Your social media accounts at risk: Discover shocking reason scammers hunt users like you!
- Replies 6
In the digital age, social media platforms have become integral to our daily lives, serving as a hub for personal connections, business networking, and community engagement.
However, this online presence also opens the door to potential threats, as cybercriminals tirelessly seek out vulnerabilities to exploit.
The story of Sarah, a Sydney mum whose social media, specifically her Facebook account, was hijacked, reminds us of the risks lurking behind our screens.
Sarah's ordeal began when she awoke to find her Facebook profile commandeered by an unknown individual.
Her account, linked to an outdated business email, was beyond her reach, preventing her from receiving notifications about the unauthorised changes.
‘I was panicking,’ she said.
The breach of Sarah's privacy is not an isolated incident. IDCARE, a cyber support service, frequently assisted clients with similar experiences.
‘It is easier for a cybercriminal to take over someone else’s Facebook account than to create a fake one,’ IDCARE spokeswoman Kathy Sundstrom stated.
The unsettling truth is that older Facebook profiles, like Sarah's, established 17 years ago, are prime targets for cybercriminals.
These seasoned accounts carry a veneer of legitimacy that new profiles lack, making them more likely to be trusted by the online community.
‘People are far more likely to trust a Facebook account that has a history—as a legitimate person would have—than one created a few weeks ago,’ Sundstrom said.
Cybercriminals covet such accounts for their ability to deceive.
They may impersonate the rightful owner, contacting friends and family with fraudulent investment opportunities or malicious links.
Established accounts can also infiltrate community groups whose longevity lends credibility to their posts.
These scammers employ diverse and often sophisticated tactics.
They might engage in marketplace scams, offering high-demand items at suspiciously low prices to entice quick, risky transactions.
Sometimes, they use stolen business accounts with positive reviews to further their deceptive schemes, selling non-existent products and providing fake delivery tracking numbers to cover their tracks.
Sarah's story took a turn when she discovered her profile had been converted into a verified Meta Pay business account, complete with numerous attached personal and business accounts, including lingerie shops.
Its established history likely facilitated her account's transformation into a business platform, making it a valuable asset for the scammer's nefarious activities.
Sarah struggled to reclaim her account for six months, and she eventually contacted Facebook in the US with evidence of her ownership.
‘When I finally got the account back ... it was unrecognisable,’ she said.
‘It was crazy ... I don't know what he was trying to do with it, what the goal was? He had about eight different credit cards attached to it that I could see.’
Even after regaining control, the damage was extensive, with lost connections and a tarnished online reputation.
To safeguard against these threats, cybersecurity experts like Sherif Haggag from the University of Adelaide recommend activating multi-factor authentication on Facebook.
This additional security layer can significantly reduce the risk of account compromise. Regularly updating passwords and reviewing privacy settings are crucial to protecting your digital identity.
'That actually adds trust,' Haggag said.
'It [looks like] a normal profile, it has normal friends, [you] can actually have mutual friends.'
'That builds the trust, and then they get scammed.'
'The money just disappears.'
‘Instead of the fridge [costing] $2,000, they will tell you it's $500...or $300. People will be fighting to buy it,’ Haggag continued.
‘I've seen this many times ... [they'll say] there are so many people contacting me, can you please send me the money? I'll reserve it for you.’
The scammer gives buyers an address for picking up goods in the evening.
While the address is real, the scammer does not reside there, leaving the buyer without the goods after transferring the money.
Sarah had two business accounts connected to her profile, which may have been appealing to scammers.
Haggag explained that business accounts linked to profiles could be used to deceive people, especially if the businesses previously had positive reviews, making them seem reliable.
In one instance, Haggag mentioned a business account started selling iPads at very low prices and even issued delivery tracking numbers to customers.
However, rather than sending iPads, the scammer sent an empty envelope to a different address in the same suburb.
The tracking number indicated that the item was delivered, making it very challenging for the buyers to prove otherwise.
‘You won't be able to dispute it because they have a tracking number that says it's been delivered to your suburb,’ Haggag explained.
‘It's very complicated and very hard to actually convince Australia Post or Facebook or eBay that you actually didn't get the product.’
Haggag and IDCARE both recommended enabling multi-factor authentication on Facebook as the most effective method for safeguarding an account.
‘Prevention is always better than the cure when it comes to Meta,’
‘It can be very difficult to regain access to an account after it has been compromised, although Meta has worked a lot to make it easier and now provides guidelines on what to do if your Facebook account has been compromised.’
