Ever had that sinking feeling when you realize something’s gone wrong with your social media account?

You’re definitely not alone. With cybercrime and identity theft on the rise, more and more people are finding themselves locked out of their online accounts, often through no fault of their own.

Let’s take a look at a real-life example that shows just how sophisticated these scams can be. Below is an email we received from Marilyn of Hampton, Virginia, who wanted to share her story as a warning to others:

“Someone impersonated a Facebook friend of mine and sent a message via FB Messenger asking for a favor. They wanted to use the FB feature to ask a friend to help recover their account. I went to their FB page, and it was a clone (can’t see it now). The page had their real-looking profile pic and showed a picture of them out of town helping a family member move. 

A CLOSE CALL WITH A FACEBOOK SCAM THAT TRIED TO STEAL CREDIT CARD INFO

“I asked them to call me so I could know it was them. They video-called me on FB Messenger, and it showed a moving picture of them smiling, but the connection was ‘bad’ and got ‘lost.’  I asked them to tell me something about myself, and they sent me the name of my son (who has a different last name). Satisfied, I agreed to help. They asked that I send them a recovery code which I did. In a flash, they changed the emails (which one was newly fake) and my password, which essentially locked the real me out. 

“I tried to recover my account, but the instructions listed on FB sent me in circles. I Googled FB support and called a support number. They installed AnyDesk on my phone and scanned it. Said someone had purchased $17,000 in bitcoins. If I allowed them to send me one dollar they could verify something. I realized it was a scam and hung up.

“I’ve since changed my email address and passwords for important accounts. Also have created a new FB account. However, I was admin for 3 FB groups, and the hacker got into them. Deleted one year of posts and photos from one group. And is still listed as Admin in another group. I cannot remove them. I imagine they stole my old FB account and are still operating incognito on some sites. Went to my local police station yesterday. The officer said in order to report something it had to be a tangible loss such as money or property. And I should consider reporting it to IC3.gov. How would I find a live person in my area to meet with in person to help me with cyber concerns. Thought you’d appreciate my story, how one awful mistake can lead to thousands of problems.”

Marilyn, we’re really sorry to hear about your experience. It sounds incredibly frustrating and stressful, and your story highlights how even careful people can be targeted by increasingly clever scams. Here are some steps you can take to address the situation and protect yourself moving forward.

Sign up for my FREE CyberGuy Report
Get my best tech tips, urgent security alerts and exclusive deals delivered straight to your inbox. Plus, you’ll get instant access to my Ultimate Scam Survival Guide — free when you join.

Recovering your Facebook account

Having your Facebook account compromised after a hacker has changed your email and password and completely locked you out of your profile can be devastating. While Facebook offers account recovery options, these become challenging when hackers have altered your login credentials. However, don’t worry, as recovery is still possible, depending on certain factors. 

CLONED ON FACEBOOK? HERE’S HOW TO TAKE BACK CONTROL

Report the hack to Facebook

If you have access to a device you previously used to log into Facebook, you can use it to report that your account has been hacked.

• Follow the on-screen instructions to help Facebook locate your account and start the recovery process.
• You will need to verify your identity and recover your account. This may include:Answering security questions you previously set up.Identifying photos of friends if you had previously tagged them.Providing a government-issued ID for verification.
• Answering security questions you previously set up.
• Identifying photos of friends if you had previously tagged them.
• Providing a government-issued ID for verification.

Once Facebook verifies your identity, it will help you regain access to your account. This process may take several days, especially if you need to submit ID verification. 

Recover your account

The hacker may have changed your password, but Facebook can still use your email address or phone number to help you regain access, even if the hacker changed them on your Facebook profile. Ensure you still have access to these contact methods and follow the steps below.

• Go to facebook.com.
• Click Forgot password? below the login form.

• Follow the on-screen instructions to use your email address or phone number to recover the account.

Remove the hacker from groups

After regaining access to your Facebook account, you should remove the hacker from any groups that you are an administrator of. If you’re not an administrator or you have lost your admin privileges, you should file a report with Facebook so you can either get them removed or reclaim your admin rights.

