How My Sister Got Her Facebook Account Stolen. Don’t Fall For This!

Last week my sister’s Facebook account was stolen. She uses Facebook as her primary way of communicating and socializing, and has over 1,000 Facebook friends. She also has a business page linked to the account where she shows pictures, publicizes, and sells the results of her crafting hobby, (She builds little scenes in glass ornaments — kinda like ships in a bottle) so it’s a creative and financial injury as well. In addition to that, she lost a lot of vacation pictures that she had stored on Facebook.

Here’s how it was done:

1. Someone she was friends with sent her a message saying they were having trouble getting into their account. They said that they could send her a code and if she could tell them the code then they could get in. Now alarm bells may be ringing in your head, but since she’d gotten locked out of her own account last month for changing locations, it didn’t seem strange.
2. The code is actually to change the password of YOUR account. So after you send it to them, they change your password.
3. Then they log in and change the email associated with the account, so any attempts you make to try to change the password back, go to their email rather than yours.
4. Then they contact your Facebook friends, either telling the story of being locked out or asking you to buy something for them. Fortunately, in this case, my sister lives thousands of miles away from a lot of her Facebook friends, so when the “Hey could you stop by the store and pick up X for me?” came up, everyone was like “WTF?”
5. Finally, they change the name on the account so that they can claim that it’s not yours when/if you file a complaint with Facebook. In this case, the thief changed the name to Daniel White (note that he still uses the ornament she had as an avatar).

What to do if you get this message:

1. DON’T give them the code.
2. Communicate with the person by email
3. Report the account as stolen to Facebook
4. Let everyone know that this person’s account was stolen so they don’t respond to the message or buy stuff for the thief.
5. Publicize the method and name the person is using as much as possible. This reduces the possible victims and reduces the payout they can get.
6. (Optional) Taunt them on messenger. Note that you have to be careful with your wording as Facebook can come down on you for inappropriate language, however, reminding them that thieves and liars go to Hell, or asking if stealing the page was worth their immortal soul aren’t violations. “Daniel White” blocked me after only 3 taunts, but another one of my sister’s friends picked it up. We plan on tag-teaming him.

To Facebook:

1. You really need to get your act together. My sister reported this theft a week ago and the account is still active, and the guy is still contacting people in an attempt to steal more accounts.
2. Standardize and publicize your password change procedures so that everyone knows what to do and, more importantly, what not to do. In the past, we could do things like identify friends or get the help of friends to recover our account.
3. Stop locking people out of their accounts when they travel or change computers (I can get into Facebook effortlessly on my desktop, but have to fight with it on my laptop, and NEVER have access when I travel because I don’t use it on my phone.). My sister may not have fallen for this if it hadn’t been that she was locked out of her account for something stupid, previously.
4. Don’t allow anyone to change their password, email, location, and name all at the same time.

When Social Media companies don’t protect their customers, the customers have to do it instead, and it might not be in a way that the companies like.