‘Everybody needs to know’: How a simple text message leads to hijacking of woman’s Facebook account
- Replies 4
In the digital age, social media platforms like Facebook have become treasure troves of our personal memories, connections, and important life events.
However, as the unfortunate experience of Queensland resident Louise Manning demonstrates, they can also be vulnerable to cunning cybercriminals.
Louise's ordeal began innocuously enough with a message on Facebook Messenger that read, 'What's your phone number mate?'
Believing it to be an old friend, Louise engaged in the conversation.
‘I gave him my phone number,’ she said.
Within minutes, she found herself locked out of her own Facebook account, her access to friends and cherished memories abruptly cut off by a scammer who had taken control.
‘They changed the phone number, email address, everything like that…I couldn't get access to it,’ Ms Manning said.
To make matters worse, her friends began receiving similar suspicious messages from her compromised account.
‘Several of them flagged it and went “that's weird”, because I don't normally use [the word mate],’ she said.
‘But others didn't pick it up…I've heard of two people so far that have been hacked via my account.’
While some friends sensed something was amiss, others were not as fortunate, with some reporting that their accounts were hacked through Manning’s.
‘I originally signed up to Facebook in 2006, so that's nearly 20 years of photos of family and friends and things that have happened,’ Manning said.
‘My sister passed away from uterine cancer about three weeks ago…most [of our photos] were on Facebook, so that's really sad.’
‘It's a simple phrase, you know, “What's your phone number, mate?” And then it just all blows up, and it costs you an enormous amount of angst.’
Louise's story is not an isolated incident. Scammers have long employed such tactics, posing as friends in need of a phone number to receive a text message code that supposedly helps them log back into their social media accounts.
In reality, this code allows the scammer to hijack the victim's account.
Cybersecurity expert Professor Neil Curtis from the University of Southern Queensland explained that for a scammer to access a social media account with just a phone number.
‘If they've hacked your sim card, so if they've gone to a service provider and pretended to be you and got them to duplicate the sim, they now receive all your calls and messages,’ he said.
‘But that only works if you have text-based multi-factor authentication [set up].’
Professor Curtis advised against displaying personal information like birthdays on social media, as it can be exploited by scammers.
‘The more you put on social, the more you lose, the more that hacker can get,’ he said.
There have been 21,657 hacks or identity-based scams reported to Scam Watch this year.
The Australian Signals Directorate (ASD) has highlighted the persistent threat of cybercrimes, with identity fraud being the most self-reported cybercrime type.
‘Cybercriminals are adapting to capitalise on new opportunities, such as artificial intelligence, which reduces the level of sophistication needed for cybercriminals to operate,’ the spokesperson said.
The ASD's annual cyber threat report indicates that the average cost of cybercrime has increased for both small businesses and individuals.
To safeguard against such threats, Professor Curtis recommended using multi-factor authentication apps like Microsoft Authenticator and enabling biometric verification.
He also suggested having unique passphrases within families for verification purposes and making voice calls to confirm identities, even over social media apps.
‘And if you think that you've been breached or you suspect that there's nefarious activity…change all your passwords again,’ he said.
‘We're in Black Friday this weekend, so this is the time that all the hackers are going to be smashing your phones and smashing your email account.’.
‘So this weekend, particularly through to Christmas, be a lot more vigilant. Really be vigilant. Just start to question everything.’
Meta, the parent company of Facebook, has taken steps to combat these issues by removing 1.2 billion fake accounts and spam content.
‘Meta doesn't want scams on our platforms, and we are continuing to invest in tools and technology to prevent them,’ a Meta spokesperson said.
‘The safety of our users is of utmost importance, and we continue to work with industry, the government and law enforcement to protect Australians from scams.’
While Manning was fortunate not to lose money, the emotional toll and time spent dealing with the aftermath were significant.
‘Everybody needs to know about this,’ she said.
‘It might sound small, you know I lost access to my Facebook account, but it really can have quite large ramifications.’
