You’ll never find out your Facebook account has been hacked or hijacked. Allow me to walk you through the process of getting back on your feet. Following that, I’ll give you some proactive security tips you can use to avoid or at least reduce the likelihood of this terrible event occurring.
You can lose control of your Facebook account in three ways.
On your computer or phone, you gave a family member or friend access to your Facebook account.
They proceed to consume content, post messages like you, or befriend random people. This happened to a friend of mine, who had a grandchild staying at her home for a week. The girl left town and left a mess behind on my friend’s Facebook account. “She didn’t post anything to my account, but I had odd friend requests that I had to clean up. I decided to just quit using my account.” This is more of a nuisance than a hack, but still annoying.
Solution: First, check Facebook’s security page to see if your account is already logged in somewhere else.
This list should also serve as a reminder of all the devices you’ve previously used to access Facebook. After finding (and then removing) an older Windows laptop from the list that I hadn’t used in years, I took this screenshot. You’ll also notice an entry for my iPhone, which is in Indiana. Because I haven’t been to that state in years, the geo-location algorithms are occasionally off. Even if your account hasn’t been hacked, checking this screen on a regular basis to ensure you haven’t accidentally enabled a login is a good idea.
If you don’t recognize (or don’t use) any of the devices on this list, you can force them to log out of your account by clicking the three vertical dots on the right. After that, make your password one-of-a-kind. Also, remember to sign out of Facebook (and Messenger) before lending your device to anyone in the future.
Someone creates a new account with your photo and name.
Then they try to recruit your Facebook friends to join their account.
Solution: All you can do is tell everyone you’re still you and ignore the imposter. This should serve as a warning if you receive a friend request from someone you believe you’ve already befriended or with whom you haven’t communicated in years. A word of advice: ask them if the request is genuine via email or text.
The worst scenario
Someone guesses your password and consequently locks you out of your account. This is the most serious situation, and the only way to fix it is to figure out what else you’ve linked to your Facebook account and how determined you are to get it back.
Solution 1: Make an attempt to reactivate your account on your own. Using Facebook’s own cryptic and frequently contradictory procedures. Most people I know have tried it this way. However, you will quickly discover that there is no simple solution. You’ll have to contact Facebook support through someone else’s account, which seems counterintuitive, so see if your spouse or friend is willing to help. (Don’t be tempted to create a second account; doing so may result in both accounts being canceled.) Then you must choose one of several options (finding an unauthorized post, creating an account with your own name and/or photos) and go down the rabbit hole to recover your account.
If you use Facebook to log in to other websites, you must disconnect these connections. Otherwise, a hacker could gain access to your other accounts. Try using Facebook on other devices you’ve used before: the hacker might not have automatically logged you out.
Solution 2: It’s a good idea to unplug yourself from Facebook at this point. The problem is that you have someone impersonating you who could use your identity to commit crimes or put you in dangerous situations. Not to mention that they may attempt to use your bank accounts or open credit cards in your name.
Taking Security Measures
There are some steps you can take to secure your Facebook account, or at the very least lessen the pain if it is. You must begin by completing at least one of them today and make sure you finish them all as soon as possible.
Make your Facebook account more secure by adding additional login security. Facebook presents you with a number of perplexing options, but I recommend using a two-factor authentication app like Google Authenticator. (You can begin by visiting this Facebook page.)
Two-factor authentication (also known as 2FA) entails logging in with an Android or iOS smartphone app. Following your username and password, Facebook will prompt you to enter a series of six numbers generated by the app. Because these numbers change every minute, you’ll need to keep your phone close by when logging in.
Check to see if you’ve set up any payment options on Facebook. I was surprised to discover my PayPal address was linked to my Facebook account while researching this article — and I thought I was being cautious about my Facebook security. There are two places where you should look. First, there’s Facebook Pay, which shows if you’ve set up any credit cards to make direct payments to people or organizations. To remove any ad payment methods, go to this other link. If your company is running any advertising campaigns, you must first halt them.
Apps and websites that are connected should be removed. If you’ve logged into third-party apps with your Facebook credentials, now is the time to review and delete them. It’s also a good idea to get rid of any business integrations. You lose the ability to log in to these other services automatically, but you also protect yourself if your account is hacked.
You should have at least two people with admin rights on your Facebook business page. It will be nearly impossible to recover your business account if you are the sole administrator. (Go to Page Settings > Page Roles.) Second-factor authentication should be enabled for this contact.
Examine the email contacts in your account. You should have at least a second contact email for this Facebook page so that Facebook can send you notifications if your primary email address is compromised. Use different passwords for these different email accounts, of course.
This might appear to be a lot of work, and the Facebook settings pages have a lot of places to visit and pay attention to. Furthermore, because Facebook’s settings are subject to change, the links provided above may become inactive in the future.
Before you click, consider what you’re doing. If you receive a message claiming that your account has been compromised from what appears to be a social media company, do not click any links or call any phone numbers in the message. This could be a hacker’s bait. Instead, go to the website or download the app directly.