Facebook hackers stealing accounts in ENC | #hacking | #cybersecurity | #infosec | #comptia | #pentest | #hacker

GREENVILLE, N.C. (WNCT) – Hackers are evolving and setting their sights on Eastern North Carolina residents.

Kinston resident Patrice Alexander saw no harm in answering a Facebook video call from a friend. After all, Patrice considered herself tech-savvy and she was sure it was her friend.

“So frustrating. Within 5, 10 minutes, I’m getting calls from family and friends about, ‘Do you need money and I’m like no I don’t need money,’” Alexander said.

Through the simple act of answering a video call, a hacker was able to grab images of her face. In turn, the hacker had enough information to break into her account.

The Center for Internet Security’s Director of Intelligence and Incident Response TJ Sayers said when Facebook finds suspicious activity, it requires users to prove their identity. One way to do so is by providing a picture.

“One of those methods is giving an updated picture of yourself to verify your identity, so more than likely what this actor was doing is they were trying to start a video call so they could capture a picture of that user’s face and then take over the account,” Sayers said.

Patrice reported the hacking to Facebook.

“I immediately received one of those OK we’ve received emails. I’ve heard nothing else from Facebook. This has been three weeks,” Alexander said.

The hacker requested money from people on her friend list. One friend sent $100.

“I’ve messaged them and said, ‘Get a job, quit being a thief and trying to take things from other people.’ They just said, ‘Well we need money, I need money, I need money.’ Well, doesn’t everybody need money? I live on a thousand dollars a month, don’t you think I need money?” Alexander said.

With some help, Alexander was able to get back into her account.

“You know, I’m so excited, and I had to go through it and just kind of remind myself of what my account actually looked like, and I wanted to get rid of any posts that they had made,” Alexander said. “I’m a little apprehensive about them getting back in again and the same things happening to me.”

Alexander’s unease proved right. Her account got hacked shortly thereafter, and she was locked out once again.

Not only are personal accounts hacked, but business pages as well!

Basil’s Restaurant and Pizzeria is a local Greenville spot. But you would not be able to tell from their Facebook page. The account was taken over and turned into a page for T-Shirt Trends, a group managed out of Vietnam, the Philippines and India.

Owner Jeremy Spengeman has not had access since June.

“Facebook still… ‘We’re still looking for a solution, we’re looking for a solution.’ But then finally on October 1, I was emailed by Facebook, they had done everything to resolve it and couldn’t prove it was my page,” Spengeman said.

Spengeman wants his page back, or at least have it shut down.

“It shouldn’t be hard for one person at Facebook to look at it. ‘It’s this guy’s name. It’s this guy’s number. It’s this guy’s email address. Oh, if we go 10 posts down, everything is the past eight years of his business history.’ We’re not in Vietnam, we don’t sell t-shirts. I mean it’s still listed as a restaurant on Facebook. It shouldn’t be hard for them to do it, but they just don’t care to,” Spengeman said.

Safeguarding an account is important. Sayers said people should go to if they believe their account was compromised.

“You can immediately put it a request to have your account frozen or investigated for account takeover activity,” Sayers said.

Nine On Your Side reached out to the Better Business Bureau of Eastern Carolina. They said if an account is hacked and personal information is stolen, the victim needs to report the incident to the Federal Trade Commission. If a person believes they are a victim of a cybercrime, they need to report it to the Internet Crime Complaint Center.

Nine On Your Side also reached out to Facebook. Tracy Clayton with Facebook Meta sent the following response on Monday.

  • “On protecting your account:
    • We offer security features to help people protect their accounts that are available 24/7 in our Help Center. Here are some recommended best practices and tips your viewers can follow to strengthen their account security and prevent being a victim of account compromise:
      • Enable two-factor authentication as an extra layer of security for your Facebook account. If you set up two-factor authentication, you’ll be asked to enter a special login code or confirm your login attempt each time someone tries accessing Facebook from a computer or mobile device we don’t recognize. To see how it works, watch our video here.
      • We also encourage you to sign up to receive alerts for unrecognized logins. These alerts will tell you which device tried logging in and where it’s located.
      • We ask that people report suspicious links or posts to us right away via our Help Center so we can review and take appropriate action:
      • We also recommend that people ensure their other high-value accounts are secure, such as their email accounts. Sometimes, hackers may use access to people’s emails to compromise their Facebook accounts.
      • You should only accept friend and message requests from people you know. Take time to review and confirm each friend and message request that you receive before responding. To help, we launched safety notices in Messenger that pop up in a chat and provide tips to help people spot suspicious activity and block it when something doesn’t seem right. These safety alerts help educate people on how to spot scams or imposters and help them take action to prevent harm.
    • We are making investments to further help resolve support-related concerns across our platform. As we said on one of our earnings call, we’re “…investing more in building out better customer support for our products.”
  • On our account security support tools:
    • If you think your personal account was hacked, please visit to learn how to fix it.
    • If both your account and the email account linked to it have been hacked, we may ask for additional information which only you as the rightful account holder would know in order to restore your access. This could be an SMS code sent to a mobile number associated with your profile or valid photo ID.
    • Once you regain access, we encourage you to change the compromised email associated with your profile in your settings and consider enabling two-factor authentication, trusted contacts and login alerts to keep your account safe.
    • While we have dedicated teams and technologies to detect and block malicious activity, we know that no system is perfect. If you do come across something suspicious on Facebook, please report it to us right away either by clicking the three dots in the upper right corner of a post or through our Help Center so that we can review and take appropriate action.
    • We encourage people to not accept suspicious requests and to report suspicious messages that try to trick people into sharing personal information:
    • We also encourage the Meta community to remain vigilant about clicking on suspicious links or downloading untrusted software to avoid compromising their devices and accounts. More information is available in our Help Center:
  • On hacked pages:
    • Since your Page is connected to your personal Facebook account, it’s important to keep both secure. Pages can only be accessed through a personal account that belongs to an admin. If you suspect that your Page was taken over by a bad actor, it may mean that your personal account or the account of someone who works on your Page was hacked.
    • If you suspect your personal account or Facebook Page has been hacked, we recommend you visit and you’ll receive step-by-step help on how to fix it. For more information on what to do if you suspect your Page has been hacked, please see the following article in our Help Center:
    • We recommend that people ensure their other high-value accounts are secure, such as their email and online banking. Sometimes, hackers may use access to people’s emails to compromise their Facebook accounts.
    • We offer a number of security features and recommendations to help you recognize suspicious requests and activity, and keep your account and your Facebook Page safe. We recommend the following:
      • Secure your account with two-factor authentication: Enable two-factor authentication as an extra layer of protection, both for yourself and as a requirement for other members of your business.
      • Review Page roles and permissions: Familiarize yourself with the different Page roles that exist and the permissions they have.
      • Don’t accept friend requests from people you don’t know: Scammers may create fake accounts in an attempt to friend and manipulate people.
      • Watch out for suspicious links and malicious software: Keep an eye out for links you don’t recognize, especially if they’re coming from people you don’t know or trust. Be careful not to click on suspicious links, open suspicious files or install malicious apps or browser extensions—even if they appear to come from a friend or a company you know. If you see a post or message that tries to trick you into sharing personal information, please report it.”


Click Here For The Original Story From This Source.

National Cyber Security