My Experience
So, last week, I was doing marketing for my books, as I often do, and a service I was using asked for my Facebook page url. Not an uncommon request, and I went to retrieve it. Lo-and-behold, when I got to Facebook I was logged out. A little strange, but again, not super uncommon, so I just went to log back in, only to be told that no account existed for my email. I double-checked my email and tried to log in again, only to get the same message. Now a little panicky and annoyed, I couldn't think of anything else to do but try to log in again, this time by clicking the picture of my account and trying the password. This time, a new message popped up when the log-in failed. Did I think I was hacked?
Yes, as it turns out, I was.
Luckily for me, I had caught it not thirty minutes after the hack occurred and before they could do anything like scam my friends and relatives for money. I was asked to send in a picture of my ID to prove that I was the actual owner of the account and that worked. (As I would come to find out in my research, that doesn't work for everyone.) I changed my email back (and my email's password, just in case), put in a new huge and convoluted password and thought that was the end of it. All that safely behind me, I went to do what I originally came to do: get my author page url. But my author page access was gone.
What Happened?
As it turns out, my page still existed, I just could no longer control it. In those thirty minutes that the hackers had access to my account, they gave access to my page to someone else, then removed me as admin. It's a common scheme, apparently. It gives them a way to run scammy ads without it being able to be traced to them. Not only that, but usually there's account info saved to the pages for running ads (if the page has run ads before) and they can use that like their personal piggy bank to run said scammy ads.
Now, in my case, I had a credit card on file, but it'd been a while since I'd used it, so it required the security info to be put in again, something the hackers had no access to. Not to be foiled, they just used some stolen account info from someone else and replaced mine with their ill-gotten gains and started the ads. I reported that the page was stolen and new bank account info was put into my account and got a support call from Meta themselves.
Meta to the Rescue. . .Or Were They?
The representative I spoke to was very kind. She seemed good at her job. She just didn't have access to a lot of things (as is common with poor call center worker bees). She could see that my page was stolen, that there was a new account. That I was just hacked and had changed all my info. She just couldn' do anything about it. She told me, very kindly, to turn on my two-factor identification to stop this from happening again in the future and that she would escalate my problem to the much more equipped and lauded "Internal Team." She said to keep an eye on my email, as they would contact me in 48 hrs and it was critical that I answer their summons right away, since the emails would be time-sensitive. I thanked her for her help, cleaned out my email inbox so the email wouldn't get lost, and waited. And waited. And waited. And waited some more.
Four DAYS later, I had enough. During this time my Ad Account was suspended because the stolen account was flagged. Now I can't run any ads at all, even if I started a brand new page. I tried to get ahold of customer service again. This time I got stuck in an automatic loop of a page that was supposed to send me to a form but just kept sending me back to the same page. I wasn't able to even find where customer service was anymore. Another two days later and I finally did what all desperate people do: I went to Google.
The Real (Very Terrifying) Answer
Googling, "Why isn't the Facebook Internal Team contacting me?" I was lead to a pit of despair. Well, really, it was a Reddit subreddit, but that can be the same thing. It was called r/facebookdisabledme and I found that I was not alone. Eleven thousand people affected by the same issue I was. Some in much more dire straits, having lost whole accounts and/or business pages with thousands of followers and clients. Things that were the backbone of their business and now they were stolen. Real victims of a terrible and selfish crime. In the subreddit there was an AMA (ask me anything) post by a Meta Customer Service Rep. There the truth was finally, awfully revealed.
Like I suspected, they had no access or authority to anything that would get back people's pages. They were there simply to make people feel heard, but without being able to anything but escalate to the Internal Team. This team is extremely understaffed and overwhelmed. The script the customer service rep had to say was that you would get contacted in 48 hours, but the real answer was more like 90 DAYS, if ever. Some very lucky people even had their pages returned after a full YEAR. But even more never got them back at all. The Rep on the AMA said that there is a queue and people are prioritized by how much ad revenue they had generated (or paid) in the past. A little page like mine, with only a few hundred spent here or there was most likely doomed.
What Can I Do?
So there you have it. If you lose your business page on Facebook there's almost zero chance of getting it back. I don't mean to be a downer, but the truth is what it is. Most likely I'm going to have to start an entirely new Facebook account, just so I can start a new page and run ads. It's dumb, but a girl's gotta make a living and Facebook ads are a major way I make sales. I'm also reporting my old page every day, hoping it gets deactivated so that the scams stop and I can start fresh. So far, nothing's happened.
The best way to stop this from happening to you is preventative. Like we've seen, the cleanup after the disaster is almost impossible, so batten down the hatches beforehand. The prevention I've learned about through this process is four-fold:
Set up Two-Factor Identification on your account. If hackers have to get through your phone number or a third-party app before they can log-in, chances are they can't.
Use a sentence or phrase instead of a word as a password with random numbers and capitalizations added. It'll make it much harder for them to use generators to guess your password.
Use a credit or debit card to run ads. Something that requires extra security info to be entered in before it can be used again. That's what saved me and I noticed that the stolen account that the hackers used for a while was a savings account, directly connected to a bank, not a card.
Finally, add a trusted friend or family member to your page as an admin. Don't just do it yourself, like I did. That way, if you get kicked off of your page, you still have access to it and can stop the hacker shenanigans from going on.
Conclusion
I write all of this out for a few reasons: first, as a warning and guide for other indie authors and small business owners. We are not immune to these types of scams. We can still be targeted and used. Second, as another warning to my readers. If you are contacted by my Facebook page, it is NOT me. I will never ask for money or advertise get-rich-quick schemes. On a further note, I will never advertise anything other than my books (especially not hair removal sponges, which is what they are advertising right now.) Finally, I just needed to get this off my chest. This whole experience has been aggravating and disheartening to say the least. I hope no one else goes through this and that by my experiences we can learn together and foil hackers in the future.
That's all for now,
תגובות