Today I want to tell you a story about how a hacked Facebook account turned into a charge of $200 on a credit card in only a few hours; and how message notifications prevented them from succeeding.
Recently I was at a birthday dinner with family. After a fun night of dinner, laughs and cake we headed out into the crisp fall night.
I checked my phone as I usually do when I hop in the car (as the passenger of course) and I noticed something peculiar.
I had a Facebook Messenger notification for a business page of a family member, the same person that we had just had dinner with.
I checked the message and it was in Spanish. Not only was it in Spanish, they were asking about the $2000 Jeep he had listed. (He is a Realtor)
I checked into the notification and sure enough, there were multiple ads running, selling vehicles in the USA.
Immediately I contacted him and let him know what was happening. He had been hacked a few weeks previous and so we think it. had something to do with that breach. We were able to secure his account quickly and he has contacted Facebook as well.
As I researched the ads, it appeared they had targeted multiple cities in the USA, and people had already started engaging with the ads. They had set the budget to one ad $856 / day!
I checked the link they were driving traffic to. It was a free website they had set up to capture peoples information in a car sales scam. All while using an unsuspecting person’s credit card.
I also contacted the website platform the website was built on and they took down the pages immediately. (There were 2 different landing pages – I mean at least they follow marketing best practice)
Typically we set up notifications that we are notified when an ad is approved, however, in this case, because I don’t manage his ad account, I don’t receive notifications.
That’s my first tip:
-
Make sure you set up a notification so you know what’s happening in your ad account
-
Change your passwords on a regular basis
-
Set up two-factor authentication on your account, so you know if someone is trying to access your account
-
Check on your Facebook business page regularly – especially if you have an ad account.
Thankfully, I was able to stop the ads before they did any more damage, and we were able to submit the issue to Facebook.