Some of this I found SHOCKING!
I am certainly not an expert in this field by any means. I just wanted to share a recent experience with you and hopefully it may help you or at least make you more aware what could happen.
Last night I had a desperate call from one my of biggest clients. There I was in my PJ's just about to watch crap TV with a bowl of blueberries and a needy dog and unwind from a busy day..... "Claire my facebook and business page is being hacked as we speak". I could have cried for her. It's my worse nightmare. I quickly took stock and tried my best to help. I ran to my office almost tripping over my oversized slippers. She had been logged out of her facebook and I was still logged into her account so it was down to me to try and make it right for her - there was no one else! The pressure was real!
BLOWN AWAY!
I was absolutely blown away how FAST and SMART these hackers work. Once they have you, they are like a dog with a bone and they just do not give up.
We were on the phone for almost 3 hours trying to get several hacker accounts off her facebook account. She had been busy working all day and hadn't seen some of the notifications coming through her email about other devices trying to log in. We worked out that they had made her their project for the day and had been trying since 11am, it was now 9pm. By the time I got into her account there were a handful of unknown admins on there. I quickly changed the passwords and then started deleting the admins from mainly places like Vietnam. During that process they had also changed the password again - back and forth we went with my client on the other end of the phone verifying all of my changes using her email and security codes. Just as we were making progress the hackers (Human or AI) changed the facebook settings to French. Now lets face it, facebook is hard enough to navigate in your first language let alone one you do not understand. I called down my youngest son and between us using Google Translator we managed to find the settings to switch it back to English.... eventually.
This time period obviously bought the hackers precious time as my client's phone started continuously 'pinging' where they were making transactions using her paypal details stored in meta suite (previously used for ads) I think it mounted up to £160 in the end. I told her to go contact paypal / bank whilst me and my son tried to make the account safe.
Anyway, a long story short we managed to secure her facebook just as she called me back and said they were now in her instagram account.
The facebook was made safe but then facebook itself decided to suspend her account. She has now received violation messages and it's not recoverable. End of story. There doesn't seem to be any support for facebook businesses in this situation. Ok, it's good they eventually took action but she wasn't even given the change to prove she was the account holder and get her account back. There are no humans to speak to in this instance. Sad times when bots take over!
JUST IMAGINE HOW SHE FEELS :(
She has worked YEARS building up this business profile - most of her work comes from recommendations, as does mine. How on earth is it going to affect her business? She isn't that worried about her personal facebook but she had THREE business accounts attached to it.
We are working on a plan b. But in the meantime lets understand how they do it.
I'm not an expert but here are a few facts I've researched up on.
Hackers get hold of username password pairs from previous data breaches and test them on various platforms. Unfortunately, many people use the same passwords across many accounts. Hackers can access multiple accounts using the same stolen credentials if one account is compromised.
Password cracking through brute force. A random, 8 digit character password can be hacked within 8 hours. A password shorter than that can be cracked almost instantly. A random eighteen character password with a mix of numbers, letters and special characters would take trillions of years to crack.
There are some hackers who are so hard working that they would endure matching your personal data with every word in the dictionary (just WOW!). They would browse through every possible word to partner with, for example, your birth month, in order to guess your passwords.
Some hackers will even follow you online and gain words like your children's names, pets, date of births, door numbers... you know... all the things you probably use right?!
The new AI cyberattack employs an acoustic Side Channel Attack (SCA). The acoustic listens to keystrokes through a computer's microphone to guess a password with 95% accuracy!
How on earth can we compete with this? I can't even get my pigeon brain round that!!!
Honestly, do not get me started on AI technology. Some experts say it will cause the end of the world one day as it's developing each day and it learns fast that perhaps one day we won't actually be able to stop it. But this is another rant for another day ha ha ha!
Listen I don't want to worry you because it's like opening up a can of worms and making us all paranoid but with good reason! Us small businesses use facebook as one of our biggest tools to attract business, without it we will loose so much work and it's scary how we have all become to rely on it. If facebook went down tomorrow so would businesses. Scary huh! So follow a few simple things and then join me back in my Claire Bubble where it's safe and not so scary! (well it might be a little especially when PJ's are involved!).
LETS MAKE YOU SAFE
So lets make you as safe as we can. These Hackers are relentless so try and be one step ahead if you can.
Check your accounts daily
Don't accept people you don't know
Check daily there are no suspicious log in attempts
If you attract attention that seems odd, block them (if something feels 'off' it normally is)
Fake accounts - names don't always match up to the photos. The photos are normally quite professional looking. Sometimes they look like real people so check out their profiles - normally there isn't much info on them and they are from another country. Check their spelling | grammar (worse than mine!!).
Never click on any links you don't know EVER
Don't give out personal details if you can
Change passwords regularly
Use long cryptic passwords with letters, numbers and symbols and I mean long!
Use different passwords for every account - never the same
Use a authenticator app
If you do not use the advertising - then take off your payment details immediately
Here is a facebook link below with some more tips
SOMETHING ELSE HAPPENED !
Something else happened a few weeks ago to me - you may remember?
I put out a GIVEAWAY to celebrate my re-brand. Someone or something cloned my business account and commented on my post so at first glance it looked like me. They were telling people they had won and sending them links asking for their credit card details etc. I put up another post using several keywords AI look for warning people this wasn't me. I was then inundated with fake accounts commenting one after the other - hundreds of them - with links on how to recover my account (which didn't need recovering). I was so paranoid I changed all my passwords as I was worried I was now a target.
WATCH YOUR WORDING
So be careful what words you use on your business posts as this will potentially attract unwanted attention.
It really takes away the pleasure of having a business at times. I remember when there was no internet and now we can't live without it. Strange times for sure! Anyway, enough of me being old ha ha ..... It's okay to be in your little bubble, but just pop out from time to time and make sure you keep as safe as you can. You can only do so much so just be vigilant.
RECOVERY SERVICES
People will charge you hundreds to get your account back. I believe it is possible but I would be very dubious about this path. Unless you know someone you trust. I wouldn't know where to start and if facebook have shut it down, I'm not sure this is possible - I actually don't know but I wouldn't risk it.
I hope this helps a little.
Keep Safe
Much Love
Claire