‘There is no one to call, though, and it remains a frustrating process for people going through it.’
For guidance, SBS News contacted the Australian Cyber Security Centre, the Australian Competition and Consumer Commission (ACCC), and the eSafety Commissioner. Still, all agencies stated it was beyond their scope of responsibility.
Sundstrom advised users to review and update their privacy settings on Facebook to ensure they know who their friends are.
Haggag suggested verifying the Facebook account to see if it matches the name on the profile when interacting with others online.
For those selling items, Haggag recommended arranging meetings with potential buyers during daylight hours in public places like supermarkets, shopping centres, or even police stations.
Haggag advised against meeting buyers alone or at night, emphasising that home meetings can also be dangerous.
He recounted an incident in which a person selling a mobile phone was grabbed right out of their hands by a supposed buyer at their front door.
Despite the risks, Haggag didn't want to discourage online buying and selling entirely, acknowledging that many profiles are legitimate.
‘I would say there have to be lots of precautions,’ he said.
‘I would say be careful.’
Sarah mentioned that her account was hacked, and she lost access to her Instagram profile, but she found that her Spotify account had been accessed.
‘I saw his face on Spotify, and I had a heart attack, like, “get out of my life”.’ she said.
Sarah mentioned that after reclaiming her Facebook account from Meta, she shut down Spotify and regained access to Instagram.
However, due to ongoing issues, she ultimately closed her original Facebook account and created a new one, which proved challenging.
Starting afresh in 2023, Sarah encountered difficulties rejoining old Facebook groups she was once active in, as they were reluctant to accept her as a member.
‘People don't trust you,’ she said.
‘I didn't get back a lot of friends because they were like, “We don't think that's you, we think you're the scammer”.’
‘I've got my family, I've got some friends, but yeah, people are a bit cautious.’
Similarly, a gym owner in Melbourne has been in a nine-month battle with Meta to regain control of her hacked Facebook business account.
Those affected by hacks on the Meta platform have faced challenges in receiving support, often resulting in significant financial losses for their businesses. More details on this story can be found here.
Have you taken precautions to safeguard your social media accounts? Do you know someone who experienced an ordeal similar to Sarah’s? Share your experiences and tips with our community in the comments below.
However, this online presence also opens the door to potential threats, as cybercriminals tirelessly seek out vulnerabilities to exploit.
The story of Sarah, a Sydney mum whose social media, specifically her Facebook account, was hijacked, reminds us of the risks lurking behind our screens.
Sarah's ordeal began when she awoke to find her Facebook profile commandeered by an unknown individual.
Her account, linked to an outdated business email, was beyond her reach, preventing her from receiving notifications about the unauthorised changes.
‘I was panicking,’ she said.
Sarah said someone took over her social media accounts. Credit: Unsplash
The breach of Sarah's privacy is not an isolated incident. IDCARE, a cyber support service, frequently assisted clients with similar experiences.
‘It is easier for a cybercriminal to take over someone else’s Facebook account than to create a fake one,’ IDCARE spokeswoman Kathy Sundstrom stated.
The unsettling truth is that older Facebook profiles, like Sarah's, established 17 years ago, are prime targets for cybercriminals.
These seasoned accounts carry a veneer of legitimacy that new profiles lack, making them more likely to be trusted by the online community.
‘People are far more likely to trust a Facebook account that has a history—as a legitimate person would have—than one created a few weeks ago,’ Sundstrom said.
Cybercriminals covet such accounts for their ability to deceive.
They may impersonate the rightful owner, contacting friends and family with fraudulent investment opportunities or malicious links.
Established accounts can also infiltrate community groups whose longevity lends credibility to their posts.
These scammers employ diverse and often sophisticated tactics.
They might engage in marketplace scams, offering high-demand items at suspiciously low prices to entice quick, risky transactions.
Sometimes, they use stolen business accounts with positive reviews to further their deceptive schemes, selling non-existent products and providing fake delivery tracking numbers to cover their tracks.
Sarah's story took a turn when she discovered her profile had been converted into a verified Meta Pay business account, complete with numerous attached personal and business accounts, including lingerie shops.
Its established history likely facilitated her account's transformation into a business platform, making it a valuable asset for the scammer's nefarious activities.
Sarah struggled to reclaim her account for six months, and she eventually contacted Facebook in the US with evidence of her ownership.
