Chief Investigative Reporter

Jeremy Finley is the chief investigator for News4 Investigates. His reporting has resulted in criminal convictions, legislative hearings before the U.S. Congress, and the payout of more than a million dollars to scam victims.

NASHVILLE, TN (WSMV) - Karen Renee Robb thought it would protect her business’ Facebook page.

After all, she’d gotten a notification through her email that someone in Nashville was trying to hack her Facebook page.

Financial Markets Wall Street Facebook

The logo for Facebook appears on screens at the Nasdaq MarketSite, in New York's Times Square, Thursday, March 29, 2018. (AP Photo/Richard Drew)

She used the link to change her password – twice.

So, when her debit card was declined and she got online to see repeated charges of $250 from Facebook were rolling in, she was astonished.

“When I saw that, I was like, holy cow. How did this happen?” said Renee Robb.

She became even more troubled when she saw on her business’ Facebook page, that is linked to her debit card, that a $5,000 ad buy had been purchased.

But it wasn’t advertising her sound therapy company. Instead, it was being used to buy ads in Vietnam.

Renee Robb said she then looked online and saw someone else had been added as an administrator on her work Facebook page.

In messages provided by to News4 Investigates, Facebook confirmed that her account was compromised and shut it down.

While it is still being investigated, Renee Robb appears to be the latest victim of a hacking scheme in which thieves obtain people’s emails and confuse people into believing they’re getting emails from Facebook that they need to change their passwords.

The fake Facebook emails provide a link to change the password, and if someone does it, then the thieves get access to become administrators to your account.

Renee Robb said although Facebook did refund her money, she thinks it was way too easy for thieves to access her page.

“I think there's a problem, and Facebook needs to do more,” said Renee Robb.

Facebook provided a statement about the incident:

“Keeping people safe on Facebook is our highest priority. We’re refunding Ms. Robb for all charges and are working to secure her account. We encourage people to be cautious about clicking on emails that appear to come from Facebook and to report any unusual account activity to us. You can also strengthen your account security by enabling features like two-factor authentication.”

Facebook also provided information on ways to keep your account/page secure, as well as how to confirm whether an email that appears to come from Facebook is authentic.

Regarding securing your Page: 

  • Since your Page is connected to your personal Facebook account, it's important to keep both secure. Pages can only be accessed through a personal account that belongs to an admin. If you suspect that your Page was taken over by a bad actor, it may mean that your personal account or the account of someone who works on your Page was hacked.
  • If you suspect your personal account or Facebook Page has been hacked, we recommend you visit facebook.com/hacked and you’ll receive step-by-step help on how to fix it. For more information on what to do if you suspect your Page has been hacked, please see the following article in our Help Center: https://www.facebook.com/help/738660629556925
  • We recommend that people ensure their other high value accounts are secure, such as their email and online banking. Sometimes, hackers may use access to people’s emails to compromise their Facebook accounts.
  • We offer a number of security features and recommendations to help you recognize suspicious requests and activity, and keep your account and your Facebook Page safe. We recommend the following:
    • Secure your account with two-factor authentication: Enable two-factor authentication as an extra layer of protection, both for yourself and as a requirement for other members of your business.
    • Review Page roles and permissions: Familiarize yourself with the different Page roles that exist and the permissions they have.
    • Don't accept friend requests from people you don't know: Scammers may create fake accounts in an attempt to friend and manipulate people.
    • Watch out for suspicious links and malicious software: Keep an eye out for links you don't recognize, especially if they're coming from people you don't know or trust. Be careful not to click on suspicious links, open suspicious files or install malicious apps or browser extensions—even if they appear to come from a friend or a company you know. If you see a post or message that tries to trick you into sharing personal information, please report it.
    • Set up trusted contacts: To help you regain access to your account, and then your Page, in case you are ever locked out, you can enable your friends to be your trusted contacts. They'll be able to send you a recovery code with a URL to help you get back into your account.

Regarding verifying & reviewing recent emails sent from Facebook

WSMV.com is now with you on the go! Get the latest news updates and video, 4WARN weather forecast, weather radar, special investigative reports, sports headlines and much more from News4 Nashville.

>> Click/tap here to download our free mobile app. <<


Copyright 2019 WSMV (Meredith Corporation). All rights reserved.

Recommended for you

(0) comments

Welcome to the discussion.

Keep it Clean. Please avoid obscene, vulgar, lewd, racist or sexually-oriented language.
PLEASE TURN OFF YOUR CAPS LOCK.
Don't Threaten. Threats of harming another person will not be tolerated.
Be Truthful. Don't knowingly lie about anyone or anything.
Be Nice. No racism, sexism or any sort of -ism that is degrading to another person.
Be Proactive. Use the 'Report' link on each comment to let us know of abusive posts.
Share with Us. We'd love to hear eyewitness accounts, the history behind an article.