It’s like every time I log in to Facebook someone is apologizing because their account was hacked and used to send inappropriate content or solicit money.
It’s crazy because 99% of these Facebook hacks can be avoided with two simple tips.
- Don’t reuse one password for multiple accounts
- Enable multi-factor authentication (MFA)
Then again, most people don’t look past the basic features of these platforms. You log on to your account, spend the next 3-5 hours scrolling through your feeds, feel bad about your life, rinse and repeat.
I’m not judging. I’m guilty too.
But, back to our main agenda. Follow along as I explain why it’s not safe to reuse your password, what MFA is, and how to enable it across all social media channels including Facebook, Instagram, and LinkedIn.
We will also cover how to secure your WhatsApp which is emerging as a popular target for cybercriminals.
But let’s start with the basics. How do hackers take over Facebook, WhatsApp, or any other social media account?
You can also jump to the area that interests you the most.
How does Facebook and other social media accounts get hacked?
There are three main ways hackers can take over your social media account.
1. Social engineering + Phishing
Contrary to what many people imagine, social media hacking does not involve any advanced techniques.
There’s no hacker seated behind their screen typing some code like you see in movies.
Rather, it’s a clever combination of what we call social engineering and phishing.
Social engineering is basically playing with your psychology to get you to make a security mistake or reveal personal information.
The hackers then use phishing (derived from fishing) to bait you. It can either be a link or an app download.
Practical example. You have probably seen or been tagged in a Facebook post with what looks like links to adult content.
You were smart enough not to click on it, but let me tell you what happens when some thirsty dude clicks on it.
They are redirected to what seems like a live p*rn session, but it requires that they log in to Facebook to gain access. That’s where the magic happens.
In reality, they aren’t logging into Facebook. Instead, it’s a dummy page created by hackers to harvest login credentials.
When they type in their username and password, it just gets sent to the hacker who can then use the information to take over the victim’s account.
That is just one form of social engineering combined with phishing (that you know of).
There are others you won’t see coming. It’s only after you’ve been compromised that you start seeing all the red flags that you ignored.
As a rule of thumb. Never open unknown links or download applications from untrusted sources.
2. Data breaches
Another way people get hacked on social media is through leaked credentials. A company where you are a customer gets hacked and the hackers steal customer data such as emails, passwords, phone numbers, id numbers, and other personal information.
This data is then sold in the dark web and can be used to target you.
Just recently, researchers uncovered a data breach containing over 26 billion records from 4000+ companies. It’s being called the Mother Of All Breaches (MOAB).
Unfortunately, most people reuse one password for multiple accounts. Consequently, if the password is exposed in a breach hackers can use it to access multiple of your accounts.
Hackers can also use the leaked personal information like your email and phone to perform targeted phishing.
This was the case in Argentina when Payoneer account holders were targeted following a data breach on a top telecommunications industry.
3. Granting account permission to unknown apps
Hackers can also leverage Facebook apps to take control of your account. It could be something as unexpected as those apps that you use to guess whick kind of animal you are. Or, who you will marry.
Careful when granting any app permission to access your social media accounts as the permissions can be abused to perform unauthorized activity. The hackers won’t even need to steal your login credentials.
How to protect your social media account from hackers
Here are the two best practices to secure your social media account from hackers.
#1 Tip: Enable multi-factor authentication (MFA)
Multi-factor authentication, also known as 2-factor authentication (2FA), adds an extra layer of protection on top of your normal password. It requires that you enter a verification code after the usual login to access your account.
There are three forms of MFA you can choose from.
- SMS-based MFA. This method relies on your phone number for verification. Once you’ve logged in normally, you are then prompted to enter an SMS code that was sent to your number. Unless the hacker also performs a sim swap attack, they’ll have no way to access your account without the code.
- Authentication app. This method involves a third-party app like Google authenticator which generates a unique code periodically (usually after every 30 seconds). After logging into your account using your username and password, you’ll need to enter the code that’s currently on display on the app to access your account. This method is more secure than SMS-based MFA since it’s not vulnerable to sim swap attacks.
