📱 Day 13: How Hackers Hijack Your Social Media
Cyber Defense & Security Practices“They don’t need your bank account to ruin you. They just need your Instagram.”
— The Digital Underground
🎬 Scene: The Takeover
You wake up.
Your friends text you:
“Dude… why are you selling crypto scams on your IG story?”
You try to log in.
Access denied.
Email changed.
Phone number replaced.
Your social media?
Hijacked overnight.
And it’s being used to scam everyone who trusts you.
🧠 Why Hackers Want Your Social Media
You think:
“I’m not famous, why would they care?”
Here’s why:
✅ Access to your friends/followers = more victims
✅ Access to your DMs = blackmail material
✅ Access to saved credentials (people store passwords in chats)
✅ Selling your account on black markets
✅ Running crypto scams using your profile
🕵️♂️ Common Ways Hackers Hijack Accounts
| Method | Example |
|---|---|
| 🎣 Phishing | Fake Instagram login page via DM link |
| 🐛 Malware | Keylogger steals password |
| 👥 SIM Swapping | Hijacks SMS-based 2FA |
| 🔗 OAuth Abuse | “Sign in with Facebook” scam apps |
| 🛠️ Credential Stuffing | Using leaked passwords from breaches |
🚨 Red Flags You’ve Been Compromised
- You’re logged out unexpectedly
- Recovery email/phone changed
- Friends say you’re sending weird DMs
- New posts you didn’t make appear
- Password reset emails you didn’t request
🧠 Hacker Vocab of the Day: “OAuth Phishing”
OAuth Phishing tricks you into authorizing a malicious app to access your account — without ever asking for your password.
🛡️ How to Defend Your Accounts
✅ 1️⃣ Enable 2FA (Use Authenticator App, not SMS)
Go to Instagram/Facebook/Twitter settings → Security → 2FA → choose Authenticator App.
✅ 2️⃣ Revoke Suspicious App Permissions
- Instagram: Settings > Apps & Websites
- Facebook: Settings > Security > Apps & Websites
- Google: myaccount.google.com/permissions
✅ 3️⃣ Use Unique, Long Passwords
16+ characters. Use a password manager.
✅ 4️⃣ Be Suspicious of DM Links
Even from friends — if a DM says “Is this you in this video?” or “Check this out” → don’t click.
✅ 5️⃣ Set Up Account Recovery Info
Make sure your email & phone number are up to date and secure.
🎯 Action Step
Today’s mission:
1️⃣ Enable 2FA on all social media accounts (Authenticator App > SMS)
2️⃣ Revoke access for any apps you don’t recognize
3️⃣ Check if your email was involved in past breaches at https://haveibeenpwned.com
🔮 Coming Tomorrow:
🔓 Day 14: Weekend Challenge – Secure Your Castle
It’s time to lock down everything you’ve built so far.
💻 Stay locked. Stay clean. Stay untouchable.
– Saney Alam