I’ve spent a lot of time recently writing about FB account cloning, simply because I come across it so often. I haven’t paid nearly so much attention to real account hacking because I don’t come across it nearly so often, However, having had occasion to look at it recently, it’s depressing to report that Facebook’s mechanisms for recovering a hacked account don’t seem very effective. (Even less than their responses on cloning.)

In fact, I know several people who’ve lost their accounts and have either given up Facebook or given up trying to get their account back and opened another. Of course, it may be that I do know people who’ve managed to recover their accounts with or without Facebook’s assistance, but simply wasn’t aware of it.

Sadly, I don’t have the knowledge or resources to offer much in the way of advice. There is, of course, a Facebook Help Centre page to help you “Recover your account if you think your Facebook account was hacked or if someone is using it without your permission”. Unfortunately, its range of recovery options seems quite limited.

For example, the guidance tool for ‘helping your friend recover their account’ just leads to the suggestion that you should direct them to FB’s own Help Centre links.

What if a hacker changes your FB contact email to his or her own? Well, FB should send an email to your old address including a link to allow you to reverse the change. But obviously, this might not work: it might not be sent; it might be sent to the wrong address; it might be incorrectly blocked by a spam/scam filter. However, someone I talked to about this recently tells me the link is in any case time-limited. Even big international corporations don’t necessarily (or even often) have email accounts monitored around the clock. Obviously, individuals sleep, go out for the day, or are for various reasons unable or unwilling to access their email for days or even weeks at a time.

Security-related links such as password reset links are often time-limited of course. But if you miss that window of opportunity, you can request another link. How about a fallback mechanism, Facebook? Surely you realize that sometimes your algorithms will fail and people who use your services will need to talk to a human being? FB does publish some phone numbers, but most or all of them seem to lead you to recorded messages that will tell you to contact the algorithms on the Help Centre. It doesn’t seem to publicize them, but there are also some email addresses that may get you a response eventually. No promises…

• [email protected]
• [email protected] (apparently, that’s not to do with disability, but for recovering disabled or hacked accounts, resetting your password, and accessing a locked Page: however, I found that on a page that wasn’t Facebook’s, so again, no promises.)

In fact, Facebook’s best advice seems to be on keeping your account secure. See, in particular:

• Keeping your account secure
• Login alerts and two-factor authentication

My article on Clone Wars Revisited – Facebook Friend Requests is, unsurprisingly, mostly about cloning rather than hacking, but here’s some information on hacking that it does give:

Hack Attack

Hacking, in this context, suggests that the attacker has somehow managed to get the same access to (and control over) your account that you do. This is probably (but I don’t have exact figures) far less common than cloning, since it’s more effort for much the same results – that is, acquiring the ability to exploit you and your friends. But that doesn’t mean it doesn’t happen, or that cloning doesn’t matter.

Here’s how you can get some reassurance that you haven’t been hacked (it’s absolutely not cast-iron proof of invulnerability). This is how I do it from my laptop browser: unfortunately, it’s going to be different on a phone, tablet etc., maybe even differing according to model and OS, but as I’m no longer in the security business, I don’t have access to an infinite number of devices on which to check this out. And yes, there’s a good chance that Facebook will change this procedure sooner or later, but this should give you an idea of where to look. Right-click on your profile icon, at the top left of your home page. Clicking on the ‘Settings and Privacy’ option should take you to your account setting: click on the ‘Security & Login’ option in the left-hand column. There should be a section that tells you where (approximately) you’re logged in (including the device and application) now, and the same information for your most recent sessions. If there are logins and devices that don’t make sense to you, you have a problem: if not, you hopefully don’t. If you see a current login on an unfamiliar device or at an unfamiliar location, you may be able to log out all devices (not just suspicious device, as far as I can see, log back in and change your password before the (presumed) attacker can react.

There are a number of other useful options on that page including:

• • Check your security settings
  • Change your password
  • Choose the devices on which your login information is saved
  • Implement two-factor authentication
  • Review the devices that are currently pre-authorized for login
  • Get alerts about unauthorized logins

And yes, those may change… But they do offer some protection against hacking. You might also consider additional, more generic measures like not using the same password on more than one site; revealing as little information about yourself as possible on the internet to reduce the risk from data aggregation attacks (whereby an attacker gets your data from a variety of sources); being conscientious about installing security updates, and so on. While you can’t get 100% protection from all security issues – leakage of your data from a breached website you don’t control, for instance – you can certainly reduce those risks with due diligence.

I’d also strongly advise that you don’t respond to comments recommending people who can ‘help’ recover your account, whether your problem is hacking or just cloning. Here’s another excerpt:

Help from hackers

As mentioned above, you may see comments from self-described experts or hackers offering to help you regain your hacked account, or from people recommending such helpers, even when your account has probably not been hacked but cloned. Regard them with suspicion: they may be from people wanting better access to your account. I’ve also noticed more comments than usual advising the people concerned to contact pseudonymous hackers/anti-hackers (often on Instagram) to get help. These are often not from real people at all, but from bots programmed to respond to keywords like “hacking” – this happens on other social media platforms too. Giving your details to someone random and pseudonymous on a platform that security experts tend to mistrust is not a good idea: normally, I’d suggest just ignoring such comments or even deleting them (certainly if they appear to come from someone you don’t know). While Facebook can be slow in responding to cloning notifications, they’re a safer option than a self-proclaimed ‘hacker’.

It’s possible, of course, that the scammers will also respond to words like ‘cloned’ or ‘compromised’, either now or in the future. However, it may be that they’ll figure that if you know the difference between hacking and cloning, that you’re not likely to be a ready victim.

[Added 19th July 2023] – I’ve posted about some worrying developments in the way bots post ‘recommendations’ for ‘people who can help’ here: Helpful Hackers

David Harley

*** This is a Security Bloggers Network syndicated blog from Check Chain Mail and Hoaxes authored by David Harley. Read the original post at: https://chainmailcheck.wordpress.com/2023/08/01/facebook-account-hacking/