Yep, you may have just read that title and thought to yourself, "Shouldn't you know how to not get hacked if you work in social?!". Well yes, I probably should. And it's slightly ridiculous to say that out loud. But in all honesty, getting hacked online can happen to anyone, no matter who you are or what you do. It just so happens that I was doing all the wrong thing and ended up being a serious target for online hackers. But two weeks and counting after my hacking experience (yes, it's still being dragged on), I think it's safe to say I'm not an expert at not getting hacked online. I have some wise words of advice and tips for how to not get your pages hacked on social media, and how you can prevent losing access to your business pages.
What happened to me?
Let's paint a picture of the trauma and drama that is my Facebook hacking experience.\
On 19th January 2021, I received a notification at 8.45 am that there was some suspicious activity in my personal Facebook account. This led to me to discover that my personal profile had been disabled and removed from the Facebook platform....essentially, making me non-existent in the world of Facebook. I checked my profile from other devices within my household, and my profiles were gone. I spent the entire day checking my client's profiles from other devices, trying to ensure their pages were still intact and weren't being compromised in any obvious way. After submitting my identification to Facebook for approval in recovering my account, later that evening I was able to regain access and changed my passwords.
Fast forward to 10 pm that night, and another suspicious attempt to access my profile was made. But this time, it was a lot harder to regain access. I attempted to change passwords and gain access, but no luck. The next morning, I tried my best again to find a way to get access into my accounts and to get onto Facebook support, and even more, luck was lost. The person who hacked my personal profile had changed my primary email address within the account, so any attempt to reset passwords would have been sent to them, and not me. I was able to grab a recovery link to a new email address, but that link didn't work, either glitching or prompting errors within the system.
That same morning, I also made the effort to begin informing my 11 clients of what had happened, and the need for them to remove me from their business pages as admin. In any way, shape or form, my number one priority was the safety and confidentiality of their information, and I did not want their pages to become compromised and inaccessible for use. Thankfully, they were all very co-operative, and the process was a smooth one. On that night, I made the decision to create a new personal profile, and a new Socially Squared business page. I need to have access to profiles in which I could use to ensure there were no interruptions to my client's posting schedules, and so that I could keep working on scheduling content. I had to face the fact that the likelihood of me regaining access to my profiles was slim to nothing. And I couldn't let the stress and disappointment of losing these profiles stop me from delivering for my clients.
Two weeks passed, and the only options Facebook really gave me were to report my old profile for impersonation or use of my intellectual property. I went along my merry way of working in my new profile and business page and starting to grow those once more. But on 30/1, I decided to check and see if I could change my password once more.... and it worked. I was able to gain a code to reset and said code worked, allowing me to be one step further in. The hacker had then set up two-factor authentication within my account so that prevented me from further entry. But after resubmitting my ID for the 3rd time in this scenario, on 31/1, my ID was approved and I was to regain full access to my old profiles. Yipee!!
Just when you think all was well, I began to dig within the backend of pages and settings. This hacker went to extreme extents to try and wire money from my Ads account. This also led to my bank card becoming hacked and cancelled, and an email address is hacked and suspended. This person (who's name and email address I did uncover), has:
Claimed unauthorised ownership of two of my business pages.
Tried to wire a few hundred dollars from my Ads account by purchasing Facebook ads.
Removed my primary email address and added his.
Corrupted and compromised my Ads Account and Business Manager, by adding his own added and separate companies, email addresses and assets to assets and pages I look after.
Added himself as a friend to my page to make this look somewhat legitimate.
Safe to say, I won't be using these profiles anymore. Once I can reclaim ownership of the two business pages I need, I will be deleting the entire setup of these profiles, making them inactive and non-existent for anyone. I've been incredibly disappointed, especially having lost a business page that I worked very hard to grow, but I'm grateful it wasn't any worse than it has been, for me or for my clients.
Tips I have for not getting Hacked.
From all of that, I'm pretty sure you can gather that this has been a horrible experience for me. But it also left me with the opportunity to learn more about online security, and safe social media use. Here's some insight into what I've learnt:
Change your passwords regularly: this is probably the number one reason for my hacking, in having the same password for every single website, platform or service I use, professionally and personally. You should update your passwords regularly and not have easily identifiable passwords.
Enable two-factor authentication: this is important for social media, online banking and emails. Enabling two-factor authentication allows you to receive a code every time you access an account from an unknown device, adding an extra level of safety to your accounts. This is easy to set up, and I recommend using the Google Authenticator app, which allows you to have a bank of accounts with codes that reset every 60 seconds.
Add another person into your page roles within your socials: this is a great tip a client actually gave me after her husband was hacked. Having someone else sit in with admin access to your Facebook page allows you to still be able to use it if you lose access to your profiles, and prevents you from having to start another page. You can also set this up in your personal profile.
And with that, I'll be off to keep using my new profiles and be super safe with all the authenticators and security I've now set up! Being hacked is the absolute worst, and if it happens to you, now at least you have some extra insight into how you gain possibly secure your accounts and maybe even regain access.