How to protect your social media activity from account recovery scammers : Internet Scambusters #1,101
If your social media account is hacked and you're locked out, there's only one safe route to account recovery. And it's not by paying someone else to sort things out for you.
In this week's issue, we explain exactly what the fraudsters are up to and how easy it is to get tricked.
We give you tips on how to protect your account from hackers and where to go for solutions if you fall victim.
Let's get started…
Account Recovery Fraudsters Want Your Money and Your ID
It's bad enough when someone takes over one of your social media accounts but even worse when you get tricked into paying a fraudster for an account recovery that never happens.
Worse still, it's highly likely that the hacker who took over your account in the first place is also the person now offering to get you out of the mess they caused.
And if you hire them, you also risk having your identity stolen as well as your money.
The Better Business Bureau (BBB) recently reported a worrying rise in fake social media account recovery.
It quoted one victim as saying fraudsters contacted them via Facebook Messenger.
The victim told them: "They said they could recover my Instagram account for me for $100. I paid them and they said they performed the service but would need another $130 to purchase software to 'complete the task.' I paid.
"They claimed the account couldn't be recovered but they could delete it for me for another $50; this time to purchase 'deletion software.' It was not deleted."
Safeguards and Recovery
You know your account has been taken over or otherwise compromised when you can't access it. It's as simple as that.
So, the most important safeguard is to try to ensure your account does not get taken over in the first place.
To do this, the US National Cybersecurity Alliance (NCA) recommends:
- Enable log-on notifications when your account is accessed.
- Use unique passwords of at least 16 characters.
- Enable two-factor or multi-factor authentication, which requires a second password, code, or biometric input.
- Regularly review your privacy settings, including who sees your posts.
- Watch out for phishing attempts, especially if they seem to come from the social media company.
- Delete any accounts you no longer use so they can't be accessed by a hacker.
If you do find yourself locked out of your account, notify your friends and followers so they don't get caught up in a chain reaction that could result in them also having their accounts taken over.
Then, to safely recover from an account takeover, the best advice is to contact the social media site and regain control of your account directly with them.
All the major social media sites offer recovery guidance, though experience suggests this can be a slow and frustrating process. That may be because of the volume of scammers currently operating on their sites.
For example, Facebook, the most common target for fraudsters, suggests this three-step process:
- Go to the Find Your Account page and follow the instructions. Make sure that you use a computer or mobile phone that you have previously used to log in to your Facebook account.
- Search for the account that you want to recover. You can search for your account by name, email address, or phone number.
- Follow the on-screen steps to reset the password for your account.
The NCA, mentioned above, has a full set of links to the recovery services of all the major social media players. They also offer more tips on social media account recovery scams: How to Take Back Control of a Social Media Account.
The BBB also has tips for businesses: What to Do if Your Business’s Social Media Account Gets Hacked.
Should I Use a Legit Account Recovery Service?
You should be skeptical about any unsolicited approaches you receive to recover your accounts. They always ask for money upfront and then use a series of excuses and explanations to ask for more, as in the BBB case quoted above.
Of course, there are certainly legitimate firms out there that offer account recovery, usually as part of a larger security package.
But they can be pricey. One service, which we believe to be genuine, charges $30 a month for this type of package, though it points out that it also may be available free if your bank already subscribes to their service.
However, self-styled security expert Angela Olivia warns against taking this route.
She explained to the question-and-answer site Quora that she advised against using a third party to recover an account because it's difficult to actually verify their validity.
She added: "Sharing personal details, account credentials, or any sensitive information with a recovery company puts you at a significant risk of data breaches or identity theft. Your personal information could be mishandled, misused, or sold to malicious actors, leading to severe consequences."
The BBB also advises against paying for account recovery.
Scammers are everywhere on social media. In just six months last year, Facebook says it removed more than 1.5 billion fake accounts. Make social media account security your priority, and if you do fall victim to a takeover, act quickly and follow the site's route to account recovery.
This Week's Alerts
Click listening: An alarming report from online security specialists Malwarebytes says researchers have uncovered a way to steal keystrokes, such as when entering your passwords, just by listening to them. For now, the discovery is only in the realms of possibility. There are no known cases in the real world - yet. But the use of artificial intelligence to "educate" even a smartphone microphone to distinguish the sounds of individual keys suggests a very real threat for the future.
Is it the real Stanley?: The incredible popularity of insulated water bottles known as Stanley Tumblers has sparked a rash of scams and fake websites selling counterfeit versions of the container. Sales of the tumblers went mega during the holiday period, to the point where they're being regarded by some as "collectibles." The easiest way to spot a fake is the price. Knockoffs are selling for around $6, whereas the real thing can cost up to $40. Wrong placement of the Stanley sticker is also a red flag.
That's all for today - we'll see you next week.