Consumer Alert: How to avoid a Facebook hack
ROCHESTER, N.Y. – Cybersecurity experts estimate that 300,000 Facebook accounts are hacked every single day.
It’s one of the most frequent complaints News10NBC Consumer Investigative Reporter Deanna Dewberry gets.
Indeed, she says every time she investigates a Facebook hacking, she gets a half dozen emails from viewers who have experienced the same thing. And the email she got from Laurie McKnight was a doozy.
McKnight, who also goes by Laurin, is executive director of Children Awaiting Parents, an agency that helps prospective parents adopt children in foster care.
Before Oct. 16th, all her posts were about her work placing children or about friends and family.
But on Oct. 16th, a post appeared claiming she was a certified cryptocurrency trader. When she tries to get into her Facebook page, she knew she’d been hacked.
Laurie McKnight, victim of hack: “I continued to try to recover, but I noticed that the email had been changed.”
Deanna Dewberry, News10NBC: “If you had the page since 2009, your entire life story must have been on there.”
McKnight: “It does. And it has my children from the time they were very young. And they’re now in their early 20s. Pictures that when you change phones don’t always transfer.”
Access to all those treasured photos was gone, replaced with posts from bandits bilking victims with Bitcoin scams. And because McKnight was the administrator of her organization’s page, Children Awaiting Parents lost access to its page as well.
“So the first thing I did was reach out to Facebook through absolute every avenue that I could find,” she said.
She enlisted the help of friends as well. Forty Facebook friends reported the hacking to Facebook, which responded, “We take these requests seriously so we’ll review the profile and remove it if it goes against our community standards.”
Great – right? Wrong.
“Multiple times I received an email stating that this did not violate their community standards,” McKnight said.
So Dewberry got to work. First, she called. But Facebook does not provide any customer service by phone.
In fact, Facebook never provides telephone support. And the responses McKnight did get were always frustrating form letters.
And she’s not alone. Cybersecurity company Station X estimates 25 percent of Facebook users will be hacked and Facebook customer service is non-existent.
Dewberry sent half a dozen emails to Facebook. Sunday night, McKnight got her page back.
But her story is like hundreds of thousands of other folks around the globe.
Without the help of Facebook, the onus is largely on users to take every step possible to protect your page.
How to protect your Facebook account:
In addition to creating a email account used only for Facebook, here are more tips the company has recommended when I’ve investigated hacking of its accounts.
- Since your page is connected to your personal Facebook account, it’s important to keep both secure. Pages can only be accessed through a personal account that belongs to an admin. If you suspect that your page was taken over by a bad actor, it may mean that your personal account or the account of someone who works on your page was hacked.
- If you suspect your personal account or Facebook Page has been hacked, go here and you’ll receive step-by-step help on how to fix it. For more information on what to do if you suspect your page has been hacked, check out this article
- Facebook will never ask you for your password in an email. If you ever get an email claiming to be from Facebook, you can confirm if Facebook sent it by checking if it came from facebookmail.com and by reviewing recent emails sent by Facebook to you from a list in your security and login settings here.
- Facebook has a number of security features and recommendations to help you recognize suspicious requests and activity, and keep your account and your Facebook page safe. Some of the best practices include:
- Secure your account with two-factor authentication: Enable two-factor authentication as an extra layer of protection, both for yourself and as a requirement for other admins of your page.
- Review page roles and permissions: Familiarize yourself with the different page roles that exist and the permissions they have.
- Don’t accept friend requests from people you don’t know: Scammers may create fake accounts in an attempt to friend and manipulate people.
- Watch out for suspicious links and malicious software: Keep an eye out for links you don’t recognize, especially if they’re coming from people you don’t know or trust. Be careful not to click on suspicious links, open suspicious files or install malicious apps or browser extensions -even if they appear to come from a friend or a company you know. If you see a post or message that tries to trick you into sharing personal information, report it.
- Set up trusted contacts: To help you regain access to your account, and then your page, in case you are ever locked out, you can enable your friends to be your trusted contacts. They’ll be able to send you a recovery code with a URL to help you get back into your account.