It could not have happened at a worse time: A Plainfield woman’s small business page on Facebook was taken over by thieves, just before the holiday season was set to begin.
It was Nov. 6, 2022, and with one tricky link, thieves were able to lock Liv Deleon out of her “Crafty Girl Creations” Facebook account. The site was her main connection to her customers, all who were looking forward to buying gifts for the holidays.
Making things worse, those hackers posed as her, seeking money from other businesses and followers on Deleon’s account, the apparent goal behind the entire heist.
Deleon’s experience is unfortunately not isolated, yet luckily, her story has a happy ending. But that’s not the case for thousands of other social media users out there, who have lost their accounts and archived memories permanently, NBC 5 Responds has found.
In fact, a new report out on Wednesday highlights that the growing problem of social media account takeovers by thieves is not a blip, rather a trend that will continue to get worse if users do not know what they can do to shield themselves.
For Deleon, thieves went after her small business craft creating business she mostly runs over Facebook.
The trouble started that November morning when she woke up to an email that purported to be from the real Facebook Security Team.
“It looked like it came from Facebook,” Deleon explained, “And it said that they need me to secure my account or I will lose access to it.”
Deleon had a craft fair coming up and she needed her account, plus she said the email looked legitimate. She clicked the link, changed her password, and then it was all gone: Deleon was locked out of her account and thieves had taken over all of her hard work since 2019, when she started the business.
“I get emotional because this took a huge financial burden on my family and myself,” Deleon explained.
Feeling out of the loop? We'll catch you up on the Chicago news you need to know. Sign up for the weekly Chicago Catch-Up newsletter.
NBC 5 Responds first warned viewers last year about the troubling social media trend, and the Identity Theft Resource Center (ITRC) has found the number of people impacted has remained steady over the years.
“Unfortunately, this year, we can say this is not a blip,” said Eva Velasquez, President and CEO of the ITRC.
The ITRC told NBC 5 last year alone it heard from more than 1,800 consumers who had their social media accounts hacked, with thieves getting smarter about their social engineering approaches.
“Thieves are not exploiting technical vulnerabilities, they're not hacking into the system, so to speak. They're hacking our brains,” Velasquez said.
Thieves manipulate users into giving them the info they need, like an account password or two-factor authentication code. And once users lose their accounts, Velasquez says it’s rare they get it back.
“The social media companies are not allocating enough resources to help their users,” Velasquez said. “And people can go months, sometimes they never recover that account.”
Deleon tried to contact Facebook for months to get her account back, especially given that she had purchased ads from the company. In her eyes, that made her a Facebook customer, not just an average user.
But Deleon said Facebook never responded.
“When you have a business and you have customers, you provide customer service as I do. As all business owners do,” Deleon explained. “In my opinion, they have no customer service.”
After almost giving up, Deleon contacted NBC 5 Responds for help. And in less than a week, she received some good news.
“I can’t even explain the overwhelming emotions I have this morning,” Deleon said. “There it was, my ‘Crafty Girl Creations.’ I am so grateful for you.”
After contacting Facebook, now Meta, about Deleon’s case, a spokesperson said the company was able to restore her business page, giving her back the control she lost. Deleon hopes others will take her story as a warning, and use it to take a few steps to protect their accounts from a takeover.
“These hackers that are doing this are getting really sneaky and really good at what they do.”
How To Protect Your Social Media From A Takeover
Since getting your social media account back after a takeover is rare, the most important steps you can take are preventative measures.
It all centers around good digital hygiene.
Strengthen Your Password and Set Up Two-Factor Authentication
The Identity Theft Resource Center recommends using a strong and unique password, up to 12 characters or longer.
“Don't use a password that you've used on any other accounts,” Velasquez said. “It can be a passphrase or something that you'll easily remember.”
Also, setting up a two-factor authentication for profile changes, like passwords, can alert you to an account invasion, and prevent hackers from getting in.
Backup Your Photos and Information
Another important point to consider is storing your information in more than one place.
Having photos and other information you may need saved somewhere other than your account may help in the event something happens to your profile.
“Do a health check of your social media accounts,” Velasquez said. “Make sure that you don't have data, photographs, contacts and things stored only [on your social media account] so that if the worst does happen, you have backups.”
For the really meaningful photos, videos and important information, it’s also recommended to store those back-ups separate from your device.
“If you only have your photos stored on Facebook, get a thumb drive, get a hard drive, store them somewhere else, so that you have a copy if something happens to that account,” Velasquez recommends. “It will definitely make it less traumatic if you aren't able to get the account back.”
Are You Eligible For ‘Facebook Protect’?
Some Facebook users are eligible for what’s called Facebook Protect, an enhanced security feature that the company rolled out last year.
Facebook Protect adds more security to a user’s account, including two-factor authentication and extra screenings by staff for hacking threats.
This feature is not available for all users. The company’s website said it is a “security program for groups of people that are more likely to be targeted by malicious hackers, such as human rights defenders, journalists, and government officials."
It’s unclear whether Facebook plans to roll out the feature more widely.
To learn more about Facebook Protect and whether you’re eligible to use it, click here.
If Your Account Is Already Hacked, What Can You Do?
Many Facebook users that contacted NBC 5 for help said their attempts to get through to Facebook for assistance after their accounts were hacked into were futile.
This has been noticed too by cybersecurity experts.
“They don't have dedicated customer service. You cannot actually speak to a person,” Velasquez said. “That's fine when everything is going well. But when there is fraud or a significant dispute, that creates a real problem.”
Users are encouraged by the company to visit this webpage to try and get their account back.
If your profile is a business account, or is used for your business, be sure to emphasize that when reaching out to Facebook for help. This can expedite a response on Facebook’s end.
More helpful information from Facebook can be found here.
More Free And Helpful Resources
Experts also say users shouldn’t feel embarrassed or ashamed if this happens to them.
“We really want to encourage people not to be embarrassed or ashamed, not to think they should know or understand these things and to get help if they need it,” Velasquez said. “This is a really complicated space and not everyone can know everything about it.”
To learn more about the Identity Theft Resource Center, including how to access its many free services and guidance, click here or call 1-888-400-5530