With so many people using social media these days, it has become a major target for hackers and cybercriminals. Some of the reasons they want to compromise your account include reselling it on the dark web, collecting your private data, or sending spam to your followers.
- Use a Strong Password
- Keep your Password Protected
- Don’t Reuse Passwords
- Enable Two-Factor Authentication (2FA)
- Beware Phishing Emails
- Be Cautious With 3rd Party Apps
Use a Strong Password
First off, let’s talk about password strength. If your password is something simple that can be guessed easily, then believe us when we say that you will be hacked. No more passwords like “123456”, “password123”, or your kid’s or dog’s name.
Instead, your password shouldn’t be a word at all—it should be a minimum of eight random characters that are a mixture of uppercase letters, lowercase letters, numbers, and special characters. There should be no pattern to this and it needs to be completely random. For more information, see our full guide on Password Strength and Security.
Keep Your Password Protected
If you are worried about remembering complex passwords, a password manager such as KeePass or LastPass can help keep your complex passwords organized for you. You might be amazed just how many people still keep their passwords listed in plain-text files on their computer or on their office desk using Post-It notes. If you do this, then you are opening yourself up for people to steal access to your accounts.
Also, be careful about sharing certain information on social media. We have recently seen “cute” polls or threads that encourage you to share something like a memory of the street you grew up on or your first pet. These are often the same as your security questions for your password to be reset. If you share this information online, someone may be able to steal the info and use it to change your password and hack your account.
If you need to share your password with someone, we recommend using a tool such as PassEncrypt. This allows you to securely transfer sensitive text information.
Don’t Reuse Passwords
When you are creating a new account on a retailer’s website, do you use the same password as your Facebook or email account? It doesn’t matter where you’re creating the account or which password you are reusing, the issue is that you are reusing a password. This is very dangerous.
If that password was compromised on one site, it could affect any other accounts that you have used that password for. Every online account that you created should have a different password.
Enable Two-Factor Authentication (2FA)
Another way to protect your account is with two-factor authentication (2FA). This requires an extra step in the sign-in process to verify that you are the user. A typical two-factor authentication is to have you log in (first authentication) and then send an access code to your smartphone or your email that you have to enter to continue (second authentication).
Even if a hacker can steal your first level of security – your password – they typically won’t have access to your text messages to do the second level of security with the security code. This can be added to most social media, including Facebook.
Beware Phishing Emails
A very common method that hackers use to access accounts is through phishing. Phishing is when someone sends a “fake” email pretending to be from a legitimate company in order to trick you into giving them your login credentials.
For example, you may receive an email with a link purporting to be Instagram, when really it is from a fake website instead. Clicking this fake link will take you to a page that is made to look like Instagram, for example, and it will prompt you to log in. When you enter your login information it will record this data.
At this point they have successfully tricked you into giving them your account details. They can then use that to gain access to your account.
To help prevent hacking on social media via phishing, we’ve listed out several steps that we recommend you take before clicking any links or entering any information.
- Check the sending email address. Sometimes it can display a name over the top of it (like Instagram) but when you click on the name, it will display a full email address that is very clearly fraudulent.
- What are you being asked to do in the email? If the message is asking you to login or “verify your account”, you can delete the message and know that it is very likely phishing.
Another type of email that can be an attempted phishing scam, are emails informing you that your account password has been changed or your account is suspended.
Check the address to make sure it is coming from the actual domain such as @instagram.com. If you don’t feel comfortable, you can always go to the social media site and securely change your password.
Note: Most social media accounts will send an email after the account was created for verification. They can also send you an email for resetting your password.
For more detailed information, see our full guide on Avoiding Phishing Scams.
Be Cautious With 3rd Party Apps
Just like you wouldn’t allow a total stranger into your house, you shouldn’t let unknown third-party apps have access to your social media. This can include popular apps by other developers such as social media post schedulers for businesses. Once you give them access to your account, you leave yourself open for them to take advantage of your trust. Especially, if the app has been designed by a hacker or cyber criminal.
The number of people in the United States with a social media account has been steadily climbing over the past decade. Almost everyone has some sort of social media account these days.
With all of that personal information floating around online, it should come as no surprise that hackers and thieves are targeting social media accounts. Not only are social media accounts being targeted, but so are websites. So, be proactive in protecting your information from online phishing attempts.