Can a scammer take over my social media account?
Yes — through phishing, password reuse from breaches, SIM swapping, or account recovery manipulation, social media accounts are taken over regularly and used to scam your contacts.
Last reviewed: 10 June 2026
Explanation
Social media account takeover is extremely common because it is both lucrative and relatively easy. Once a scammer controls your account, they have access to your contact list, your trusted identity, and sometimes payment features — making it an ideal launching pad for further fraud against people who trust you.
The most common entry point is phishing: a fake login page designed to capture your credentials. These pages circulate as links in messages, emails, or even comments, often claiming to show you who viewed your profile, offer a prize, or warn you about a copyright strike. Credential stuffing (using email-and-password pairs from unrelated data breaches) is equally common, exploiting password reuse.
Once inside your account, scammers typically lock you out by changing the password and recovery email, post fraudulent content (fake crypto giveaways, romance scam solicitations, fake emergency messages asking for money), and message your followers directly. Even after you recover the account, some followers may have already been defrauded.
Protect your accounts with a unique password and authenticator-app based 2FA — most major platforms now support this. Review authorised apps regularly. Understand your platform's account recovery process before you need it, and set up a recovery email and phone number from a separate, secure account.
Common red flags
- You are suddenly logged out and your password no longer works
- Friends message you about strange posts or direct messages from your account
- The recovery email or phone number on the account was changed without your knowledge
- Login activity shows access from an unfamiliar country or device
- You receive a phishing message in your DMs claiming to be from the platform
- A 'verify your account' link arrives that wasn't triggered by you
What to do now
- Use the platform's account recovery process immediately if you are locked out
- Change your password as soon as you regain access, then revoke all active sessions
- Enable two-factor authentication using an authenticator app
- Check and update your recovery email and phone number
- Review authorised third-party apps and revoke any you don't recognise
- Post a notice to your followers that your account was compromised so they disregard any suspicious messages
- Report the incident to the platform using the 'compromised account' reporting tool
Frequently asked questions
Can the platform help me recover if the scammer changed my email and phone number?
Most platforms have a dedicated compromised account recovery flow that uses alternative verification methods — identity documents, trusted contacts, or video selfies. Start with the platform's help centre under 'hacked account'.
My account was taken over and used to scam people. Am I liable?
Generally not, as the fraud was committed by the attacker. Document the takeover and recovery timeline clearly. Contacting the platform's trust and safety team to have the fraudulent posts removed quickly helps protect others.