My account has been taken over. What should I do, step by step?

Hacking into an account on a social network is not only a troublesome situation. It can have far-reaching consequences, including the generation of large financial damage, e.g. by using our identity to commit a crime. What's worse - we can expect an attack from virtually every side - not only from the outside, but also from people in our environment who have easier access to our devices and accounts.

How to recognize the takeover of a social account?

As a rule, recognizing that our account has been compromised should not cause us any particular difficulties - we will simply not be able to log into the account. However, not always a villain will immediately want to completely cut us off from logging in.

The signals that should alert us are:

  • messages about the change of login details (absolutely),
  • suspicious activity that we did not carry out ourselves, such as likes of pages and posts, comments, new friends,
  • spam messages sent from our account to other users (e.g. messages to our friends asking for borrowing money - of course via a transfer to the given account).

The criminal who takes over our account may also directly inform us of this fact, asking for the payment of "ransom" in exchange for giving the account and / or not using it for evil purposes.

What steps should you take?

Before we even go to the police, steps must be taken to reduce losses. And we should take these steps as soon as possible, preferably immediately, as soon as we realize that something is wrong.

Option A: I can login

Step 1. Change the password

The first thing we should do - if there is such a possibility - is to change the password to log into our account. It's best to choose a good, strong password that contains uppercase and lowercase letters, as well as special characters and numbers. We should not use passwords that we used elsewhere.

If we have the opportunity, it would be good to do this operation from a different computer than the one we always use - it may be infected with malware.

Step 2. Logging out of other sessions

Some social networking sites, such as Facebook, allow you to open multiple sessions on different devices. Thanks to this, we can use Facebook on both our computer and telephone. Facebook also allows you to view active sessions (https://www.facebook.com/settings?tab=security). We can view which devices and in which location are currently logged into our account and log them out (this operation can also be performed from the phone using the SpotTheSpy application).

Step 3. Two-step authorization

Currently, most social networking sites and email accounts offer the possibility of increasing the level of security by additional authorization, e.g. sending an SMS to our phone at the time of login or connecting an application that generates tokens. If you haven't used this option yet, do it immediately, regardless of whether your account has already been taken over or it will happen.

Step 4. Verify your data and activity

First check if the person who logged into your account has not changed the data and how to reset the password (e.g. email that is used to reset the password). This would help the criminal reset the password again and log in to your account again.

Second, check your account activity. In particular, whether they were sent to friends asking for borrowing money or with a link to a site infecting malware. Also check likes, comments and friends, and for email sent messages.

Option B: I can't log in to my account

In this case, the situation is more difficult, but still to be saved. Most websites and services on the Internet adhere to certain standards, including the possibility of taking over an account by an unauthorized person.

Forms for reporting account takeover:

Usually, the recovery of an account taken over is possible, but it will require us to confirm that we are the owners of the account, e.g. resetting the password using the email account that was used to set up the social account - information about this email address is often stored in the database even if in the meantime we change the email assigned to the account to a different one (or the criminal does it). The only condition that must be met is that we must still have access to this mailbox.

In some cases (e.g. on Linkedin) we may be asked to send a scan of an ID document which will allow us to state that we are the person we claim to be. However, the identity document will only work if we have set up an account for our real data (for some time, as part of the fight against fake news, social networking sites require confirmation that the personal data provided during registration is authentic. However, this is based solely on the statement).

After regaining the ability to log in to the account, we should do everything that was described in option A.

Do I have to report account hijacking to the police?

Taking over someone else's account on a social networking site is considered a crime, although the severity of the crime is perceived differently in different countries (often it depends on the consequences and possible damage). Thus, we are obliged to report this type of crime to law enforcement authorities - if only to prevent the offender from continuing his practice and exposing other Internet users to losses.

How to document and report the account takeover?

The main thing is to note the most important facts and description of events, which would include information about when we noticed the symptoms that our account was taken over and what the symptoms were. We'll also describe the steps we've taken to secure or recover your account.

Also useful will be any kind of information that will complement our description and confirm it: screenshots, messages and e-mails sent from our account without our knowledge (also e-mail informing us that our login details have been changed), messages from the criminal in which we he is blackmailing etc.

We should report to the local law enforcement authorities with this documentation, which is important as we can later be summoned to provide additional explanations.

Prevention is better than cure

Losing your social media account or email account is not a dead end. Most often we have the opportunity to recover it, although of course in the meantime, we can also suffer some damage due to violation of privacy or loss of certain data. Therefore, it is definitely better to prevent such situations than to repair them later.

Good practices:

  • do not use simple passwords (eg admin1234, name123),
  • use a combination of upper and lower case letters, special characters and numbers,
  • do not repeat the same passwords in many places (if there are many, do not write on the card, just use the password storage application)
  • use two-step authorization (sms or tokens),
  • protect your devices with a password and remember to be logged out when you leave the room in which the device is located,
  • watch out for suspicious messages that inform you that your password has been made public and you must change it now (providing your old and new password) - note the address of the password change page,
  • do not download files from unknown sources,
  • use antivirus software,
  • update the software.