Local elementary school teacher Carla Zaidan describes herself as a social butterfly. She loves to share her love of fashion with her many Facebook friends and family all around the world.
“I have family in France, London and Lebanon … It’s a network, it’s a globe, as they say, to bring people together,” Zaidan said.
But in May that connection was gone in an instant when Zaidan lost access to her Facebook account.
"I was like, ‘What is going on here?’” she said.
It wasn’t long before she started hearing from friends asking whether she was OK and needed help. That’s when Zaidan figured out her account was hijacked, and the hacker, who had gained access to her vast network of friends and family, began messaging them pretending to be her with sob stories, asking for money. Some of those messages read “I recently lost my job,” “I was kicked out of my house,” “Could you please borrow me 50 or 100$ I’ll pay you back on Monday.”
Some of Zaidan’s friends believed she was in trouble and, unbeknownst to them, gave the hacker money.
"Unfortunately, some people at the kindness of their heart that I really feel terrible for that they did send me money to these multiple apps this guy created with my name,” said Zaidan.
Determined to find out who did it, Zaidan logged in from a different Facebook account and called the hacker using audio messenger. To her surprise, he answered. The conversation was brief, but the hacker did tell her he was located in India.
To recover a hacked account from Facebook, now referred to as Meta, users like Zaidan are told to go to the Help Center and follow instructions. Zaidan said she provided Facebook with screenshots from the hacker along with other documents that were asked of her. Facebook’s response, according to Zaidan: “'We've looked into this. It doesn't qualify to our community standards as a hack.” Zaidan was locked out for months.
Social Media Takeovers on the Rise
"The phenomena of taking over existing social media accounts, that's something new. We hadn't really seen that before,” said James Lee with the ITRC.
Lee said it’s very difficult for people whose accounts are hacked to get them restored.
“There’s no way to talk to a human being, and so you have to go through the hoops and the hurdles that they create for you to prove that you are you in hopes of getting your account back,” he said.
Social Media Account Hacked? Here’s What to Do
To protect yourself from takeovers Meta recommends you:
- Enable two-factor authentication,
- Sign up to get alerts for unrecognized logins,
- Don’t click on suspicious links from friends,
- And if your account is compromised, immediately alert your friends and follow instructions in Facebook’s Help Center.
Meta did say, “We are making investments to further help resolve support-related concerns across our platform. On a recent earnings call, we shared that we’re ... investing more in building out better customer support for our products.”
Which may explain the latest development just this week. Zaidan said when she tried one last time to recover her account using Facebook’s Help Center, it worked. She followed the prompts, answered a few security questions, and she was back in.
And she plans to delete that account herself – for good.
Additional advice from META:
- We offer a number of security features and recommendations to help people protect their accounts that are available 24/7 in our Help Center.
- If you think your account may have been hacked, please visit https://www.facebook.com/hacked and you'll be guided through a step-by-step process to learn how to fix it.
- The best way to help prevent account compromise is to make sure you have security best practices in place:
- Enable two-factor authentication as an extra layer of security for your Facebook account. When you set up two-factor authentication, you'll be asked to enter a special login code or confirm your login attempt each time someone tries accessing Facebook from a computer or mobile device we don't recognize.
- We recommend that people ensure their other high value accounts are secure, including their email accounts. Sometimes, hackers may use access to people’s emails to compromise their Facebook and other online accounts.
- We also encourage people to sign up to receive alerts for unrecognized logins so we can notify you when we see suspicious login attempts to your account. In these alerts, we’ll tell you what device tried logging in and where it's located.
- We ask that people report suspicious links or posts to us right away via our Help Center so we can review and take appropriate action: https://www.facebook.com/help/reportlinks.
- We encourage users to not accept suspicious requests and to report suspicious messages using the easy-to-find links across our service. More information is available in our Help Center: http://www.facebook.com/help/phishing.
- We are making investments to further help resolve support-related concerns across our platform. On a recent earnings call, we shared that we’re “...investing more in building out better customer support for our products.”
Reported by Susan Hogan, produced by Rick Yarborough, shot by Steve Jones and Carlos Olazagasti, and edited by Jeff Piper.
Get updates on what's happening in Washington, D.C., to your inbox. Sign up for our News Headlines newsletter.