A Brief History Of Facebook Scams
By now, we all know that wherever there is a place for you to go on the Internet, there is an opportunity for crafty losers to exploit systems to funnel unsuspecting users into potentially dangerous situations.
Facebook has been in the forefront of a lot of scathing reports over the years. From the notorious Cambridge Analytica scandal all the way down to phishing schemes and good ole fashioned hacks, the social network giant has been tasked with putting out a ton of fires in the last several years.
It is a well-known fact that, while there are many legitimate people on these networks – from your cousin sharing the latest memes to notifications flooding in from your friends encouraging you to “like” their new fledgling business page, scammers have easily been able to go through the motions to create (kind of) convincing profiles. A seasoned user can spot these from a mile away with ease. Some, though, aren’t as lucky and can easily be taken advantage of if everything aligns in just the right way. And when it does, it’s never going to be a good thing.
Not all is what it seems and it plays like a magic trick, but unlike pulling a harmless rabbit out of a hat (unless it’s this one) – your livelihood, your contacts, your whole digital identity – is at risk.
So, What’s Going On?
Recently, I received a suspicious message from an account offering to run advertisements on my verified Facebook page, with the promise to pay $100 for each post. Sounds pretty cool, right? Yes, of course it did, however, it felt like a scam from the start. Instead of ignoring and abruptly reporting the user, I decided to have a little fun, inadvertently revealing an issue that has negatively affected users that were perhaps a little too trusting of the proposition. Be that as it may, instances like this occur more regularly than you might think.
Being that I’m well-versed in how social media works and knowing that there are certain things that we can’t engage in for fear of suspension or losing verified badges, or any other consequence for violating Facebook’s Terms of Service, I didn’t fall victim to this scam. As much pressure as this “Linda Thomus” (name wasn’t changed to protect the innocent because it’s probably not even a real person, anyway) tried to put on me to connect my page to this bogus “Sponsored ads” account built in the Facebook Business Manager, I didn’t bend.
Here’s how the exchange went down:
Sounds pretty simple so far, right?
To the untrained eye, this might seem like a dream come true. There’s no such thing as free money, though, and there were already so many red flags.
But I pressed on.
What’s that? A link to a reputable agency?
Wow! What a sigh of relief! But wait! There’s more!
Oh, The Pressure!
During this exchange, one thing became very clear to me. This person was very adamant about me adding my page to their Business Manager account, presumably to begin serving ads from my page. I accessed their business manager, but refused to add my page to it because of all of the other red flags and the person being reluctant to answer a few simple questions directly. At this stage, I had reached out to the two gentlemen this scam artist used as references. When I got responses, this whole scenario started to go downhill very quickly.
One man, a music artist by the name of Pat Hilton, agreed to share his experiences and provide his evidence for this article. He and I had similar experiences. A Facebook user reached out inquiring about the ads – the same deal. The “official” ad agency he was given was different than the one I was provided. Doesn’t seem surprising at this point, right? Yep. I bet you know what I’m going to say next.
Digital Showdown
So, Hilton confronted his cyber attacker after he and I commiserated over how ridiculous and wasteful this was.
Why are these people targeting moderately known public figures with this opportunity? What do these people have to gain from running ads on our pages?
We looked deeply into the functions exploited by the attacker and came to the realization that the page ownership was changed from the personal profile that Hilton used to start and build his business page to the Business Manager account that appeared to have begun the process to hijack his page. When called out, the crook took Hilton’s verified page and ran, compromising the personal account associated with it (which was deleted for a little while and has since been reinstated).
The next day, amid fighting with Facebook to get his verified page back, Hilton noticed that his page (oddly, still containing his previously published content) had a new name, new profile picture, and was being helmed by a Vietnamese woman selling lipstick. She was confronted and asked to return the page to its rightful owner, but she declined, stating that she had purchased the page. Ah haaaaa. Now we have the motive!
Luckily, I was able to find the IP address of the hacker and now the matter is in the hands of the FBI. While that works itself out, what now?
How Does Facebook Plan To Solve This?
There are some tools and knowledge that keep users safe, but what if they aren’t so obvious all the time? What ways can Facebook implement to make it mandatory to participate in two-factor authentication for any profile or page, especially a verified public figure? It’s too easy for criminals to get their way when it’s assumed that everyone knows how to spot a hacker. Being proactive is the only way that a company worth billions can assure that everyone is safe. Right now, these safety measures are optional, where they should be mandatory. 2FA is easy to set up and there are options that don’t involve SMS, which has its own flaws.
2FA is always a good way to protect your profile and greatly reduces the chances of being a victim of a hack, you just have to know where to find the option and follow the directions. But what about the other aspect? Awareness. Some people may not be entirely privy to the security measures that are available to us and Facebook has a responsibility to put those at the forefront, before anything else. Always. Some might argue that it is the user’s responsibility to seek out these tools, but if there isn’t a conscious thought about the dangers that we’re faced with on our devices, priorities can easily be swept away the next time we go down a meme rabbithole.
2FA isn’t the be-all and end-all of online safety. Education is a huge part of our personal responsibility to do our part in maintaining a safe community, both in the real world and digital world. Initiatives should be taken by Facebook to keep us secure. It is their world, after all. We can only do so much. They have the resources to show that they care.
I will say that there should definitely be some sort of system that detects when destructive measures are being attempted on a page (deactivation, unpublishing, deletion, name changes, to name a few). When patterns are established by a user, they are recorded. They become part of the algorithm, the pulse. When a hacker is attempting to take over a page, that is an arrhythmia in the system; a disturbance to the normal patterns of use. Facebook’s systems should be able to pick up on that by now, as we head into 2020.
Can it be annoying and inconvenient to have to justify our own major changes to our pages? Maybe. Personally, I’d rather have to take an extra step to assure that there is care and safety when dealing with our channels built around businesses and brands we worked hard to build than feel completely powerless watching some dingus in a coffee shop in Pakistan steal my identity from thousands of miles away.
Your move, Zuck.
Share This Article
