menu, click on Security and Login and Where You’re Logged In will appear.
- Check all the devices that have logged into your account and from what locations. If you see an unfamiliar device or location, then your account may have been hacked.
- Click on the Not You? option next to the suspicious login and then click on Secure Account and follow the steps.
Remember that a Facebook profile can be hacked just like any other online account, so the same online safety rules apply. Did you sign in on an unsecure network or didn’t sign out of your account on a shared device? Don’t serve up your credentials and make life easy for hackers!
Help! My Facebook account has been hacked! What now?
It’s essential to act fast to recover a hacked Facebook account. Hackers could be reading your private messages, deleting your personal information, or trying to spam your friends. Take these urgent eight steps.
- Check which devices have been used to access your account by following the steps in the previous list above. If anything appears suspicious, immediately click the Log Out of All Sessions option in the lower right-hand corner.
- Change your password and add screen locks to your devices to prevent anyone taking even a quick peek. Follow these steps in the Facebook Help Centre.
- If you can’t log in, report your Facebook account as hacked at https://www.facebook.com/hacked/, because it may mean that you’re the victim of a Facebook hacker’s attack and they’ve changed your password. Facebook will prompt you to type in the phone number or email you used to open the account and then help you regain access. They’ll also ask how you think your account was hacked and then walk you through the security procedures.
- Warn friends and followers and keep a close eye on your Facebook account. If you don’t have access to your account after a hack, ask a trusted Facebook friend to log in to their account and then click on yours to see if your name, profile picture, or email have changed. Always inform your Facebook friends and followers of a hack! A hacker could contact them to ask for personal details or even send links infected with malware. Advise them not to respond to any messages or posts (not) made by “you” and to secure their own accounts.
- Change your other passwords. Far too many of us use our Facebook password for other apps, so while you’re at it, change all those passwords too. Avira Password Manager, which is part of Avira Free Security and is also available as a standalone solution, can help you generate strong, unique passwords and even stores them for you. You can also use it on other devices like smartphones or tablets to synchronize your passwords across all your devices. The best passwords contain a random string of upper- and lower-case letters, numbers, and special characters. Stay clear of birthdays, pets’ names, and anything that could be guessed by browsing through your profile!
- Additionally strengthen your login access now to help avoid needing to fix a hacked Facebook account later. with the help of Facebook’s two-factor authentication feature. To enable two-factor authentication, go to Settings & privacy -> Settings -> Security and Login. Then scroll down to find Two-Factor Authentication.
- Double-check all app permissions. Go to your apps and review who has access to your Facebook account. If there are any apps you don’t recognize or no longer use, revoke their access. You’ll find a list of these apps under Settings & privacy -> Settings -> Apps and Websites.
- Review your privacy settings. Facebook has a helpful checklist to get you started. Navigate to Settings & privacy -> Privacy Checkup.
My Facebook account was deleted after a hacker attack! What are my options?
A hacked account is frustrating enough, but some cybercriminals go further and delete the account altogether. If you act quickly enough, you can resurrect yourself. That’s because Facebook doesn’t kill you off entirely at first but makes your account invisible for 30 days. Use this window of time to reclaim your account. If the hacker has changed your password but hasn’t changed your email yet, you’ll receive an email from Facebook alerting you of a suspicious login. Click on the Secure your account link in the email to recover your account. Alternatively, you can still try and log in. Click Forgot Password in the login screen.
You’ll receive an email with a six-digit code and can use this to log in. You’ll then be prompted to create a new password—and the hacker will be locked out! Once you’ve created a (new, unique, strong) password, you’ll receive a notification telling you when your account is scheduled for deletion. Cancel the deletion. Phew, that was close… If the hacker was more thorough and deleted your email, you can still try and log in using your mobile number and you’ll be text a security code.
However, if more than 30 days have passed since your account was deleted, then there’s no way to retrieve it. You’ll have to create a new profile and embrace it as a blank canvas and fresh new start… or do a digital de-tox and leave Facebook altogether. It’s worth remembering that if you ever want to delete your own account, the same applies: You’ll have a 30-day cooling off period, but after that it’s gone for good.
Who can hack Facebook and am I at risk?
Anyone on Facebook is potentially at risk. As it’s the world’s biggest social networking site, it’s a popular destination for cybercriminals too. Hackers have several tricks up their virtual sleeves, but the most common way that accounts are compromised is by tricking you into divulging your login details.
Dangers from phishing
When a hacker “fishes” for your information by sending out a fake email or message, that’s phishing. A popular phishing technique for Facebook involves sending out an email (ostensibly from Facebook) asking you to log in. When you click on the link, you’re directed to a portal that looks identical to Facebook’s login page. Enter your email and password and you’re handing them to the hacker for future use.
