Are Your Social Accounts Safe? How to Avoid Getting Hacked on Social Media

How often do you see your friends and family getting hacked on social media? Have you ever been hacked? Social media hacking is increasingly becoming more common, yet many people aren’t aware of how to protect themselves online. In this blog, the experts at NEBRC take you through some of the most common ways in which a criminal can hack social media accounts, why they do it, and how to prevent it. So let’s jump into it – how can you avoid getting hacked on social media?

To avoid getting hacked on social media, we recommend the following 5 tips:

Use secure, unique passwords, such as three random words
Use a password manager to manage your passwords taking away the burden of having to remember them
Use antivirus software wherever it is possible to do so
Keep your devices and software up to date
Set up MFA on your accounts

Read on to learn more about how criminals hack into social media accounts, why they do it, how to prevent it, and what to do should the worst happen.

How Do Social Media Accounts Get Hacked?

There are a variety of ways in which social media accounts can be hacked, a number of which are user mistakes and are easily prevented. Let’s take a look at some of the top ways that accounts get hacked:

Data Breach

Sometimes, social media platforms experience data breaches that release personal information and/or log-in information. If this happens your account is at risk of being hacked, as your login details are now no longer secret. A great way of keeping track of data breaches is using free services like have I been pwned, which allows you to search across multiple data breaches to see if your email address or phone number has been compromised.

Weak/Repeated Passwords

Weak passwords, or passwords that are not unique run the risk of being easily hacked. It’s important to use a unique password on every account (not simply changing one or two characters) that is not easily guessable, and:

Contains twelve or more characters
Using a password made up of three random words creates a strong yet easy-to-remember password.
Three random words generate unique passwords that are long and strong enough for most purposes.
These passwords are easier to remember.
Writing your password down is acceptable if you keep it somewhere safe, the best way to keep them safe is to use a password manager with MFA

A password manager is a great way to protect your passwords and help you to remember a large number of strong, unique passwords. Many password managers will even generate a completely random, yet strong password for you and save it to your space.

Learn more about passwords in our recent blog, How Weak is Your Password?

Two-Factor Authentication is Not Used

If a hacker manages to get a hold of your password (even if you follow the above advice), there’s nothing stopping them from logging in and doing whatever they want with your account and personal information.

However, if you have two-factor authentication (2FA) installed (sometimes called multi factor authentication (MFA), there is another layer of security that they must pass which is not easily breached. With 2FA installed, once you log into your social media account, you’ll be presented with a second screen and asked to enter a code. This code would have been sent to your mobile via text, email address or through an authenticator app. With this set-up, a hacker does not have access to this code and cannot access your social media account

Public WiFi Networks

Public WiFi networks can be unsafe. Be very cautious of using free public WiFi to log into an account or to submit personal or financial information online. Public networks, even when password protected, are not private. hacker could be on the public wifi network and inspect the information being sent to/from the WiFi router. If you do not encrypt your information, they can see everything you do.

If you choose to use a public network, we recommend using a trusted VPN (virtual private network), which will encrypt your information and make public browsing safer.

To learn more about how to protect yourself through the use of a VPN, take a look at our informative blog here.

Suspicious Links

Never click on a suspicious link, no matter how they are delivered (private message, via your social media feed, email, text, etc.). At best, you’ll be exposed to a phishing scam, but at work your device may get a virus or someone may hijack your account.

Outdated Software

When your laptop, tablet or mobile asks you to update software, it’s essential that you don’t put it off. Software updates patch over any security issues. When there is a vulnerability on an internet-enabled device, this poses a risk for all of the accounts that you access via that device.

Now you know some of the most common ways that a criminal can hack into your social media accounts, you’ll no doubt want to know how to protect yourself. Keep reading to discover our top 5 ways to protect yourself on special media.

But first, do you know how many social media accounts actually get hacked?

SCAM ALERT! Social Media Hacking is on the Rise

Data from Action Fraud highlights an increase in scammers hacking social media accounts. In 2023, 22,530 accounts were reportedly hacked – and this is just the number reported. A great number more will have been hacked but never reported.

With access to your accounts, fraudsters can con your contacts, sell your information and try to steal your identity. Some victims of social media hacking have also been extorted and blackmailed by criminals who have stolen private photos and videos.

As such, it’s important to be aware of how easy it is for criminals to hack into social media accounts, how to prevent it, and what to do should your account be hacked.

If you live in England, Wales and Northern Ireland and have been a victim of fraud or cybercrime, report it at www.actionfraud.police.uk or by calling 0300 123 2040. In Scotland, victims of fraud and cybercrime should report to Police Scotland on 101.

Why Do Hackers Target Social Media Accounts?

Some hackers simply enjoy the chase – the thrill of breaching security. They may log into an account, play a little mischief, but not take things too far. On the other hand, some hackers are serious criminals and will use hacked accounts as part of their crimes. For example:

Identity Fraud

Some people share an incredible amount of information about their lives online. This helps criminals to build a bigger picture of who we are, with the aim of stealing identities. This, alongside the personal information found in the settings and account information section of a social media account, will sometimes give a criminal ample information to commit identity fraud.