- Security key. A security key is a hardware device resembling a USB drive that you insert into your computer after logging in normally. It is the most secure form of MFA because the device is physically in your hands. On the other hand, if you misplace it, the account recovery process will be a bit tricky.
It may feel like extra work having to go through an extra level of verification, but guess who else thinks it’s too much work? Hackers. If a cybercriminal is trying to take over your account and they find you have MFA, they’ll just move on to the next easier target.
#2 Tip: Never reuse passwords
As we have already mentioned, using a single password for all your accounts puts you at risk of having multiple accounts compromised at once.
But I understand why many people reuse passwords. It’s hard to remember a different password for every account you have. Especially when you have to adhere to password best practices like mixing up characters and making your password longer than 8 characters.
How many times have created a password that you were so sure you wouldn’t forget and barely a day later, you were resetting it because it escaped you?
That’s why I use a password manager. It’s a safe vault for all your passwords. All you need is one master password to unlock the vault and access your stored passwords.
Better yet, a password generates unique and strong passwords and autofills the username and password field when logging in to your accounts.
Check out this post where I talk about the best free password manager.
How to enable 2FA on Facebook
1. Click on the three lines at the top right of your Facebook profile and scroll down to settings and privacy. If you are on a desktop, click on the drop-down arrow on your profile.
2. Open settings and then click on password and security. Before you go to the 2FA setup you can check to see if there is any unknown device logged into your account.
3. Click on Use two-factor authentication to begin setup. You can use more than one method, i.e. SMS-based verification together with an authentication app.
One will act as a backup in case the other one is not working.
How to enable 2FA on Instagram
1. Open your profile section and click on the three lines at the top right.
2. Click on the settings and privacy feature to open the Accounts Centre. That’s where Instagram’s security settings are located. Scroll down to Password and Security and click on it.
3. Open two-factor authentication and choose your preferred verification method.
How to enable 2FA on LinkedIn
1. Click on your profile picture on the top right or top left depending on whether you are on desktop or mobile.
2. Open Settings and then navigate to Sign-in & security.
3. Click on Two-step verification to set up 2FA.
How to enable 2FA on WhatsApp
Unlike the other social media platforms, WhatsApp does not require that you login to use it. However, it allows you to switch numbers, a feature that is being abused by hackers to take over WhatsApp accounts.
This is where social engineering comes into play again. To complete the switch and take over your WhatsApp account, the cybercriminals need to enter a code that is sent to your phone. This is enabled by default.
So, what they do is whip up a story that tricks you into sharing the code with them. Funny enough, many people will fall for the trick even though WhatsApp has explicitly warned you against sharing the code with anyone.
Lucky for you, you now know how the scam works.
Apart from switching numbers, cybercriminals can also take over your WhatsApp account by entering your number during WhatsApp registration and then tricking you into sending them the verification code that’s sent to your number.
Enabling WhatsApp 2FA will make it harder for hackers to take over your account by requiring that they enter an additional code to complete registration. However, unlike the other options, WhatsApp does not send the 2FA code via text or an authenticator app. Instead, you need to create a 6-digit PIN that you can remember.
Don’t worry though. You will be prompted to enter your email address in case you forget the PIN.
Here is how to set up 2-factor authentication on WhatsApp.
1. Click on the three dots at the top right of your WhatsApp account and open Settings.
2. Open Account settings to access and set up Two-step verification.
Conclusion
“It can never happen to me,” famous last words of an individual who would regret them later. Setting up 2FA across all your channels will not take you more than 10 minutes. And after that, you never have to worry about your account security again.
Well, unless you are a very high-value target and the hackers are willing to invest significant time and resources (money) to take over your account.
Don’t say you will do it later. Do it now. And don’t get distracted by your feed. Someone will open their Facebook or Instagram to enable 2FA only to get sucked into mindless scrolling.
PS: If you found the post then don’t forget to share.
Leave feedback about this