How to avoid getting hacked on Facebook and Instagram

Hackers – it’s something that happens to other people right?

Ever received a message from a friend via Facebook that looks a little, well, ‘off’? And then soon after you see a post from them saying that they’ve been hacked.

They ask you to ignore the message. Which you duly do and life continues as normal. No harm done right?


Last week we found out the hard way, when a hacker got into a client’s personal Facebook page. And then started trying to spend our money.

Luckily Facebook was onto it and refunded the $430 spend on our credit card before we even had to ask.

But it could have been devastating given that the hackers had set up an ad selling fake camping equipment, with a budget of $22,000 a day.

They did it by stealth. On a Sunday when the Likeable team was out and about enjoying the weekend.

Our head honcho Likeable Nick happened to see a notification about an ad approval and was curious to know who was working on a Sunday. Turns out it wasn’t any of the Likeables. It was definitely an ‘unlikeable’.

So how did it happen?

Anyone who has access to a business page on Facebook, gets into that page via their personal Facebook account. If their personal account isn’t secure, it’s like leaving the door ajar. And hackers can potentially nudge it open.

All of us at Likeable have measures in place safeguarding against this. But we aren’t the only ones who have access to our clients’ pages.

The good news is, it’s very easy to secure your Facebook and Instagram accounts. You just have to make sure that everyone who has access to your business page has put these measures in place.

Two-factor authentication – why you need it

Let’s cut to the chase. Two-factor authentication (2FA) is the most important measure you can put in place to avoid being hacked.

If you haven’t already put it in place, stop what you’re doing and do it now! It only takes a few clicks and could save you a whole lot of heartache.

2FA makes it impossible for anyone to log into your Facebook account from an unknown device. And you receive alerts if anyone tries.

How to turn on two-factor authentication on Facebook

  • Click on the blue dropdown arrow, in the top right-hand corner of your Facebook page.
  • Scroll down to ‘Settings’ and click.
  • Go to ‘Security and Login’ on the menu at the left-hand side of the page. Click.
  • Scroll down to ‘Use two-factor authentication’ and click ‘Edit’.
  • Choose the authentication method you want (ie text message (SMS) or a third party authentication app) and follow the on-screen instructions.
  • Click ‘Enable’.

You can then set up some of the optional methods below:

  • Approving your login attempt from a recognised device.
  • Using one of your recovery codes.
  • Tapping your security key on a compatible device.

If you haven’t saved the computer or mobile device you’re using, you’ll be asked to do this when you turn on 2FA. This means you won’t have to enter a security code when you log in again.

NOTE: Don’t click ‘Save this browser’ if you’re using a public computer that other people can access.

But wait there’s more!

You can also set up security alerts if someone logs into your account from an unknown device.

Here’s how:

  • Go to Settings/Security and Login, as above.
  • Scroll down to ‘Get alerts about unrecognised logins’. Click ‘Edit’.
  • Choose how you would like to receive notifications ie via Facebook, Messenger, Email – or all three.
  • Click ‘Save changes’.

How to turn on two-factor authentication on Instagram

  • Open Instagram, and tap the ‘Account’ icon in the lower right-hand corner (the round circle with your profile picture in it).
  • Tap on the three lines in the top right-hand corner.
  • Tap on the ‘Settings’ cog that appears at the bottom of the screen.
  • Go to ‘Security’, and tap on ‘Two-factor authentication’.
  • Choose your weapon! Ie ‘Text message’ or ‘Authentication app.’
  • Note down the ‘Recovery codes’ under ‘Account recovery’ and store them in a safe place. You can use these if you lose your phone and can’t get back into your account.

Stay alert!

With hackers getting more and more sophisticated, nothing is fullproof. So, even with 2FA you should always have your wits about you. Stay alert and use your common sense.

  • Choose a secure password (PASSWORD and abc123 are two of the most common passwords – yes, really!!!).
  • Hide your email address (because you use it to log into Facebook).
  • Disable any apps you don’t use, or recognise.
  • Set a limit on your Facebook Ads manager account.
  • Check your account regularly.
  • Stay on the lookout for suspicious emails.

After our recent experience we checked in with all our clients to make sure they had 2FA in place, and advised them to make sure anyone with access to their Facebook and Instagram accounts did likewise.

Call it a cautionary tale.

You’re on social media to get ‘likes’.  So, keep the unlikeables out with these simple security steps.

Likeable Lab Logo

Let's make some cool sh*t

Let's make some cool sh*t

Terms & Conditions
Likeable Lab Logo

Let's make some cool sh*t

Let's make some cool sh*t