‘When I finally got the account back ... it was unrecognisable,’ she said.
‘It was crazy ... I don't know what he was trying to do with it, what the goal was? He had about eight different credit cards attached to it that I could see.’
Even after regaining control, the damage was extensive, with lost connections and a tarnished online reputation.
To safeguard against these threats, cybersecurity experts like Sherif Haggag from the University of Adelaide recommend activating multi-factor authentication on Facebook.
This additional security layer can significantly reduce the risk of account compromise. Regularly updating passwords and reviewing privacy settings are crucial to protecting your digital identity.
'That actually adds trust,' Haggag said.
'It [looks like] a normal profile, it has normal friends, [you] can actually have mutual friends.'
'That builds the trust, and then they get scammed.'
'The money just disappears.'
‘Instead of the fridge [costing] $2,000, they will tell you it's $500...or $300. People will be fighting to buy it,’ Haggag continued.
‘I've seen this many times ... [they'll say] there are so many people contacting me, can you please send me the money? I'll reserve it for you.’
The scammer gives buyers an address for picking up goods in the evening.
While the address is real, the scammer does not reside there, leaving the buyer without the goods after transferring the money.
Sarah had two business accounts connected to her profile, which may have been appealing to scammers.
Haggag explained that business accounts linked to profiles could be used to deceive people, especially if the businesses previously had positive reviews, making them seem reliable.
In one instance, Haggag mentioned a business account started selling iPads at very low prices and even issued delivery tracking numbers to customers.
However, rather than sending iPads, the scammer sent an empty envelope to a different address in the same suburb.
The tracking number indicated that the item was delivered, making it very challenging for the buyers to prove otherwise.
Sarah's social media profile picture was changed to that of a man by the hijacker after stealing it. Credit: Unsplash
‘You won't be able to dispute it because they have a tracking number that says it's been delivered to your suburb,’ Haggag explained.
‘It's very complicated and very hard to actually convince Australia Post or Facebook or eBay that you actually didn't get the product.’
Haggag and IDCARE both recommended enabling multi-factor authentication on Facebook as the most effective method for safeguarding an account.
‘Prevention is always better than the cure when it comes to Meta,’
‘It can be very difficult to regain access to an account after it has been compromised, although Meta has worked a lot to make it easier and now provides guidelines on what to do if your Facebook account has been compromised.’
‘There is no one to call, though, and it remains a frustrating process for people going through it.’
For guidance, SBS News contacted the Australian Cyber Security Centre, the Australian Competition and Consumer Commission (ACCC), and the eSafety Commissioner. Still, all agencies stated it was beyond their scope of responsibility.
Sundstrom advised users to review and update their privacy settings on Facebook to ensure they know who their friends are.
Haggag suggested verifying the Facebook account to see if it matches the name on the profile when interacting with others online.
For those selling items, Haggag recommended arranging meetings with potential buyers during daylight hours in public places like supermarkets, shopping centres, or even police stations.
Haggag advised against meeting buyers alone or at night, emphasising that home meetings can also be dangerous.
He recounted an incident in which a person selling a mobile phone was grabbed right out of their hands by a supposed buyer at their front door.
Despite the risks, Haggag didn't want to discourage online buying and selling entirely, acknowledging that many profiles are legitimate.
‘I would say there have to be lots of precautions,’ he said.
‘I would say be careful.’
Sarah mentioned that her account was hacked, and she lost access to her Instagram profile, but she found that her Spotify account had been accessed.
‘I saw his face on Spotify, and I had a heart attack, like, “get out of my life”.’ she said.
Sarah mentioned that after reclaiming her Facebook account from Meta, she shut down Spotify and regained access to Instagram.
However, due to ongoing issues, she ultimately closed her original Facebook account and created a new one, which proved challenging.
Starting afresh in 2023, Sarah encountered difficulties rejoining old Facebook groups she was once active in, as they were reluctant to accept her as a member.
‘People don't trust you,’ she said.
‘I didn't get back a lot of friends because they were like, “We don't think that's you, we think you're the scammer”.’
‘I've got my family, I've got some friends, but yeah, people are a bit cautious.’
Similarly, a gym owner in Melbourne has been in a nine-month battle with Meta to regain control of her hacked Facebook business account.
Those affected by hacks on the Meta platform have faced challenges in receiving support, often resulting in significant financial losses for their businesses. More details on this story can be found here.
.png){kind=icon}
