How do I protect my social media accounts from being compromised?
Use a unique strong password with app-based two-factor authentication on every social account, and recognise that a hijacked account will be used to scam your followers while appearing to be you.
Last reviewed: 10 June 2026
Explanation
Social media account takeovers are valuable to scammers because a hijacked account comes pre-loaded with trusted followers who are more likely to engage with a message that appears to come from someone they know. Compromised accounts are used to spread investment scams, phishing links, fake giveaways, and emergency money requests — all in your name.
The most common takeover methods are: phishing links that go to a fake login page capturing your credentials, and third-party app authorisation where you grant excessive permissions to a quiz or tool that then posts on your behalf or harvests your data. Review the connected apps in your account settings regularly and revoke any you no longer use or do not recognise.
For passwords: use a password manager to generate a unique string for each social account. Reusing a password from a breached service is the fastest route to having your account taken over, since attackers run automated credential-stuffing scripts within hours of major breaches. Enable two-factor authentication using an authenticator app rather than SMS on your primary social accounts.
Be cautious of direct messages that create urgency: a 'friend' who says they are in trouble and needs money via Venmo, a message saying your account will be deleted unless you click a link to verify it, or an offer to verify your account with a blue tick if you pay a fee. These are consistently scam formats. Treat unsolicited DMs that involve money or clicking a link with the same scepticism you would apply to an email.
Common red flags
- Unexpected login notification from a device or location you do not recognise
- Direct message from a friend asking for emergency money or to click an urgent link
- Account posting content you did not create — possible takeover already occurred
- Request for your login credentials to enter a giveaway or receive a prize
- Message offering account verification for a fee
- Friend's account sending a link to an investment or crypto platform
What to do now
- Enable two-factor authentication on all social media accounts using an authenticator app
- Use a unique password for each social platform stored in a password manager
- Review connected apps in your account settings and revoke any you do not recognise
- Set up login alerts so you are notified of any new device access
- If your account is taken over, use the platform's account recovery process immediately
- Warn your followers if your account was compromised so they do not fall for messages sent in your name
Frequently asked questions
What do I do if my social media account has already been hacked?
Use the platform's account recovery process — for most platforms this is an 'I can't access my account' flow accessible from the login page. Once recovered, change the password, review and revoke connected apps, check for profile changes (email, phone number) the attacker may have made, and post a notice to your followers warning them about any messages sent from your account while it was compromised.
Why do scammers want to hack social media accounts?
A trusted account with an established follower base is a ready-made audience for scams. Followers are more likely to click a link, send money, or engage with an offer that appears to come from someone they already trust. Accounts with large followings are also sold outright on criminal marketplaces.