What to do if your Facebook page gets hacked
In light of the recent Facebook hacking of the UNSW brand page, George Photios outlines what to do if your page gets hacked and how you can prevent it from occurring.
The attack on UNSW’s Facebook page over the weekend, presumably timed to coincide with its Open Day, is just the latest in a spate of cyber attacks on the world’s biggest social media platform.
While it may seem out of your control once your page has been hacked, there are a few things you need to do to restore the service and some simple things to reduce the risk of it happening in the first place.
Hackers get into a Facebook page through one of its administrators, not usually by hacking into Facebook directly. A page administrator likely clicked a bogus email link and typed in their password, which is then sent to the hackers.
These dodgy links can also be sent via Facebook private message that purport to be from Facebook claiming that its terms have been violated. If you click the link (to verify your page), it will then prompt you to enter your username and password again. If you ever feel like you’ve done something like this, it’s probably a good time to change your password.
Once hackers have gained access to your account the first thing they do is change any other administrators access rights, keeping themselves as the sole administrator of the account. Essentially, they’ve locked you out of the account.
From there, they’ll start posting to the page. Posts usually start relatively harmlessly but then can move on to be more graphic, as in the case of UNSW, or sinister posts throughout the hacking period.
The reality is that once your page has been hacked there is very little you can do directly. The first thing is contact your Facebook account manager (if you have one) and tell them what’s happened. They then submit the request to Facebook’s support office in the United States where it can rectified.
If you don’t have an account manager, contact a social media agency that does and see if they can help.
Most social media users are savvy enough to realise that the account has been hacked, so don’t stress. Post about it on other social networks (as UNSW did) and tell your followers that you’re working to have it resolved as soon as possible.
Once Facebook has received your request, they’ll reinstate you as an administrator, but won’t necessarily remove the hacker as an admin of the page. So, the first thing to do is to go into your page’s admin roles and remove any admins you don’t remember adding.
It is also vital that all Facebook admins change their Facebook password. It is likely UNSW didn’t change the admins or passwords after its first attack on Saturday, which is why they lost control of their pages again the following day.
Once your page gets hacked, there’s nothing you can really do but wait for Facebook to react.
However, if you change your passwords frequently, don’t click any suspicious links (never type your login details into a link emailed to you), keep on top of who is administrating your page, and don’t forget to log out of your computer, you can reduce the risk of your Facebook page coming under attack.
- George Photios is managing director at digital marketing agency G Squared
Surely forcing all admins to enable two-factor authentication on their account is the most important step of all. That would completely eliminate the possibility of being hacked I would have thought – perhaps not by Anonymous but certainly by some kiddie planning to post nude photos.
User ID not verified.
Astute, logical, rational points to contrast the sensationalist piece from yesterday!
User ID not verified.
@Josh – indeed. And there’s another thing individual users should do.
I know of a fb page that was posting spam links by some unknown user – and that user was not listed as a page admin and wasn’t known by anyone.
Turned out that an app had installed itself on one of the admin’s facebook account (probably after the admin clicked on some dodgy link) – it was having fun with both his personal facebook account AND the page he administrated, posting links to dodgy sites and apps using a different (fake) profile name.
In short, users should also go to: Settings > Apps in facebook, and check that there are no strange looking apps in there – delete any you’re not sure about.
User ID not verified.