Facebook account hacking warning – what you need to know

Fraudsters are posting malicious links from compromised accounts
Tali Ramsey

Which? is warning Facebook users to be wary of a new account hacking scam that could leave your device infected with malware.

Facebook posts saying ‘I can’t believe he’s gone’ and ‘I’m going to miss him’ are appearing on the social media platform. While it may be tempting to click on the links to find out what they're about, be warned that the links lead to malicious malware downloads.

Earlier this year, Action Fraud revealed that 22,530 people reported that their accounts had been hacked in 2023.

Below, we investigate this new Facebook account hacking scam so you know how to avoid it.

Sign up for scam alerts

Our emails will alert you to scams doing the rounds, and provide practical advice to keep you one step ahead of fraudsters.

Sign up for scam alerts
Sign up

Facebook hacking scam

Facebook post hacked

A hacked Facebook account posting a link to a malicious website

1 / 2

  • A hacked Facebook account posting a link to a malicious website
  • A hacked Facebook account posting a link to a malicious website

A large collection of images displayed on this page are available at https://www.which.co.uk/news/article/facebook-account-hacking-warning-what-you-need-to-know-aclY93g3zrJB

Facebook users will encounter this scam when another hacked account you're connected to, or 'friends', post something to grab your attention, such as ‘I can’t believe he’s gone.’ 

Under this post, the hacked account will then post a link, attempting to give the impression that the link reveals the story behind the post.

We’ve seen other versions of this scam where fake news article links are used with eye-catching headlines to encourage clicks.

The links lead to malicious websites that download malware onto your device, infecting it with dodgy pop-ups. If you click the link in this example, you’re directed to a site impersonating antivirus software company McAfee.

McAfee impersonation pop-up

McAfee impersonation scam

A website impersonating McAfee asking you to perform an antivirus scan

1 / 4

  • A website impersonating McAfee asking you to perform an antivirus scan
  • Pop-ups impersonating McAfee asking you to perform an antivirus scan
  • A pop-up impersonating Google Chrome
  • The McAfee website led to by a rogue affiliate

A large collection of images displayed on this page are available at https://www.which.co.uk/news/article/facebook-account-hacking-warning-what-you-need-to-know-aclY93g3zrJB

The website we investigated tricks you into thinking it’s protecting you by encouraging you to conduct a ‘scan’ of your computer. It tells you that your ‘PC is at risk of being infected by viruses’.

After pressing 'scan', numerous pop-ups infect your device making it unusable and each one tells you that your device is compromised in some way. 

Some versions of this scam claim that another person is downloading files from your computer and others tell you that your antivirus is under attack.

All of these pop-ups encourage you to scan your device or renew your McAfee subscription. If you do this you are actually sent to the official McAfee website.

We spoke to McAfee about this and it told us that this is because the scam is the work of a rogue affiliate – an affiliated partner that violates policy agreements.

McAfee told us: ‘Scammers try to take advantage of the McAfee brand reputation by impersonating McAfee through fake messages designed to profit from unsuspecting victims.

‘Sometimes the scammers are rogue affiliates that use scam tactics to sell products. McAfee takes affiliate fraud very seriously, and should an affiliate partner violate our policy agreements, we act quickly to remove them.’

McAfee confirmed that it removed the affiliate partner.

As one of the pop-ups we came across impersonated Google Chrome, we also contacted Google and it confirmed that it was not a warning from Google Chrome. It didn't confirm whether any action had been taken.

Google also explained that earlier this year it updated its URL protection to Google Safe Browsing for anyone using Chrome on desktop, Android and ioS to keep up with the increasing pace of hackers. 

We also contacted Meta and it confirmed that it removed the posts that we reported to it. 

Read more: best antivirus software 2024

Preventing your profile from being hacked

To prevent your social media accounts from being hacked:

  • Don't use the same password across different accounts, create secure passwords and use a reputable password manager.
  • Download antivirus software on your devices.
  • Update your devices – updates include protection from viruses.
  • Set up two-factor authentication (2FA) or two-step verification (2SV). This is when you provide a separate form of identification – such as a code being sent via text – when you log into an account.

Reporting hacked accounts

To report a hacked account on social media, visit the help page of the platform and find out how to recover your account. Then, change your password and log out of your account on all devices before logging back in with the new password.

Let your contacts know that you’ve been hacked and that any messages they receive are not from you.

You should also change the passwords you have to other accounts if the passwords are the same.

Lastly, watch out for recovery scammers contacting you on social media and telling you that they can get your account back as this is just another scam.

You can report fraudulent messages and scams impersonating McAfee to scam@mcafee.com.

If you lose any money to a scam, call your bank immediately using the number on the back of your bank card and report it to Action Fraud or call the police on 101 if you’re in Scotland.

More on this

Related articles