Why hackers are targeting small businesses on social media
BOSTON – Using a steady hand, a tiny brush, and a lot of patience, Pearle Northrop creates one-of-a-kind treasures from her Marlboro home.
Each vase, Christmas ornament, or trivet is covered with tiny dots or intricately painted flowers.
"It took me three months to pain this one," she said, holding up a large vase with tiny flowers.
Northrop sells her work at craft shows, on Etsy and on Facebook. Or at least she did until her account was recently hacked.
"I totally freaked out. I had no idea what was happening," she said.
Pearle says she fell victim to a phishing message on her personal page that she says looked like it came from Facebook. But she quickly realized her page had been compromised.
"My Facebook cover photo and my profile picture were changed to the ISIS flag," she said. "After they hacked my personal page, they went into my business page, added themselves on as an administrator."
As administrators, the hackers were able to use her credit card to buy fake advertisements aimed at duping her real customers. Cyber Security expert Peter Tran explained why a hacker would want to buy adds for Pearle's Painting.
"If a business is known and trusted, when an advertisement comes from that businesses, even if it's malicious, [the hackers] take advantage of that trust across the community," he said.
The tricky part for Northrop was fixing the problem. She said she tried for hours to contact someone at Facebook or Meta without any luck. Desperate, she reached out to a friend who works for Facebook, and they were able to help.
"I was fortunate, I got back in four days later," she said.
Still, she feels rattled by the whole experience.
"I was thinking I would just be done with Facebook ... and just start focusing on local markets," she said.
We reached out to Meta, the parent company of Facebook, to ask what they are doing to protect customers and why it was so hard for Pearle to get help, but no one from the company returned our email.
According to Tran, there are a couple of things you can do to protect yourself
- Log out when not using Facebook
- Use 2-factor authentication.
- Beware of phishing messages
The Massachusetts Attorney General's office told us they had more than 70 similar complaints in 2022.