Earlier this week, Saumitra, a former colleague, sent messages to everyone alerting them of the hacking of his wife, Asmita's WhatsApp account. He also requested everyone not to respond to any message from her 'hacked' WhatsApp number. Saumitra told me they have filed a complaint with the local police station, too, but there has not been much progress in the investigation. On further prodding, he told me they were worried since the hacker was now making phone calls to people from Asmita's contacts list. I realised it was not just a case of WhatsApp hacking but a SIM swap, where the hackers obtained a new SIM using Asmita's credentials and, thus, could access her WhatsApp account and contacts so far. I told Saumitra and Asmita to visit their mobile service provider and get a new SIM for her number by submitting the necessary know-your-customer (KYC).
As I mentioned
in the previous column, Ashish from Lokmat Video also faced the issue of WhatsApp hacking when the fraudster asked him to dial a code from his number. However, after dialling the code, all his incoming calls were diverted to the number shared by the fraudsters. Using the voice call verification method, the fraudster highjacked Ashish's WhatsApp account. However, in this case, except incoming calls, all other services on Ashish's SIM were active. I told him to contact his mobile operator or dial a code from his number to stop the call from being forwarded to the fraudster's number. After doing this, he was able to restore his WhatsApp account.
What is common in both the above and similar cases is the realisation (utter shock!) that your account, be it WhatsApp, Instagram, Facebook, X (Twitter), or LinkedIn, to name a few, is hacked. The majority of users panic after that realisation. Most cannot digest that someone cracked their 'ultra-robust armour shield' to hack their social media accounts. At the same time, for all types of mischief with their social media account, all users love to use 'the most famous term' (read: generic) 'hacked'!
However, not everything is hacked, per se. For example, in the case of Ashish, only incoming calls on his mobile were forwarded to another number which was used for voice call verification to activate his WhatsApp account from some other device or web. So, the 'hacking' was limited to his WhatsApp account. On the other hand, in Asmita's case, which is of a more serious nature, her SIM was swapped, and thus, fraudsters could access her other accounts, like WhatsApp or possibly her bank account which are linked to a mobile number.
While it is common for victims to panic or suffer from anxiety or trauma from the account hacking incident, they must remain calm and analyse or diagnose (root cause analysis—RCA—as is known in cybersecurity) what exactly happened. Once the victim figures out exactly what happened and what caused the incident, it becomes easier to recover the account.
In today's digital age, social media platforms such as WhatsApp, Instagram, Facebook, and LinkedIn are integral to our personal and professional lives. Unfortunately, these accounts are prime targets for hackers who exploit vulnerabilities to steal sensitive information, spread scams, or misuse profiles. If your social media account has been hacked or stolen, swift action is essential to regain control and secure your data.
Before diving into platform-specific recovery methods, here are general steps (RCA) applicable to all social media accounts to check and verify whether your account is hacked or not.
a. Check for signs of a hack
- You cannot log into your account, despite entering the correct credentials.
- Unauthorised posts or messages appear on your profile.
- Friends or contacts receive suspicious messages from your account.
- Your email or phone number linked to the account has been changed.
- You receive login alerts from unfamiliar locations or devices.
b. Try logging into the account and resetting the password
- Try logging in using your usual credentials.
- If unsuccessful, use the 'Forgot Password' or 'Reset Password' option.
- Follow the platform's verification process, usually through email or SMS.
c. Check for account recovery options
- Many social media platforms offer security questions, backup codes, or trusted contacts to verify your identity.
- If recovery options are compromised, proceed with the platform-specific account recovery process outlined below.
d. Scan your device for malware
- Hackers may gain access to accounts through malware or phishing attacks.
- Run a full antivirus scan on your computer and mobile device to detect malicious software.
e. Notify friends and followers
- Inform your contacts that your account has been hacked to prevent them from falling victim to scams.
- Advise them to ignore suspicious messages and links coming from your account.
