This past Saturday I was contacted on FB Messenger by a friend in England who said she had locked herself out of her Facebook account and needed help recovering it. Could I receive an authorization code for her and forward it? Trying to be helpful I said, Sure, but tell me how we met so I know this is really you and not some hacker. Her answer was correct, so I received and forwarded the code.
HOWEVER, this wasn’t really my friend but the hacker who had hijacked her account and who had obviously done his homework so he could answer my question, and the authorization code was not for my friend’s account but for mine. The hacker immediately changed the password and removed my e-mail and phone number from the account, so I had no quick way to regain control — Facebook’s recovery tools all presuppose that you still have a way to receive a one-time code by e-mail or SMS or WhatsApp to an address or phone number linked to your account, and that was unfortunately all gone.
Now, I will admit that in a way, this was my own fault. I am supposed to be sufficiently computer and internet savvy to not all for such scams. All I can claim as extenuating circumstances is the fact that I am getting older and probably more senile, that it was late at night, and that my “friend” correctly answered my question about how we became acquainted. But other than the hacker I can only blame myself.
But I DO blame Facebook for their abysmally inadequate and ineffective support. Not only is it impossible to actually talk to a support person; when one reports such an incident nothing at all seems to happen. I reported this through their help center as well as per e-mail to security@facebookmail.com, and several of my friends also reported the account as compromised. Four days later the account is still active and being used by the hacker to try and scam my friends in the same way I was scammed, and Facebook has done absolutely nothing.
I set up a new account and created a post explaining what had happened and immediately began to receive recommendations for people and services who could recover my account. I picked one whose online presence seemed pretty professional and paid a moderate amount to have my account recovered. Well, next he needed a special piece of software costing twice what I had already paid, and then, when he claimed he had gained control of the account, he demanded a further, even higher payment before he would provide me with the necessary information to access and secure the account. This not only exceeded my budget, I also suspected that he would string me along with one payment demand after the other. So I pulled the plug, decided to write off the money I had paid and abandon the account. As far as I am concerned the ball is now in Facebook’s court to protect their users from a scammer they have been told about.
Nevertheless I asked a friend who can still see the old account to make screen dumps of the list of “friends” and I will see how I can warn as many as possible that my old account “Wolf N. Paul” is compromised.
My new Facebook-Account is “Wolf Paul” (without the “N.”), and I am slowly rebuilding my friends list. I thought about abandoning FB altogether, but it has been so helpful in reconnecting with people I had lost touch with and I don’t want to miss that.
What did I learn from this?
- To be extremely wary of requests to help people with authentication problems; if an authentication code is sent to you, chances are very good that it is for your account rather than for someone else’s.
- To expect no support from Meta or it’s subsidiaries; while they are obviously making money from us in the form of an ever increasing flood of advertising, they are not charging us directly for the service and thus have no obligation toward us.
- To never agree to designate a payment with PayPal “for Family and Friends” rather than “for Goods or Services” — for the latter one can open a dispute and get the money back if the promised service is not delivered, but the former is irretrievably lost.
- To never store material important to you (photos, videos, texts, chats) in an online service like Facebook, WhatsApp, or any of Google’s or Microsoft’s services without having one or more backups offline or in another service.
And now we get on with life — on and offline.