top of page
  • Admin

How Your Instagram and Facebook “Friends” Can Steal Your Social Media Account

Published: October 08, 2022 on our newsletter Security Fraud News & Alerts Newsletter.

It’s time to resurrect the old adage “With friends like these, who needs enemies?” Thanks to the nonprofit Identity Theft Resource Center (ITRC), their work has uncovered a social media hack victimizing users of Facebook and Instagram using friendship as a lure. Although attacks targeting social media users are nothing new, this latest scam tugs on the heartstrings of helping a friend in need. But the only thing this friend really needs is overtaking your social media account with your help, of course.

Of the many scams circulating on social media, the ITRC finds account takeovers on the rise. They report that last year, the inquiries about these takeovers totaled 320. They also find that in the first three months of this year alone, those inquiries total nearly 500. Digital Shadows reports identity thieves sell the victim’s hacked Instagram credentials on the dark web for $45 a pop, compared to selling Social Security numbers for only $2 each.

With A Little Help from My Friend

The account hack starts when a user receives a message from someone they assume is a friend. This “friend” asks for help getting back into their own social media account and sends the victim a link to open for that help. Once the link is clicked, the victim is locked out of their account and the account takeover begins.

The ITRC report shows that of the surveyed victims of social media account takeovers, 70% were permanently locked out of their account. An astonishing 71% of victims say the hacker contacted the friends on their compromised account. About 67% of respondents say the hacker continued posting to their stolen account after being locked out. Having no control over what a hacker posts in your name is not only disturbing, but the posts can also help the attacker procure more victims for future crimes, using your friend list.

Avoiding Social Media Account Takeover Scams

The ITRC lists what their study victims say they now do, and wish they had done, to minimize the risk of another account takeover. Remember, these tips were learned the hard way and they can help keep you from turning over your social media account to a hacker. According to the study, some of their actions include: putting security monitoring or credit freeze on credit reports; regularly checking credit reports; using unique and complex passwords or passphrases for online accounts and apps; using multifactor authentication when it’s available; regularly updating mobile devices and computer hardware and software; not accessing or downloading sensitive information on public Wi-Fi.

The ITRC invites questions and provides support for minimizing vulnerability to social media account takeovers by visiting their website, through live chat, and by phone. Their help is also available to those who believe they may have already had their account compromised.

Keep up to date: Sign up for our Fraud alerts and Updates newsletter

Want to schedule a conversation? Please email us at


bottom of page