Social Media Account Takeover
The compromise of a victim's social media account to post scam content, impersonate the victim, or extract money from their followers.
Also known as: Instagram hack, Twitter account hijack, Facebook account takeover
Last reviewed: 10 June 2026
Social media account takeovers typically result from credential stuffing, phishing, or SIM-swap MFA bypass. Once attackers control a high-follower account, they can pivot it to promote investment scams, cryptocurrency fraud, fake giveaways, or malware-hosting links to the account's established audience.
Verified or celebrity accounts are especially valuable because followers have a pre-existing trust relationship. Attackers may also contact the victim's friends and family in private messages claiming an emergency requiring money, exploiting the trusted identity.
Enable the strongest available MFA on social accounts, use a unique password, and review authorised third-party applications regularly. Warn contacts immediately if your account is compromised.
Examples
- A celebrity's account is taken over and used to promote a cryptocurrency giveaway scam, directing followers to send funds to receive double back.
- A compromised account sends private messages to all followers claiming a family emergency and requesting money via a payment app.