Tip: Avira Browser Safety, which is included with Avira Free Security, offers you an easy way to block harmful phishing sites and avoid this trap. It also helps you to protect yourself from online tracking and infected ads.
Dangers from spyware such as keyloggers
A Facebook Messenger message pops up: “OMG! Guess who died?”, with a link. Click it at your peril as it could be laced with malware like a keylogger program. Keylogging is a particularly sneaky hacking technique. The spyware infects your device and then records everything you type, including confidential information like passwords and banking details. These are a potential treasure trove for cybercriminals and a keylogging attack can easily result in identity theft. Another common type of malware are info-stealers and there are no prizes for guessing what they’re up to. Yes, these bugs steal personal information, including your Facebook username and password.
Antivirus software like Avira Free Security helps you protect yourself from malware in real time and scan your device on a regular basis for all types of malware, including spyware, and remove it if discovered.
Dangers from sidejacking, spoofing, and man-in-the-middle attacks
So, we see that some hackers operate as thieves. Others are masters of disguise. Are you a fan of public Wi-Fi? It’s convenient, but beware of sidejacking, when someone steals your legitimate access to a website and impersonates you. To sidejack access, the hacker (or “bad actor”) uses a packet sniffer to obtain an unencrypted cookie that grants access to the site. This cloud has a silver lining though: Once you log off, the hacker loses access, as they never obtained your login details. Potentially uglier is Domain Name Server (DNS) spoofing. This cyberattack redirects online traffic to a fraudulent website that looks like the real thing. Here you’re prompted to log into what you believe to be your account, and then the perpetrator steals your access details.
Attackers can also be silent eavesdroppers. During a man-in-the-middle (MitM) attack, the cyberattacker positions themselves between your device and the legitimate host that you’re connecting to. Here they can disrupt communications, spy on you, and steal login credentials (there goes your Facebook account, again).
A VPN like Avira Phantom VPN can help protect you from these dangers — especially if you use Facebook on an unsecured public Wi-Fi hotspot. When you use a VPN, your data traffic is routed through an encrypted tunnel that hackers cannot access. As such hotspots are particularly popular with mobile devices, we recommend using a VPN app when on one. Avira Phantom VPN is also included in Avira Free Security, but can also be downloaded as a standalone solution.
Dangers from botnets
That USB drive sitting on your desk may look innocent… but is it? A USB can download an infected file from someone’s laptop, then transfer it to yours. In early 2022 it was reported that a cybercrime group was mailing out USB sticks. Once plugged in, they installed malware onto the target PCs and then moved laterally across networks. Groups of connected, hijacked computers used to carry out various scams and cyberattacks are called botnets. Don’t unwittingly turn your device into a bot that’s possibly helping cybercriminals hack into other people’s Facebook accounts. However, botnet malware can also get onto your computer in other ways.
Avira Free Security also offers the option to scan removable media such as USB sticks for malware.
How can I protect myself from hacker attacks in the future?
Facebook offers a range of tools to help keep your account safer. It’s a question of remembering to check your current privacy and log-in settings and switching on the right features. Enabling two-factor authentication is a good start. Even if a thief has your laptop, they’ll need your mobile too if they want to access your Facebook. Always use a complex password that’s not based on information that a hacker might guess and change it regularly just in case there’s been a data breach. It’s worth noting that Facebook’s Trusted Contacts is no longer supported. This means that your chosen friends can’t help you get back on Facebook if you lose access to your account. Make sure that your email address and phone number are up to date in your account settings.
Another vital step is to make sure your Facebook content is only shown to people you know and trust. Browse the Privacy Centre (Settings & Privacy -> Privacy Centre) to set who you interact with and what you share with them.
Also consider cutting off third-party apps to gain greater control over your data. Here’s a reminder: See Settings & Privacy and then click on Apps and Websites to view and amend who gets to see those pictures of your Ibiza holiday, and so much more… And always stay on the ball! Monitor login and account activity so that no-one can sneakily act on your behalf and be ultra-wary of emails and messages. Check and double check the sender before clicking on links or attachments.
In conclusion: All-round protection helps you safeguard your Facebook account
As you’ve now learned, hackers use a wide variety of techniques to hijack your Facebook account. This makes it all the more important not only to be cautious but also to take a wide-ranging approach to cyberdefense.
It’s best to use a tried-and-tested online security solution like Avira Free Security, which not only offers protection against malware but also includes many other important features. These include Avira Browser Safety, which we’ve already mentioned briefly, to help you block malicious and phishing websites, as well as a VPN that allows you to surf anonymously and encrypt all the data you send and receive online — especially over public Wi-Fi hotspots. The aforementioned Password Manager is also included — plus a whole bunch of other utilities.
And of course, you should also strengthen your mobile devices’ protection. The all-in-one solutions Avira Antivirus Security for Android and Avira Mobile Security for iOS also include many security and privacy features, such as a VPN.
