NASHVILLE, TN (WSMV) - Karen Renee Robb thought it would protect her business’ Facebook page.
After all, she’d gotten a notification through her email that someone in Nashville was trying to hack her Facebook page.
She used the link to change her password – twice.
So, when her debit card was declined and she got online to see repeated charges of $250 from Facebook were rolling in, she was astonished.
“When I saw that, I was like, holy cow. How did this happen?” said Renee Robb.
She became even more troubled when she saw on her business’ Facebook page, that is linked to her debit card, that a $5,000 ad buy had been purchased.
But it wasn’t advertising her sound therapy company. Instead, it was being used to buy ads in Vietnam.
Renee Robb said she then looked online and saw someone else had been added as an administrator on her work Facebook page.
In messages provided by to News4 Investigates, Facebook confirmed that her account was compromised and shut it down.
While it is still being investigated, Renee Robb appears to be the latest victim of a hacking scheme in which thieves obtain people’s emails and confuse people into believing they’re getting emails from Facebook that they need to change their passwords.
The fake Facebook emails provide a link to change the password, and if someone does it, then the thieves get access to become administrators to your account.
Renee Robb said although Facebook did refund her money, she thinks it was way too easy for thieves to access her page.
“I think there's a problem, and Facebook needs to do more,” said Renee Robb.
Facebook provided a statement about the incident:
“Keeping people safe on Facebook is our highest priority. We’re refunding Ms. Robb for all charges and are working to secure her account. We encourage people to be cautious about clicking on emails that appear to come from Facebook and to report any unusual account activity to us. You can also strengthen your account security by enabling features like two-factor authentication.”
Facebook also provided information on ways to keep your account/page secure, as well as how to confirm whether an email that appears to come from Facebook is authentic.
Regarding securing your Page:
- Since your Page is connected to your personal Facebook account, it's important to keep both secure. Pages can only be accessed through a personal account that belongs to an admin. If you suspect that your Page was taken over by a bad actor, it may mean that your personal account or the account of someone who works on your Page was hacked.
- If you suspect your personal account or Facebook Page has been hacked, we recommend you visit facebook.com/hacked and you’ll receive step-by-step help on how to fix it. For more information on what to do if you suspect your Page has been hacked, please see the following article in our Help Center: https://www.facebook.com/help/738660629556925
- We recommend that people ensure their other high value accounts are secure, such as their email and online banking. Sometimes, hackers may use access to people’s emails to compromise their Facebook accounts.
- We offer a number of security features and recommendations to help you recognize suspicious requests and activity, and keep your account and your Facebook Page safe. We recommend the following:
- Secure your account with two-factor authentication: Enable two-factor authentication as an extra layer of protection, both for yourself and as a requirement for other members of your business.
- Review Page roles and permissions: Familiarize yourself with the different Page roles that exist and the permissions they have.
- Don't accept friend requests from people you don't know: Scammers may create fake accounts in an attempt to friend and manipulate people.
- Watch out for suspicious links and malicious software: Keep an eye out for links you don't recognize, especially if they're coming from people you don't know or trust. Be careful not to click on suspicious links, open suspicious files or install malicious apps or browser extensions—even if they appear to come from a friend or a company you know. If you see a post or message that tries to trick you into sharing personal information, please report it.
- Set up trusted contacts: To help you regain access to your account, and then your Page, in case you are ever locked out, you can enable your friends to be your trusted contacts. They'll be able to send you a recovery code with a URL to help you get back into your account.
Regarding verifying & reviewing recent emails sent from Facebook
- People can confirm whether an email claiming to be from Facebook is authentic by checking if it came from facebookmail.com and by reviewing recent emails we've sent in the Security and Login Settings (https://www.facebook.com/settings?tab=security§ion=recent_emails&view).
- To review recent emails sent from Facebook:
- Go to your Security and Login Settings
- Scroll down to See recent emails from Facebook and click View.
- We will show you recent security emails (such as a request to change your password) from the last two weeks in your Security tab.
- We will show you any other recent emails sent by Facebook in the last two days in your Other tab.
- Never click a link in an email that claims to be from Facebook if you can't confirm we've sent it. If you accidentally click a suspicious link, we can help you secure your account.
- More information is available in our Help Center: https://www.facebook.com/help/1956527391029758?helpref=faq_content