How To Recover Accounts
WhatsApp
- Log out of suspicious devices: Open WhatsApp on your phone, go to Settings > Linked Devices and log out of any unrecognised devices.
- Reinstall WhatsApp: If you are locked out, uninstall and reinstall the app. Enter your phone number and verify it via SMS.
- Two-step verification: If the hacker has enabled two-step verification, you will have to wait seven days before you can access your account without the PIN. (Note: If you have set up the two-step verification, then hackers will find it very difficult to access your account, even if they have control over your SIM, calls or SMS. So please enable it. )
- Contact WhatsApp support: Email [email protected] explaining the issue with your phone number in an international format (use country code, for example, +91 for India, followed by your 10-digit mobile number).
Instagram
- Reset your password: Go to the login page, select 'Forgot password?' and follow the prompts.
- Check your email for security alerts: Instagram sends an email if your account details are changed. If you receive one, click 'Secure Your Account Here'.
- Use 'Help Us Recover Your Account': On the login page, click 'Need more help?' and follow the verification steps which may include submitting a video selfie to confirm your identity.
- Contact Instagram support: If recovery options fail, visit the Help Centre (https://help.instagram.com/).
Facebook
- Try to log in and reset your password: Use 'Forgotten password?' on the login page and follow the instructions.
- Check for email notifications: Facebook alerts you about suspicious activity. If you receive a notification that your email was changed, revert it immediately using the provided link.
- Use the 'Find Your Account' option: Visit https://www.facebook.com/hacked to report an account compromise and follow recovery steps.
- Report an impersonation: If the hacker is misusing your account or creating fake profiles, visit https://www.facebook.com/help/. Search for hacked and impersonation accounts and follow the given steps.
LinkedIn
- Reset your password: Use 'Forgot password?' on the login page.
- Check your email for alerts: If LinkedIn detects unusual activity, you may receive an email with recovery instructions.
- Report the compromise: If you are locked out, visit https://www.linkedin.com/help/linkedin/solve/contact and follow the steps.
- Secure your account: Once regained, enable two-step verification via Settings > Sign-in & security.
X (Twitter)
Snapchat
- Reset your password: Use 'Forgot Password?' and follow the verification process.
- Check your email for account changes: If you see unauthorised changes, revert them immediately.
- Contact Snapchat support: If locked out, visit https://support.snapchat.com/en-US/i-need-help.
- Enable login verification: Turn on two-step verification in Settings > My Account.
Here are a few suggestions…
a. Change your passwords
- Use strong, unique passwords.
- Create passwords using memorable phrases; mix them with numbers and special characters.
- Never use a word from a dictionary as a base or password.
- For financial transactions, create and use a password with a length of at least 13 characters
- Consider using a password manager.
b. Enable multi-factor authentication (MFA)
- Most platforms support MFA via SMS, email, or authentication apps like Google Authenticator.
- Enable MFA in the security settings of your social media account.
c. Review connected apps and devices
- Check for suspicious apps or devices linked to your account and remove unrecognised ones. For example, if you only use the WhatsApp app on your mobile device and find that the account is also being accessed through the web, then remove the web access.
- Review permissions granted to third-party apps and revoke access if necessary.
d. Educate yourself about phishing and scams
- Avoid clicking on suspicious links in emails, messages, or social media.
- Be cautious of fake login pages that mimic legitimate sites.
- Verify requests for personal information before responding.
e. Monitor your accounts regularly
- Enable login alerts to receive notifications of new sign-ins.
- Check activity logs for unauthorised actions.
- Log out of unused devices and sessions.
Having your social media account hacked can be distressing, but swift action can help you recover and secure it. Start by following platform-specific recovery steps, enhance your security settings and remain vigilant against future threats. Taking proactive measures such as enabling multi-factor authentication -MFA, using strong passwords, and staying aware of cyber threats will significantly reduce the risk of another compromise.
Stay Alert, Stay Safe!
