I’ve been investigating a number of social media hacks targeting facebook users as persons have come to me to recover more than 10 business pages in the past two weeks, more than half of which I was unable to.
Facebook support has been zero help throughout this process, despite subscribing to Meta Verified for priority support, so I’m writing this with the hope that more people are vigilant and take the necessary steps to secure their accounts.
How the hack works
Bad actors are sending malicious WhatsApp messages and emails claiming to be facebook support that urges victims to click on a link to verify their accounts or it will be deactivated. The link takes users to a site that resembles facebook at first glance and prompts them to enter their email and password. Doing so will give attackers access to your account and recovery is likely impossible.
How to protect yourself
- Exercise good judgement. As of this writing facebook will NEVER send you a whatsapp message regarding any account violation, blockage or termination of your account.
- Read the messages/emails carefully, there’s bound to be obvious grammatical errors or language that does not make sense.
- Never click on links if you cannot verify the sender.
- Be weary of emails/messages that scream urgency; (do this in 24hrs or your account will be blocked - that is not facebook’s policy)
- If you can, use a separate email address for your social media accounts.
- Enable two factor authentication (2FA) via an authentication app and disable text message verification. Phone numbers change, cell carriers recycle numbers and for a number of other reasons this is less secure than a third party auth app.
- Change your password at least twice a year. This is easy if you use a password manager. Bitwarden is a good free option.
- Share this post with your friends and family and read my Practical guide to online safety for the average user :)