What to do when your Facebook account is “hacked”

I still use Facebook. About twice a month one of my friends posts “My Facebook account got HACKED! I changed by password but they’re still sending friend requests to my friends! What do I do?”

Or something similar.

Rather than re-typing the same basic instructions to people again and again I decided I’d put these handy instructions into a blog post and after this I can just send people this link. Saves me a lot of typing.

First off, if you can log into your account and change your password then you still have control over your account. If you go check your profile and all of the recent messages were posted by you, then no one else is accessing your account either.

If someone is sending friend requests to your existing friends, guess what? They’re not logging into your account to do that. You already have these people as friends, and you can’t send a friend request to someone who is already your friend.

So your account wasn’t “Hacked”. No eViL haX0r took over your account. Your account was “Cloned.”

Cloning is easy to do. This is what cloners do:

  • First they look for someone who has the privacy on their “Friends List” set to “public”. Someone like you.
  • They write down your name, then right-click and download your public profile picture. (Profile pictures are always public.)
  • They create a new account using your name and profile picture.
  • They use your public friend list and start sending friend requests to your friends.
  • After a few days, posing as you, they start hitting up your friends for money or trying other scams on them. “Help me! I’m stranded in [foreign country] and I need money for a [plane ticket/hotel/bail].”

This is what you need to do to fix the problem

  1. Set the privacy on your “Friends List” to “Private”. Now this won’t happen to you again. (probably)
  2. Tell your friends to report the imposter to Facebook. Facebook employees will disable the imposter’s account.

Pretty easy, huh? Here are some detailed instructions.

Set the privacy on your “Friends List” to “Private”

This is what you need to do to make your “Friends List” private. These screenshots were taken from an iPhone, but the same steps apply on a laptop or Android device.

Step 1: Click the Menu button in the lower right hand corner

Step 2: Click on the Gear icon in the upper right corner

Step 3: Scroll down to “Audience and visibility” and click “How people find and contact you”

Step 4: Click “Who can see your friends list?”

Step 5: Click “Only me”

Now the imposters can’t see your friends list and won’t have a reason to clone your account.

Now you just have to…

Tell your friends to report the imposter to Facebook

This is what your friends need to do. (Send them a link to this article if you think that will help them.)

Step 1: Find the imposter’s friend request and click the 3 dots

Step 2: Report the Imposter

Step 3: They’re pretending to be someone!

Step 4: They’re pretending to be a friend of mine!

Step 5: Enter your friend’s name here, select their name from the pop-up list, then click Next

Step 6: You’re done. Click Next to resume wasting time on Facebook

When I’ve reported imposters they’re usually gone within hours.

Hope you find this useful.

4 thoughts on “What to do when your Facebook account is “hacked”

  1. Hi, I wonder if you can help. My account was taken over by a hacker. They changed my email, mobile number and password. After waiting over a month for a reply from Facebook I listed the account as an imposter account. Can I get my account back?

  2. This happened to my WhatsApp How do O handle it? Thete is s0meone usi g my picture, and contact8ng my friemnds on WhatsApp

    • Although in the vast majority of cases, the account’s password has not been compromised, the account has just been cloned. If the account has been cloned, changing the password doesn’t make any difference. It doesn’t make you more secure (no one got your password) and it doesn’t keep the hacker out (because they’re not in your account, they’re just using a cloned account).

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.