Social media hacking is an increasing problem. 22,530 people reported their accounts had been hacked in 2023.
With access to your social media accounts, a fraudster could attempt to steal your identity, sell your personal information, or attempt to con your friends and family.
We look into these social media hacking scams to highlight what's involved, what to look out for and how you can protect yourself and your loved ones.
Social media hacking scams make you look like the scammer
In a social media hacking scam, a fraudster takes over your social media accounts. They block you from accessing them by changing your login details. They then impersonate you to promote their own fraudulent schemes.
Because the content appears to have come from you, your friends and family are more likely to trust what they see and fall for the scam.
Fraudsters use hacked social media accounts to promote a variety of scams
There are all sorts of different scams that fraudsters might promote using hacked social media accounts. For example:
Investment fraud. Scammers may post content to your accounts claiming you’ve recently made a large amount of money from a “savvy” investment. They’ll tell your followers to contact you via the platform to get a piece of the action. They’ll usually then ask for money to invest, then vanish without a trace.
AI scams. The fraudster could use artificial intelligence to analyse your existing social media posts to create new images and even videos of ‘you’ to post to your accounts. For example, they could make it look as though you’ve had an accident or are in trouble and need help. They can then use these to support a story they’re telling to your contacts to persuade them to send ‘you’ money.
Verification code scams. Some scammers use the access they have to your accounts to hack your contacts’ accounts, too. They message your friends and family through your social accounts, pretending to be you. They’ll spin a story to convince your friends and family to share an account verification code sent to them by text message or WhatsApp. However, the code they share gives the fraudster access to their account, too.
Fake competitions. If fraudsters hack social media influencers’ accounts, they may use them to host competitions that you have to pay or hand over sensitive information to enter. But the competition is fake, and there are no winners.
You can also be scammed while trying to recover your account
If being hacked by fraudsters in the first place isn’t bad enough, you can also be scammed while attempting to get your accounts back. This can happen in two ways:
Extortion
The hacker who stole your social media account login may contact you demanding payment to give your accounts back. But once they’ve received money from you, they vanish and never hand your accounts back to you.
Recovery fraud
With recovery fraud, scammers pose as companies who claim they can get your social media accounts back for you or recover money you’ve paid to a fraudster. But this is a type of “advance fee fraud”, where you pay for a service that you don’t receive because it doesn’t exist.
Recovery scammers are particularly rife on social media. If you use any accounts that you can still access to let your contacts know you’ve been hacked or scammed, fraudsters may approach you to offer their supposed services. They are also known to infiltrate groups and forums set up to support scam victims.
How to spot and avoid social media hacking scams
We spoke to our in-house fraud expert, Ben Fleming, about the best ways to protect yourself from social media hacking scams.
Here are Ben’s top tips to keep your accounts safe, and spot when someone else’s account has been compromised.
Use a different, strong password for each account you have.
Using the same password everywhere may be easier to remember. But if a fraudster gets hold of it, they’ve got the master key to all your accounts. Using a password that they know worked on another of your accounts is called “credential stuffing”. If you have different passwords for each of your accounts, then this tactic is less likely to work.
It’s also important that you create strong passwords. The strongest passwords are long and use a combination of upper and lower-case letters, numbers, and special characters. This makes them harder to guess. It can mean they’re harder to remember, too, but using a password manager can help you with this!
Make use of enhanced account security features
If a social media platform you’re using offers two-factor authentication or other extra account security features, use them. Two-factor authentication is where you’re sent a code by text or email after you’ve provided your username and password, which you enter as an extra check before you log in. Having features like this enabled can make it harder for fraudsters to hack into your accounts, even if they have your login details.
Beware of social media content that looks too good to be true
If something looks too good to be true, it probably is. The person you know who’s started posting about how much they’ve made from a mysterious opportunity probably isn’t a financial genius who can teach you all their tricks. It’s far more likely that their account has been hacked and the “opportunity” is an investment scam. Or it could be an enticement to become a money mule. This is a serious crime that can come with a prison sentence if you’re caught and convicted.
Watch out for people posting unusual (for them) content
Someone suddenly posting about dodgy investments isn’t the only sign that they’ve been hacked. Anything that’s out of the ordinary for them could be a red flag. For example, a friend may contact you through a social media platform’s messaging features when that’s not how you typically keep in touch. A family member may start posting content where they appear to be abroad, when you know they didn’t have any trips planned. Or social media influencers that you follow may start posting different content, hosting more competitions than usual, or creating content asking for money.
Leave the detective work to the professionals
If you suspect that someone has been hacked by a scammer, it’s important that you leave dealing with it to the professionals.
Don’t engage with the fraudster, even to try and gather evidence to prove who they are. This could put your own accounts at risk.
Instead, report the account to the social media platform through their help centre. The platform’s team will then investigate and disable the account if they find suspicious activity.
Reporting a social media hacking scam
If you come across someone posting scam content on social media, you should report it to Action Fraud and the social media platform.
If you’re the one who’s been hacked, then it’s important that you also get word out to your family and friends to let them know. Not everyone will realise what’s happened straight away and may fall for the scams your account is being used to promote.
Many social media platforms have signed up to the Online Fraud Charter. This is a voluntary agreement with the UK government in which they pledge to do more to fight fraud. The commitments they’ve made under the charter include having simple processes to report suspicious activity. They’ll also support hacked users to get their accounts back.
If you’ve been the victim of a social media hacking scam, then you should also report it to:
- Your bank or credit card company, so that they can secure your account and try and help recover any money you’ve lost.
- Your local police, by calling 101. They can log the crime and give you a reference number (which may help you get your money back)
Remember, if you or someone you know are in immediate danger, call 999.
Become a money maestro!
Sign up for tips on how to improve your credit score, offers and deals to help you save money, exclusive competitions and exciting products!