What to do when your Facebook is “hacked” in South Africa

South African Facebook users should be aware that impersonations or clones of their accounts can have significant repercussions for their friends or family members.

When it comes to cybercrime in South Africa, many people are quick to use the word “hacking” when referring to a wide range of nefarious online activities.

Strictly speaking, hacking involves the exploitation of vulnerabilities in computer networks or systems to gain unauthorised access or control, sometimes with malicious intent.

While not unprecedented, it is fairly rare that a major company like Facebook’s parent Meta Platforms has a vulnerability in its cybersecurity systems that would allow for actually hacking an account without the victim playing some part in the incident.

Nevertheless, it is not unusual to see a friend or family member complaining their account was “hacked,” creating a widespread impression of flaws in Meta’s security.

The problem is often not that the person’s account has been compromised or hacked but that their identity is being impersonated on a separate account.

Impersonation can be used to exploit a particular user’s relationship with their Facebook friends to ask for money or sensitive information that could lead to those friends’ own accounts actually being compromised.

Facebook cannot easily stop malicious actors from creating profiles with the same name as another user because many real people share the exact same name.

The platform offers several features that help reduce the likelihood of impersonation — like the Profile Picture Guard — but these are not foolproof and are sometimes not switched on.

Once they have set up an account with identifiers resembling an actual user, malicious actors may attempt to connect to some of the actual user’s friends or family.

Artificial intelligence (AI) tools have also made it easier for foreign actors to devise more convincing messages in natural language.

To minimise the likelihood of being impersonated on Facebook, you should set your privacy settings so that only accepted friends on Facebook can view your photos and posts.

Facebook provides detailed instructions on how to report a profile or page impersonating someone or pretending to be a company, organisation, or prominent person.

It is also important to warn your friends or family members that someone is impersonating you and that they should ignore any unsolicited messages asking for money or other information.

If the impersonating profile has blocked you, ask family or friends who can view it to report the profile. You can also report the profile or page in Messenger.

When your account is truly “hacked”

While profile impersonations or cloning are more likely, actual Meta account takeovers or “hijackings” on Facebook, WhatsApp, and Instagram have also been a major problem in South Africa in recent years.

In these incidents, malicious actors typically gain access to a user’s account through phishing, the collection of sensitive information such as passwords or one-time PINs using social engineering or other trickery.

One common way in which information is successfully phished is by impersonating or cloning the account of the victim’s close friend or family member on Facebook, as described earlier in this article.

There have also been many cases where attackers used more sophisticated techniques, at times exploiting unforeseeable issues within Meta Platforms’ own systems or device platforms.

In 2024, a layout quirk in Facebook Messenger allowed attackers to link to a phishing website through a “Show Profile” button.

If a user tapped the button on a smartphone, they were redirected to what appears to be the real Facebook login page with a “m.facebook.com” URL.

However, viewing this link on a computer would show that the m.facebook.com link is part of a page screenshot and not in the actual URL bar.

Some users who didn’t pick up on this entered their login credentials, effectively giving away the keys to their account.

Once the attacker has taken over the account, they lock out the legitimate user by changing the password and, if necessary, devices for two-factor authentication.

Attackers often target Facebook users who use the platform’s advertising system and steal the victim’s advertising credits to promote scams and malware or sell to similarly unscrupulous operators.

In these cases, it is far more difficult for the legitimate user to recover their account as Facebook would need to conduct a thorough investigation into the incident.

Facebook also provides steps for kicking an imposter off your account, which will require using a device from which you previously used the app.