Hopefully the day will never come when you find out your Facebook account has been hacked or hacked. It is a terrible feeling, and I feel for you, for the world of pain that you will experience in time and perhaps in money to return your account to your rightful control.
Let me walk you through the recovery process. Next, I'll provide some proactive safety tips that you can follow to prevent this horrible moment from happening, or at least reduce the chances of it happening.
There are actually three different possible scenarios.
Scenario 1. You let a family member or friend "borrow" your Facebook account on your computer or phone. They consume content, post as you, or befriend random people. It happened to a friend of mine, who had a grandchild who was staying with her for a week. The girl left town and left a mess on my friend's facebook account. “She didn’t post anything on my account, but I had some weird friend requests that I needed to clean up. I have decided to stop using my account. It's more of a nuisance than a hack, but still annoying.
Remedy :First, use the Facebook security page to check and see where else your account is already logged in.
This list should also remind you of any devices you've used Facebook on in the past. I took this screenshot after finding (then deleting) an old Windows laptop that I hadn't used in years on the list. You will also see an entry for my iPhone which is somewhere in Indiana. I haven't visited this state in years, so sometimes the geolocation algorithms are a bit wonky. Even if your account isn't hacked, it's worth checking this screen regularly to make sure you haven't activated a login by mistake.
If you don't recognize (or use) any of the devices in this list, click the three vertical dots on the right and force those devices to log out of your account. Next, change your password to something unique. Also, in the future, remember to log out of Facebook (and Messenger) before lending your device to anyone.
Scenario 2. Someone uses your photo and name and creates a new account. Then they try to recruit your FB friends to their account.
Remedy :There's not much you can do about it except tell people you're still you and ignore the impostor. This should be a warning when you receive a friend request from someone you think you've befriended before or haven't communicated with in years. A word of advice:send them an e-mail or an SMS to ask them if the request is genuine.
Scenario 3. The doomsday scenario . Someone guesses your account password and locks you out of your account. This situation is the most serious, and the resolution of this problem will depend on what else you have linked to your Facebook account and your determination to recover it.
It happened to Elizabeth, a book author. She ended up working with two different friends who were IT professionals and a lawyer for four months. She had two complicating factors that made it difficult to recover her account.
First, she used Facebook ads to promote her books, so she connected her ID to her credit cards. This caused the hacker to load their card with their own advertisements in an attempt to trick other victims into compromising themselves.
The second complication was that she used her pen name and a random birthday date for her account. During the recovery process, Facebook asks you to scan your ID to verify who you are. When she told me this, I worried for myself. For years, I prided myself on using January 1st as my "birthday" on Facebook. Now she was telling me that I was getting in trouble if someone hacked into my account.
She finally got her password reset, but almost immediately the hacker reset and took over her account. "I tried to get someone on Facebook to help me, but I couldn't reach anyone on the phone," she told me. Prior to the pandemic, the company had a special phone hotline for industry insiders, "but that was discontinued," she said. She had more success blocking credit card charges by phoning her bank. "I was trying to get one step ahead of the hacker and was losing sleep. My whole life was put on hold as I tried to deal with the situation. I haven't worked for months. I ended up changing my passwords on over 30 different accounts.
Possible remedies: if you find yourself in the latter situation, you have three basic choices:
1. Now would be a good time to quit Facebook . The problem is that you have someone pretending to be you who could take advantage of your identity in criminal and uncomfortable situations. Not to mention that they might try to take advantage of bank accounts linked to your account or open credit cards in your name. (More on that in a moment.)
2. Try to restore your account on your own , using Facebook's obscure and often contradictory steps. This is how most people I know have tried. However, you will find out very quickly that there is no easy way to do this. You have to communicate with Facebook Support through someone else's account, which seems a bit contradictory, so hopefully your spouse or friend is willing to lend a hand. (Don't be tempted to create a second account, as this could result in the cancellation of both of your accounts.) Next, you must choose one of several options (find an unauthorized post, an account that uses your own name, and /or photos) and enter the rabbit hole to recover your account.