Reusing Credentials

If you don’t use unique passwords, you run the risk of a successful hacker logging into and compromising other, more important accounts.

Spreading Scams

A hacker may want to spread and encourage your friends/followers to click on malicious links or encourage them to partake in whatever scam they are running. Have you ever received a private message from a friend with a suspicious link to an untrustworthy site? Or perhaps you’ve seen a friend suddenly post something out of the ordinary, promoting or selling something you know they aren’t interested in? This is a common way that criminals use hacked accounts.

Holding an Account Ransom

A hacker may hijack a social media account and offer to return the account for a sum of money. For some, this may not be worth the money, but some people have invested a lot of time into their accounts and may have years worth of pictures and memories that would be lost, should they not pay the ransom.

How to Avoid Getting Hacked on Social Media

We briefly touched on some of the ways you can protect your social media accounts earlier, but here’s our top 5 tips for not getting hacked:

Use secure, unique passwords, such as three random words
Use a reputable password manager to manage your passwords taking away the burden of having to remember them keep track of your passwords
Use reputable antivirus software wherever it is possible to do so
Keep your devices and software up to date
Set up MFA on your accounts

What to Do If Your Social Media Account Gets Hacked

If you find out that your account has been compromised (and you still have access), your first step is to change your password and set up 2FA. Afterwards, you should:

Contact your account provider if you cannot access your account. They will take you through the account recovery process.
Check your email account has not also been compromised. Check your email filters and forwarding rules. A common tactic used by cybercriminals is to set up a forwarding rule, which means that they will automatically be sent a copy of all emails sent to your account, a password change for your email account, might also be a good idea, as well as ensuring it has MFA
If your password is used on other sites, you must also change these passwords to something unique.
Log all devices out of your account. This can usually be done from the Settings menus of the app or website (or it may be part of the Privacy or Account options).
Set up MFA.
Update your devices and software, if applicable.
Notify your contacts that your account has been hacked and not to trust any communications/posts from you within a given time period.
Check your bank statements and online shopping accounts for suspicious activity.
Contact Action Fraud

If you discover something more malicious has occurred, you will need to contact Action Fraud, who will be able to advise you on the best course of action for your situation. Visit www.actionfraud.police.uk, or call 0300 123 2040.

If You Can’t Recover Your Account

Sometimes, it may not be possible to recover a hacked account. In such cases, you will need to create a new account to continue using the platform. Once you have done this, update your contacts and tell them you have abandoned the old account. Ensure that proper online security is used going forward.

Stay Up to Date With NEBRC

For further guidance on staying safe online, contact [email protected]. You can also stay up to date with the ever-changing digital landscape and security threats, by signing up for our free core membership.

The NEBRC is a Police led non-profit organisation that seeks to educate, inform, and support businesses across the UK on how to protect their business online through good cyber security practices.

Cookie	Duration	Description
CookieConsent	1 year 1 month 4 days	This cookie stores the user's consent state for the current domain.
cookielawinfo-checkbox-advertisement	1 year	Set by the GDPR Cookie Consent plugin, this cookie records the user consent for the cookies in the "Advertisement" category.
cookielawinfo-checkbox-analytics	1 year	Set by the GDPR Cookie Consent plugin, this cookie records the user consent for the cookies in the "Analytics" category.
cookielawinfo-checkbox-functional	1 year	The GDPR Cookie Consent plugin sets the cookie to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	1 year	Set by the GDPR Cookie Consent plugin, this cookie records the user consent for the cookies in the "Necessary" category.
cookielawinfo-checkbox-others	1 year	Set by the GDPR Cookie Consent plugin, this cookie stores user consent for cookies in the category "Others".
cookielawinfo-checkbox-performance	1 year	Set by the GDPR Cookie Consent plugin, this cookie stores the user consent for cookies in the category "Performance".
CookieLawInfoConsent	1 year	CookieYes sets this cookie to record the default button state of the corresponding category and the status of CCPA. It works only in coordination with the primary cookie.
elementor	never	The website's WordPress theme uses this cookie. It allows the website owner to implement or change the website's content in real-time.
wpEmojiSettingsSupports	session	WordPress sets this cookie when a user interacts with emojis on a WordPress site. It helps determine if the user's browser can display emojis properly.

Cookie	Duration	Description
pardot	past	The pardot cookie is set while the visitor is logged in as a Pardot user. The cookie indicates an active session and is not used for tracking.
_fbp	3 months	Facebook sets this cookie to display advertisements when either on Facebook or on a digital platform powered by Facebook advertising after visiting the website.
_ga	1 year 1 month 4 days	Google Analytics sets this cookie to calculate visitor, session and campaign data and track site usage for the site's analytics report. The cookie stores information anonymously and assigns a randomly generated number to recognise unique visitors.
_ga_*	1 year 1 month 4 days	Google Analytics sets this cookie to store and count page views.

Cookie	Duration	Description
lpv*	1 hour	This cookie is part of Pardot and prevents the tracking of multiple page views over a single session.
visitor_id*	1 year 1 month 4 days	Pardot sets this cookie to store a unique user ID.
visitor_id*-hash	1 year 1 month 4 days	Pardot sets this cookie to store a unique user ID.