My personal Facebook/Messenger (Meta) account has been hacked. In spite of all the warning messages I’ve been seeing about accounts being compromised, I didn’t think it would happen to me. But it did. So I think it is my duty to warn my readers how to recognize the hack and not fall as victims, or at least help a friend. This happened in the Philippines, but who knows? It may happen elsewhere. The hack may be Facebook connected, but the primary method used to hack is Messenger.

This was my experience, and I would consider it their modus operandi:

1) Their primary mode of communication is through Messenger, but they need Facebook credentials.

2) They may ask you for money. They’re very good at pretending through their gracious, humble and apologetic approach. But if there’s any indication that you will help your “friend”, they become pushy, like there’s an urgency. But of course! You are fish that snagged the bait. They will reel you in. (Yeah, it didn’t feel right, but I ignored the red flags because I wanted to help a friend).

3) They may just ask for your email and phone number without asking for money. This is worse than falling for giving money. This is how they access and multiply the accounts they hack.

• They say they have a new address book in Yahoo and they wish to add you there. I am inclined to think they’ll use another script, such as adding you to a new Gmail address book, or a new Contacts list — anything that would justify asking for your email and address.
• You’ll receive a message that’s supposedly a “confirmation code.” This is actually an OTP (one-time password). Maybe they use the “Forgot Password” option to generate the OTP.
• They’ll ask for that “confirmation code”. This is actually their way of getting into your FB account. DO NOT GIVE THEM YOUR EMAIL OR PHONE#. These seem like “safe” information to give to a friend, but that’s the first step to getting hacked. DO NOT GIVE THEM THE CONFIRMATION CODE/OTP.

4) UPDATED section: When you’ve been hacked, changing your FB password may work if you act fast enough. You have to be quick, because they act fast.

• If you are not logged in to your FB account and the password was changed, you need to recover your FB account. Go to https://www.facebook.com/login/identify and follow instructions.
• If you are logged in to your FB account, go to the account Settings and change your password. If the hacker has changed the password, you may have to use the Forgot Password option. Use a method only you have access to, to receive the new OTP.
• Still under Settings, go to Password Security. It should display “Where you’re logged in.” Choose the suspicious login from a location you don’t recognize and log it out.
• The hacked OTP should be for one-time use, so hopefully the hackers won’t be able to get back in.

5) UPDATED section: If you fail to change your password and successfully log them out, they will delete any warning messages you send when you think you’ve regained access to your account. They will regain access to your account and lock you out forever. Consider this account GONE. Ask a friend to post warning messages for you in Messenger. Start with your family and closest friends in your chat groups. They are the ones most likely to trust messages from your account. Then as much as you can remember, ask a common friend to warn your other friends who are not in your chat groups yet you message frequently. But also ask a friend to post warning messages for you in Facebook, not just Messenger, making sure they tag your account. This will reach YOUR specific group of friends.

6) In less than an hour of getting hacked, the hackers will have reached many of your connections. And they won’t stop nor slow down as you scramble to warn your friends. You must be equally quick as soon as you realize you’ve been hacked. They don’t easily give up. You have to ask your connections to UNFRIEND the hacked account if it becomes unrecoverable.

7) Don’t send the FB warnings just once. They may find ways to hide posts. And it’s so easy for posts to get lost on the newsfeed. Keep warning your connections.

8) There are ways to report a scam or a hack on FB. But they usually instruct you to recover your account. But recovering your account may be an exercise in futility because these hackers are quick. There is no guarantee that FB will suspend your account. Maybe if a lot of your friends report the hack or scam, the chances of your account’s suspension is higher. Again, consider your hacked account inaccessible and unrecoverable if you can no longer recover it. It’s GONE.

9) Inconvenient as this sounds, get another phone number and email. It may take a while to update all your phone-based or email-based accounts, two-tier authentications, and what-nots, but it will be worth it for your own peace of mind, as well as your friends’. And you might wish to drop out of FB/Messenger altogether!

I pray this post gives you enough information to recognize the hack or take action if you’ve been hacked. If you’re not sure about a Messenger request, give your friend a call to confirm. I wish I did!

God bless you and watch over you.