How a hardworking mum lost thousands after falling victim to an alarming Facebook hacker | #hacking | #cybersecurity | #infosec | #comptia | #pentest | #hacker

By Ashley Nickel For Daily Mail Australia

16:40 01 May 2024, updated 16:41 01 May 2024

An Aussie mum has spoken out after falling victim to a Facebook hacker that drained thousands of dollars from her small business bank account.

Justine, co-owner of baby clothing brand Pip & Lenny, found herself with just $1.71 left in the company’s coffers after a hacker stole the rest.

The shock hit when ANZ Bank notified the mother-of-four about 10 strange withdrawals from the account. 

Each transaction was for $1,250, amounting to $10,000. 

‘Every dollar, gone. We didn’t realise that it could happen. It’s been devastating, to be honest,’ Justine told Daily Mail Australia.

She said the hackers gained access to her personal Facebook account, which was linked to her credit card.

Exploiting this access, the hackers funnelled the funds into advertising their own dodgy business on Facebook. 

‘They’ve been setting up lots of ads to advertise their own business, and that’s how the money was spent,’ Justine said. 

Justine (seen here with her family) might have to close the baby clothing business she co-owns due to a Facebook hacker’s attack
The hackers managed to drain thousands from her business account

Baffled by the breach despite having robust two-factor authentication in place and no suspicious activity on her account, Justine said: ‘I honestly have no idea how it’s happened.’ 

She also said that she never clicks on suspicious links and is diligent about her cybersecurity.

Justine said that if the money isn’t recovered, she and her business partner might have to shut down their clothing company.

‘This business is our livelihood. We’ve got four children each, so eight kids between us, and we work on it endlessly day in, day out. 

‘It’s just been a devastating blow to our business,’ Justine said.

‘To be drained of our funds means that we can no longer get stock to our shop, we can’t pay our bills, we can’t pay our own mortgages because ultimately that’s where we get paid from.’ 

Adelaide mum Justine (right) is pictured with her business partner Bec (left)

While the pair have been ‘in contact’ with people at Facebook, the company has not yet confirmed if it will cancel the ads and refund them.

However, one worker at Meta, Facebook’s parent company, has managed to track down the thief. 

‘A follower gave us a direct email for someone who works at Facebook and she’s been amazing.  She said she has found the hacker and their email address.

‘So we are really keeping everything crossed that we will get the money back.’

Justine thanked customers for supporting their brand (products pictured) through the difficult time

Now Justine is investigating how they can better protect their business in the future, as she issues a warning to Aussies. 

‘Just make sure that you’ve got your two-factor authentication set up and having different passwords for all of your personal and business accounts,’ Justine said.

‘One thing we’ve learned from this is to have a bank account that’s set up just for your Facebook ads so there’s only low funds in it compared to your main account.’

Similarly to Facebook, ANZ have offered to investigate the fraud.

Justine said she was overwhelmed by the support she received from her customers after the scam.

‘Lots of people have been placing orders and we’ve been really humbled by it.’


Two-factor authentication (2FA) is an additional layer of security for accessing online accounts. 

It requires users to provide two different forms of identification before granting access. 

Typically, this involves something the user knows (like a password) and something the user has (like a unique code sent to their phone or generated by an authentication app). 

This adds an extra level of protection against unauthorized access, even if a password is compromised. 

Earlier last year, businessman Paul Trefry issued a warning about a sophisticated text message scam targeting ANZ customers, after they conned him out of $130,000.

The criminals sent a text message to Mr Trefry from the same number used by ANZ Bank. It appeared in the same message thread as legitimate text messages from the bank, which made him think it was not a scam. 

The text message warned his account had been compromised and he needed to transfer his money over to a new ‘safer’ account, which turned out to be the crooks. 

‘I’m running a business, and not having a business credit card makes things very difficult, so the second option was better for me,’ he said. 

Over the next four days, Mr Trefry sent across $130,000 to the account which the scammers ran.

Earlier last year, businessman Paul Trefry issued a warning about a sophisticated text message scam targeting ANZ customers, after they conned him out of $130,000.
ANZ recovered some of the money, but Mr Trefry (pictured) was still left $85,000 out of pocket

ANZ’s fraud team didn’t contact Mr Trefry about his odd transfers until a week after he received the fake alert. By that point, he’d already lost $130,000. 

‘They asked me about a transfer of $17,500 into an account, and I said, ‘well, guys, I’m just following your instructions,’ and they said, ‘no, we wouldn’t instruct you to transfer money into different accounts’.

‘…He (the ANZ rep) said, ‘look, it’s a really elaborate scam which these guys have been doing, and they copy ANZ’s protocol to a tee, unfortunately, there’s not gonna be a great deal we can do for you’.’

He called for ANZ to do more to alert its customers about current scams.

‘They’ve got a liability to their customers to notify them about this type of thing,’ he said.

‘They’ve known about it for a long period of time.

‘It’s simple to send a text message to your customers saying that this service has been compromised and check the text messages before you do anything.’

ANZ recovered some of the money, but Mr Trefry was still left $85,000 out of pocket.

Daily Mail Australia has contacted Meta for comment. 


Australians lost a total of $2.74 billion to scams online, by phone or in person in 2023.

This figure was down from $3.15 billion in 2022, a 13 per cent decrease.

It marked the first time money lost annually from scams declined since 2016.

But Australians made 601,000 more scam reports in 2023, up from 507,000 in 2022.

Australian Competition and Consumer Commission deputy chair Catriona Lowe said the fall in losses was encouraging and suggested measures such as the 2023 launch of the National Anti-Scam Centre were working. 

‘At $2.74 billion, that is still far too many dollars lost to Australians and significant emotional and other costs suffered by Australians as well,’ Ms Lowe told reporters on Monday,

She said some groups were also more vulnerable than others, with losses among the 65 and older age group remaining stable rather than decreasing.

‘These sorts of pieces of data tell us that in addition to general messages to the Australian community, we also need to be thinking about getting to particular target groups,’ she said.

Investment scams continued to be the most costly to Australians but losses decreased by 13 per cent during the 12 months.

Remote access scam losses increased by 12 per cent and romance scam losses decreased by four per cent.

The report combined data from Scamwatch, ReportCyber, AFCX, ASIC, and IDCARE to analyse trends by contact method and scam type.

READ MORE: Mum’s rant sensationally backfires after she claimed an $18 Kmart Australia shirt was ‘too revealing’ for her daughter to wear


Click Here For The Original Story From This Source.


National Cyber Security