Account Safety - Part Two

How to Regain Access to Your Lost Online Accounts

In part one of our series, we explained how to safely grant online account access to your marketing agency. In part two, we show you how to regain control of your accounts if a rogue agency locked you out.

You hired a marketing agency (or other digital service providers) with the best of intentions. You invested money, time, and most of all – your trust — in the hopes of amplifying your brand, gathering leads, and boosting your bottom line. Unfortunately, the company you hired didn’t turn out to be a good fit… and now you want to recover full control of your assets. In part two of our series, we show you how to regain access to your online accounts and protect yourself better in the future.

Hijacking is Hacking

Think of computer hackers and perhaps you conjure images of faceless, foreign entities trolling the dark web in search of your banking password. And while it’s true that illegally obtaining access to another person’s online account is a form of hacking, it’s not the only way it’s done.

When it comes to unscrupulous agencies, they hack your accounts by hijacking control once you’ve invited them in.

In both scenarios, your account – and everything in it – is now in the hands of someone who isn’t you; a situation experienced by more than half of all consumers.

The Forever Client

When your banking portal, Zelle, PayPal, or Venmo gets hacked it’s pretty easy to surmise that someone is after your money. When an agency hijacks your WordPress, Mailchimp, Shopify, or GoDaddy account, however, the reason may not seem so clear.

An agency of integrity wants only the best for its clients, even if that means parting ways.

When an agency and a company aren’t a good fit, or they’ve come to the natural end of a working relationship, the return of company assets should be seamless and professional. If the agency created accounts for the company, they should relinquish ownership and be removed from the account. Nefarious agencies, on the other hand, try to trap clients into staying by retaining “ownership” of the accounts they created or removing them from the accounts to which they were granted access. Often, business owners don’t realize that this constitutes unauthorized access and can be prosecuted.

Prevention is Key

The best remedy for stolen accounts is to prevent a hacker (or hijacker) from acquiring them in the first place. In addition to following the steps outlined in part one of this series, here are some additional actions you can take to keep your company assets safe:

  • Don’t open emails from addresses you don’t recognize
  • Use strong passwords and change them often
  • Keep your devices and software up to date
  • Use two-factor authentication
  • Don’t click on misspelled or odd-looking links in emails
  • Avoid using public Wi-Fi to access your accounts
  • Backup your data (then restore it if lost)
  • Only enter financial information into secure websites (they use the HTTPS:// protocol)
  • Educate your employees about information sharing and protection
  • Hire a reputable agency

Let Me In!

But what if you signed with your cousin’s, neighbor’s daughter’s “agency” and now you’re locked out of Instagram, is there anything you can do?

Google around a bit and you’ll quickly get discouraged. That’s because no one should be able to access an account for which they don’t have credentials; even through no fault of their own. In fact, Facebook heralds that they don’t offer support to help users locked out of their personal accounts. Of course, if that shady agency left the username as your email or phone number, just click the forgot my password button and you’ll get an email with a reset link. If, however, they removed your email and replaced it with one they own, recovery becomes a bit trickier.

Help is Here

The following are a few ways to recover accounts to which you’ve lost access. Keep in mind that you will need to submit proof that you own the company and the account and even then, perseverance is required.

You expect online platforms to keep your information safe, so be patient while working with support. It’s their job to keep bad actors out of your accounts so expect to jump through hoops to regain access. That whole “catch more flies with honey” thing really does work, especially when dealing with service providers who are often verbally abused throughout their workday. There are many more platforms not covered here so, should you require assistance with one, in particular, contact us for help.

**Note – if you find these options beyond your technical prowess – request assistance before proceeding.

GoDaddy

If you’ve lost access to your domain or GoDaddy account, do the following to request a credential reset. This will work if you’ve either:

  • Lost access to the email address listed in your account.
  • Don’t have access to the account with your domain and you’re listed as the registrant.
  1. Go to the Regain Access To My Account form.
  2. Select Email Access or Domain Access.
  3. Enter one or more domain names in your account, then select Next.
  4. Enter your First NameLast NameEmail Address, and Phone Number, then select Next.
    • If you’re requesting access to a domain, enter an email address different from the one associated with your domain.
  5. Upload a scanned or digital color photo of your government-issued photo identification. If you are not the account holder or domain registrant, upload identification for both the account holder or registrant and you. Select Next.
    • ID is required to make sure that you’re the account owner, keeping your account safe from takeover attempts. For more information about these requirements, see the Terms of Service.
  6. In the dropdown list, select Yes or No to verify whether a company is listed as the account holder. Select Next.
    • If you select Yes, enter the Company Name and upload a government-issued document for company identification.
  7. (Optional) Select Yes or No to verify whether you also want to cancel 2-step verification for the account, then enter any additional information.
  8. Select Next.
  9. Next to the agreement(s), check the box and then complete the security challenge.
  10. Select Submit. GoDaddy will reach out to you directly about your request.

WordPress

If a hacker has locked you out of your account, you should be able to manually reset your admin password via phpMyAdmin:

  1. Log into your web hosting account and access cPanel. 
  2. Under Databases, select phpMyAdmin.
  3. Select your website’s database.
    1. If you don’t know your database name, access cPanel > File Manager > public_html.  Right-click and select edit your wp-config.php file. You’ll find your database credentials in this wp-config file.
  4. Inside your database, you’ll see a number of tables displayed. Select wp_users and edit it. 
    1. Here you create or edit users and set passwords.
  5. Locate your username, and under user_pass, in the Value fieldenter your new password.
  6. Save your changes
  7. Access the WordPress login page and use the new login credentials to enter your wp-admin panel.

Facebook Business Page

If you were the admin of your Facebook business page and were then removed by a hacker – click here to regain access.

Facebook Business Manager

Since there is no straightforward process for getting your Facebook Business Manager account back from a hacker, you’ll instead make a platform incidence report by clicking here.

After submitting the proper proof of ownership, access is often restored within 24 hours

All Google Accounts and Products

This process works if someone changed your account info — like your password or recovery phone number – or if someone deleted your account.

  1. Go to the account recovery page
  2. Answer as many questions as possible
    1. Try not to skip questions. If you’re unsure of an answer, take your best guess rather than moving on to another question.
  3. Use a familiar device and location
    1. Use a computer, phone, or tablet where you frequently sign in
    2. Use the same browser (like Chrome or Safari) that you usually do
    3. Be in a location where you usually sign in, like at home or at work
  4. Be exact with passwords & answers to security questions
    1. Details matter, so avoid typos and pay attention to uppercase and lowercase letters.
  5. Passwords
    1. If you’re asked for the last password you remember, enter the most recent one you recall.
    2. If you don’t remember your last password: Use a previous one that you do remember. The more recent it was, the better.
    3. If you can’t confidently recall any previous passwords: Take your best guess.
  6. Security Questions
    1. If you’re asked a security question and you don’t remember the answer, take your best guess.
    2. If you know the answer but didn’t recover your account on your first try, consider a different variation of the answer. For example, try “NY” instead of “New York” or “Phil” instead of “Philip.”
  7. Emails Connected to Your Account
    1. If you’re asked to enter an email address you can check immediately, enter one that you’ve added to your account, including:
    2. A recovery email address that helps you get back in and is where you’re sent security notifications.
    3. An alternate email address you can use to sign in.
    4. A contact email address where you get information about most Google services you use.
  8. Add Helpful Details About Why You Can’t Log In such as:
    1. You think your account was compromised by another person
  9. Check your email (and spam folder) for additional information labeled “Your Google support inquiry”

Tips & Tricks