My Account Got Hacked on Social Media! What Now?

Hijacked social media accounts are increasingly being used to carry out online phishing scams. Whether you’re a big or small account, this cheat sheet will help you to avoid getting hacked on social media.

Can I Get Hacked Online?

Security hygiene is a decisive factor when considering the integrity of an online account, such as email and social media profiles. Generally speaking, poor security hygiene results in higher exposure to cyberattacks, while healthy security habits go a long way to reduce the risk of getting hacked online.

𝕏 (formerly known as Twitter) is a common playground for social media hackers who often carry out online crypto phishing scams under the guise of trusted accounts which have been compromised. Very often, the ruse would involve a large or influential account tweeting an urgent-sounding announcement which sounds to good to be true, along with a phishing link. Hackers often lock the comments section when publishing such fake posts in order to buy more time before the scam is unraveled.

The sections below provide some guidance on how to cultivate and maintain healthy security hygiene and avoid falling victim to social media hacks. You can also download the full cheat sheet for free.

Multi-Factor Authentication

Multi-Factor Authentication (MFA) or Two-Factor Authentication (2FA) is an additional layer of security that is necessary to prevent hackers from hijacking your social media account. It consists of a backup password or key code that supplements your primary sign-on method. In a worst-case scenario where your password is exposed or your device is compromised, MFA would require a separate key to verify ownership of your social media account.

When using MFA, there are some important things to note:

• Use a hardware authentication device, such as a YubiKey. In the absence of a hardware authentication device, opt for an authenticator app like Google Authenticator or Authy.
• Disable SMS-based authentication from your social media account because threat actors can easily take advantage of this type of MFA through sim swap attacks.
• Remove your phone number from your social media account to reduce the risk of exposure to sim swap attacks.
• Generate encrypted backup codes from your social media account and store them offline, preferably on paper in a safe location.

App Permissions

It is common for apps that integrate with online platforms to request access to view and interact with user accounts as well as the data relating to them. Such apps routinely present a list of requested permissions which a user has to approve before they are allowed to connect to the account. These permissions vary in scope, and the more invasive types can be manipulated to hijack a user’s account or to steal data related to the account.

There are three cardinal rules for handling app permissions:

• Always read the app permissions carefully and decline the request if anything looks suspicious, or if you do not fully understand what any of the permissions means.
• Disconnect old sessions from your account to prevent a future exploit of the open permissions.
• Never click links originating from an unverified source.

Due Diligence

Human error plays an understated role in successful cyberattacks. Neglecting due diligence increases the risk of falling victim to online hacks. For social media users, especially those who regularly interact with crypto online, there are some tools that make it easier to stay safe.

• Pocket Universe phishing blocker detects malicious phishing links originating on 𝕏 (formerly known as Twitter), thereby helping users to avoid them.
• Ad Block screens pop-up ads which often hide malicious links on the Internet.

FailSafe is the ultimate composable blockchain security toolkit, empowering you to fight back against crypto thieves. With our battle-tested tools, individual users and enterprises are beating scams effectively. Start protecting your assets today.