If you use Facebook to connect to other Internet services, you will need to disconnect these links, otherwise a hacker can then compromise these other accounts. If, like Elizabeth, you have connected your credit card or other financial accounts, you will need to contact those institutions and have those charges waived. Start by trying to use Facebook from other devices you've used before:the hacker may not have automatically logged you out.
3. Use a third-party recovery service , such as Hacked.com. It'll cost you $249, but the company will be persistent and if they can't help, they'll refund your costs. You also get an included one-year digital protection plan that normally sells separately for $99. If you have a complex situation like Elizabeth (connected finances, mismatched birthday), I recommend going this route.
But make sure you don't employ some random hacker who might take your money and do nothing else. I spoke to Hacked.com founder Jonas Borchgrevink, who described the different sequences of steps his employees try in a recent Washington Post article. And he confirmed that if you use a different name than the one on your ID, it's almost impossible to recover your account.
If you haven't been hacked (yet) and are somewhat uncomfortable reading this, here are some steps you can take to secure your Facebook account, or at least reduce your pain points if this happens. Start by making at least one today and be sure to take care of all the elements as soon as possible.
1. Set up additional login security on your Facebook account. Facebook gives you a confusing set of choices, but the one I recommend is to use a two-factor authentication app like Google Authenticator. (You can start at this Facebook page.)
Two-factor authentication (also known as 2FA) uses an Android or iOS smartphone app as part of the login process. After providing your username and password, Facebook asks you to enter a series of six numbers generated by the application. These numbers change every minute, so you need your phone nearby when you connect. If you want extra credit, take the time to enable this second factor method on your other accounts, including banks and credit card companies that support this method (unfortunately, too few do).
Elizabeth was using a less secure method for her second factor:sending the six numbers as a text message to her phone. You can read more about why this is not my preference.
2. Check if you have set up payment methods on Facebook. While preparing this article, I was surprised to find my PayPal address linked to my Facebook account – and I thought I was being careful about my Facebook security. There are two places to check. First, there's the page that shows whether you've set up credit cards to make direct payments to individuals or causes, called Facebook Pay. Go to this other link to remove all advertising payment methods. If you are running ad campaigns on your business, you will need to stop them first.
3. Remove connected apps and websites. If you've logged into any third-party apps using your Facebook credentials, now is the time to review and remove them (you can find the appropriate page here). The same is true for the removal of any commercial integrations. You are not able to automatically log in to these other services, but you also protect yourself if your account has been compromised.
If you have a Facebook business page, you must have at least two people who have admin rights on that page. (Go to Page Settings> Page Roles.) If your business account gets hacked and you're the only admin, recovering it will be next to impossible. Second factor authentication must also be enabled for this contact.
4. Check your account email contacts (using this Facebook page). You should have at least a second (or more) contact email that Facebook can use to send you notifications in case your primary email address is compromised. Of course, use different passwords with these different email accounts.
I know, that sounds like a lot of work, and there are a lot of places in the Facebook settings pages that you'll need to visit and pay attention to. And there is a high chance that the links provided above will not work in the future as Facebook likes to make changes to its settings.
If these activities to enhance your security haven't left you frustrated, you may want to continue improving your security. I recommend either the Giant smartphone app for iOS and Android, or Avast One (available on Windows, Mac, iOS, and Android). Either can help you follow the many steps to secure your Google, Twitter, and other accounts.
Think before you click. If you receive a message from what looks like a social media company saying your account has been compromised, do not follow any links or call any phone numbers in the message. It could be a hacker lure. Instead, go to the site or use its own app directly.
Be aware of things that seem unusual . Keep an eye out for messages you haven't sent, posts you haven't created, or purchases you haven't made. These could indicate that someone guessed your password or compromised your account. If you're lucky, it might be a wandering teenager using one of your computers.
As Elizabeth told me, "Getting hacked is like getting a digital tattoo - everyone can see the aftermath of your bad choices." »