Have you or someone you know experienced a similar scam? Share your stories and tips in the comments below.
However, as the unfortunate experience of Queensland resident Louise Manning demonstrates, they can also be vulnerable to cunning cybercriminals.
Louise's ordeal began innocuously enough with a message on Facebook Messenger that read, 'What's your phone number mate?'
Believing it to be an old friend, Louise engaged in the conversation.
‘I gave him my phone number,’ she said.
This one simple message received by Louise Manning turned her world upside down. Credit: Unsplash
Within minutes, she found herself locked out of her own Facebook account, her access to friends and cherished memories abruptly cut off by a scammer who had taken control.
‘They changed the phone number, email address, everything like that…I couldn't get access to it,’ Ms Manning said.
To make matters worse, her friends began receiving similar suspicious messages from her compromised account.
‘Several of them flagged it and went “that's weird”, because I don't normally use [the word mate],’ she said.
‘But others didn't pick it up…I've heard of two people so far that have been hacked via my account.’
While some friends sensed something was amiss, others were not as fortunate, with some reporting that their accounts were hacked through Manning’s.
‘I originally signed up to Facebook in 2006, so that's nearly 20 years of photos of family and friends and things that have happened,’ Manning said.
‘My sister passed away from uterine cancer about three weeks ago…most [of our photos] were on Facebook, so that's really sad.’
‘It's a simple phrase, you know, “What's your phone number, mate?” And then it just all blows up, and it costs you an enormous amount of angst.’
Louise's story is not an isolated incident. Scammers have long employed such tactics, posing as friends in need of a phone number to receive a text message code that supposedly helps them log back into their social media accounts.
In reality, this code allows the scammer to hijack the victim's account.
Cybersecurity expert Professor Neil Curtis from the University of Southern Queensland explained that for a scammer to access a social media account with just a phone number.
‘If they've hacked your sim card, so if they've gone to a service provider and pretended to be you and got them to duplicate the sim, they now receive all your calls and messages,’ he said.
‘But that only works if you have text-based multi-factor authentication [set up].’
Professor Curtis advised against displaying personal information like birthdays on social media, as it can be exploited by scammers.
‘The more you put on social, the more you lose, the more that hacker can get,’ he said.
Scammers have been using this tactic to hijack someone’s social media account. Credit: Unsplash
There have been 21,657 hacks or identity-based scams reported to Scam Watch this year.
The Australian Signals Directorate (ASD) has highlighted the persistent threat of cybercrimes, with identity fraud being the most self-reported cybercrime type.
‘Cybercriminals are adapting to capitalise on new opportunities, such as artificial intelligence, which reduces the level of sophistication needed for cybercriminals to operate,’ the spokesperson said.
The ASD's annual cyber threat report indicates that the average cost of cybercrime has increased for both small businesses and individuals.
To safeguard against such threats, Professor Curtis recommended using multi-factor authentication apps like Microsoft Authenticator and enabling biometric verification.
He also suggested having unique passphrases within families for verification purposes and making voice calls to confirm identities, even over social media apps.
‘And if you think that you've been breached or you suspect that there's nefarious activity…change all your passwords again,’ he said.
‘We're in Black Friday this weekend, so this is the time that all the hackers are going to be smashing your phones and smashing your email account.’.
‘So this weekend, particularly through to Christmas, be a lot more vigilant. Really be vigilant. Just start to question everything.’
Meta, the parent company of Facebook, has taken steps to combat these issues by removing 1.2 billion fake accounts and spam content.
‘Meta doesn't want scams on our platforms, and we are continuing to invest in tools and technology to prevent them,’ a Meta spokesperson said.
‘The safety of our users is of utmost importance, and we continue to work with industry, the government and law enforcement to protect Australians from scams.’
While Manning was fortunate not to lose money, the emotional toll and time spent dealing with the aftermath were significant.
‘Everybody needs to know about this,’ she said.
‘It might sound small, you know I lost access to my Facebook account, but it really can have quite large ramifications.’
.png){kind=icon}