• Visit Facebook’s Help Center to file a report.
• Pick the scenario that best describes your situation.
• Follow the instructions provided by Facebook to report the issue.

Unfortunately, if the hacker removed you as an admin and added themselves, it can be very difficult to regain control. Continue to report the group as compromised and ask other group members to do the same.

Avoiding secondary scams

Marilyn’s story also highlights a second danger of fake support numbers and remote access scams. If you ever find a “Facebook support” phone number online, be extremely cautious. Facebook does not offer phone support for account recovery. Never install remote access apps like AnyDesk at the request of someone claiming to be tech support unless you are absolutely sure of their legitimacy. Scammers use these tools to gain access to your device and personal information.

Reporting the incident to authorities and organizations 

When your online accounts are compromised, it’s important to report the incident to the appropriate authorities and organizations. Your report will not only help you recover from the hacking incident, it will also assist in preventing similar incidents from affecting others.

Knowing where to report these incidents is essential. It can make a significant difference in the investigation and resolution of your case.

Internet Crime Complaint Center (IC3)

As suggested by the police in the email, the Internet Crime Complaint Center (IC3) can help. It’s a joint operation between the FBI and the National White Collar Crime Center for Americans to report cybercrime and fraud carried out over the internet. Visit IC3.gov to file a complaint.

You may not get a direct response, but your experience can help them fight cybercrime and identify threats better in the future. If your case requires them to take action, they will do whatever it takes to find you justice.

Local cybersecurity help

You can also find local cybersecurity experts through the Cybersecurity and Infrastructure Security Agency (CISA). Check if it has a regional office located near you. It will have trained professionals who understand local threats. Their experts can provide you with personalized guidance for your situation. They also offer resources and training to help prevent future cybersecurity incidents.

Protecting your online identity

Protecting your online identity is crucial in today’s digital landscape, especially if you created another Facebook account because the old one was unrecoverable. There’s no telling if cybercriminals will try to gain unauthorized access to those as well.

Here are essential steps to safeguard your digital presence and prevent future security breaches on Facebook and beyond.

1. Change passwords

Continue to change passwords for all your important accounts, including email, banking and social media. Use strong, unique passwords for each account by combining uppercase letters, numbers and special characters. Consider using a password manager to generate and store complex passwords. Get more details about my best expert-reviewed Password Managers of 2025 here.

2. Enable two-factor authentication

Enable two-factor authentication (2FA) on all your accounts to add an extra layer of security. This means you’ll need both your password and a second form of verification (like a code sent to your phone) to log in. So, even if hackers have your password, it will be useless if they don’t have the second verification factor. You can easily do this on Facebook using the steps below:

• Log in to your Facebook account.
• Click your profile picture in the top-right corner.
• Select Settings & Privacy in the menu.

• Navigate to Settings & privacy on Facebook.
• Click Settings in the submenu.

• Click Accounts Center on the left side menu.

• Click Password and security in the left side menu and then select Two-factor authentication on the right

• Select your account in the pop-up.

• Enter the code Facebook sends to your linked email and click Continue.

• Re-enter your password and click Continue.

• In the How you get a login code section, choose a method and follow the steps to complete the setup. The recommended option is the Authentication app, which will link you to an authentication app like Google Authenticator or Microsoft Authenticator. Be sure to also add a backup method in case you don’t have access to the authenticator app. You can do this by clicking Text message in the Add a backup method section and following the instructions to get codes sent to your phone via text message.

LOST ACCESS? HERE’S HOW TO RECLAIM YOUR FACEBOOK ACCOUNT

3. Device security after a remote access scam

If you installed AnyDesk or any other remote access tool at the scammer’s request, your device could still be at risk. Immediately uninstall the app, run a full antivirus and anti-malware scan and change your passwords from a different, secure device. If you notice ongoing suspicious activity, consider resetting your device to factory settings. Here are the steps to reset your iPhone, Android, PC and Mac.

