I must admit that it is quite a stressful experience and for some, it may even turn out to be a harrowing one.
A basic question that you may have is:
Why would someone be interested in my Facebook account? =/
There could be various reasons why someone would want to sneak into your Facebook account.
Tarnish your image – Someone wanting to tarnish your image may maliciously use your account to post inappropriate content to your network. This can not only put your reputation at stake, but at times, may land you in legal trouble. It could be that disgruntled employee or co-worker, a school bully, a business rival or a mean competitor.
Espionage – A suspecting partner or an ex, an unwittingly curious friend or a corporate competitor may have wicked interest in tracking your activities.
Identity theft – Your personal information is valuable to hackers and can be used for carrying out other malicious activities under your name. Exposure to credit card numbers or sensitive information would make it easier to uncover.
Swindling – This is a big motive if you use Facebook for monetary transactions like sending or receiving money, or setting up paid ad campaigns. An attacker with an intent of siphoning off some money could potentially hack into your account to set up automatic payment options through Facebook.
Hacker training ground – In many cases, social media accounts are simply a training environment for hackers to test their skills.
How do I know if my account is compromised?
Knowing if your account is hacked, may or may not be very trivial. Someone with an intent of identity theft or espionage may be a passive listener tracking your activities; in which case, it would be difficult to notice. Most others would make it much evident by posting inappropriate or misleading content on your wall, sending phishing links to your friends, changing your password or personal settings, and/or making fraudulent payments through your account. It would therefore be easy to notice these activities.
To curb passive attacks, it is a good practice to check your Facebook activity log at regular intervals and look for any actions not initiated by you. This can be done by navigating to:
Settings & Privacy → Activity Log.
You may also check which devices were used to access your account by going to Settings & Privacy → Settings → Security and Login → Where You’re Logged In.
If you do not recognise a device listed here, you should log out from that device by clicking on the three dots alongside the device name.
This health check is highly recommended if you use a Facebook Business page or a Facebook Ad account because they contain your financial information and the stakes are much higher.
What do I do?
When you realise your account has been compromised, the most important question arises – what do I do now? Following steps will help you calm your nerves and lessen the fog from your head.
If your financial data is exposed:
If you do not recognise a financial transaction from Facebook, report it immediately to Facebook.
If you own a Facebook Ads account, suspend the ads by deactivating them though Business Settings → Ad Accounts → <<selecting required ads>> → Deactivate
Report your hacked account to Facebook
Change your Facebook account password and make sure to use a strong one
If your account is hacked without any monetary impact:
A good start would be to inform your friends and connections about the compromise to avoid any mistrust, or possibility of getting them scammed through you.
Check for unrecognised devices that were used to access your Facebook and report them by clicking on “Not you?” and logging out from those devices by selecting the “Log Out” option.
Immediately, change your Facebook account password.
Report your hacked account to Facebook by following the steps at this link.
If you suspect your account was cloned, meaning a duplicate account by your name was created to carry out malicious activities, report the cloned account to Facebook by clicking on the three dots next to the cloned profile name and selecting “Give feedback or report this profile” option and follow further instructions. You can find more information here.