The best way to safeguard yourself from malicious links that install malware, potentially accessing your private information, is to have antivirus software installed on all your devices. This protection can also alert you to phishing emails and ransomware scams, keeping your personal information and digital assets safe. Get my picks for the best 2025 antivirus protection winners for your Windows, Mac, Android and iOS devices. 

4. Monitor your accounts

Keep an eye on your accounts for any suspicious activity.  Also, consider using an identity theft protection service. Identity Theft companies can monitor personal information like your Social Security number, phone number and email address and alert you if it is being sold on the dark web or being used to open an account.  They can also assist you in freezing your bank and credit card accounts to prevent further unauthorized use by criminals. 

One of the best parts of my No. 1 pick is that they have identity theft insurance of up to $1 million to cover losses and legal fees and a white glove fraud resolution team where a U.S.-based case manager helps you recover any losses. See my tips and best picks on how to protect yourself from identity theft.

5. Finding local help

When dealing with Facebook account security issues, you can also look to local support to help you out. It can provide personalized guidance for recovering compromised Facebook accounts and help you establish better security measures. You just need to find the right local resources to address your Facebook-related cybersecurity concerns.

Local cybersecurity firms

Look for local cybersecurity firms or consultants who can provide in-person assistance with account recovery. They will provide experts who specialize in dealing with social media hacks and identity theft. You can find them with a quick Google search like “Local cybersecurity firms near me.” You can also look in local business directories or ask around in your professional networks. Many offer free initial consultations to assess your situation and explain their services.

Community resources

You can also reach out to your community for valuable cybersecurity resources and education opportunities. Your local libraries and community centers may offer free workshops to help residents stay safe online. Government offices also host frequent training sessions focused on helping people protect their digital accounts. The good thing about these programs is that they often provide hands-on guidance for understanding and implementing better security practices.

Extra protection steps 

Protecting your online accounts requires vigilance and knowledge of the best security practices. With cyber threats constantly evolving, understanding how to defend against common attacks is crucial. These tips will help safeguard your digital presence and prevent unauthorized access to your accounts.

Be cautious with personal information

Scammers and cybercriminals are constantly developing new tactics to steal sensitive data. You need to understand how to safeguard your information to prevent yourself from becoming one of their victims.

Here are key ways to protect your personal information online:

Never: Share your passwords, verification codes or account recovery information, even with people who claim to be friends or family.

Always: Verify the person’s identity through multiple channels; don’t rely solely on their social media profiles, messages or emails.

Be skeptical: Of urgent requests for personal data, especially those pressuring you to act quickly before something bad happens.

Check: Sender email addresses carefully. Scammers often use addresses that look similar to legitimate ones.

When in doubt: Contact friends or companies directly through official channels rather than responding to incoming messages.

Consider investing in a personal data removal service: As a final step, consider using a reputable personal data removal service. These services can help remove your personal details from data broker sites and reduce your exposure to future scams or identity theft. Taking this extra precaution can further protect your privacy and give you greater peace of mind online.

While no service promises to remove all your data from the internet, having a removal service is great if you want to constantly monitor and automate the process of removing your information from hundreds of sites continuously over a longer period of time. Check out my top picks for data removal services here. 

Get a free scan to find out if your personal information is already out on the web

Kurt’s key takeaways

You should never share Facebook account recovery codes or any verification information with anyone because scammers can impersonate those close to you to hack your account. Also, ensure you protect yourself by enabling two-factor authentication on Facebook and staying vigilant about suspicious requests.

If you have ever been in Marilyn’s situation, what steps did you take to recover your account and protect yourself from future attacks? Let us know by writing us at Cyberguy.com/Contact

For more of my tech tips and security alerts, subscribe to my free CyberGuy Report Newsletter by heading to Cyberguy.com/Newsletter

Ask Kurt a question or let us know what stories you’d like us to cover

Follow Kurt on his social channels

Answers to the most asked CyberGuy questions:

New from Kurt:

Copyright 2025 CyberGuy.com.  All rights reserved.