When Life Gives You Lemons: Pulling Myself out of a HACKED situation

I’m not going to sugar coat this post.  It’s going to be raw, and emotional, and I *may* cuss a little.  Because two weeks ago now, my little secure online life took quite a turn and suddenly, I was left shaking my head in confusion and shaking my fingers at the idiots at Facebook.  Yeah, you Facebook.  I’m SURE you have someone sitting around whose job is troll the internet making sure no one talks bad about you— while my hacked account is going on two weeks of takeover and you keep telling me there’s NOT a problem.  Um…okay.

 

I’m writing this post for two reasons.  One- to tell my story so you can understand.  But perhaps more importantly- so you can LEARN from it and PROTECT yourself.  I refuse, REFUSE to let this hacker, stupid Facebook, and on a larger level- evil and hate- ruin me and this business I’ve worked so hard for.   The IT guys and the FBI agent who I’ve been working with both told me that I was targeted as a person and a small business because of my ‘reach’.  I have a lot of friends and a lot of fans.  You’re right.  So I’m going to use that REACH to educate, and caution, and PROTECT those I love and who love me.   So- please…please…read this story and then follow the steps.  I beg of you.  I wouldn’t wish this on any small business, or any person for that matter. I’m determined to take this awful experience for me, and turn it into education for those I love and who love me.  I’m going to make something out of these lemons.  With alcohol.  Always with alcohol.

 

As a small business, and especially as a photographer- we are DRILLED with the importance of social media for our businesses.  I literally spend hours studying how, when, why, what and how to post to social media.  Funny- I cannot recall in any of those hours of studying someone teaching me the importance of protecting it- and moreso, HOW to protect it.  Sure I know I need three colors in my IG feed, and how to find the best time to post to get most likes- but what about my protection?  It’s unfortunately something that is an afterthought.  Again, I’m determined to make it a FIRST thought.

 

PROTECT then POST.  PROTECT then POST.  Can I coin that?  I think so.  I might need some extra change for all the business I’m losing or have lost because of the hacker.  So, I’m gonna coin that lil’ phrase there.   Sidenote:  Meghan, I’m gonna need a magnet for that.

 

The Story:

So what happened?  Last Monday, July 24- I was checking my Facebook page on my phone around 6:30 before leaving to go to church.  I had to leave my home at 7 p.m. because…get this…I had to shoot some pictures of my PRIEST for BEREAVEMENT cards.  Yes, I was doing the work of God while someone did the work of Satan.  Funny how that works huh?  I know there is a special place in HELL for this hacker.

When I got home- I tried to log on and was logged out of my FB account on my phone.  Hmmm..that’s weird.  I didn’t log out.  But ok, enter the password.  Wrong.  try again.  Wrong.  Okay- let’s try on my laptop that was sitting right there.  Wrong.  Wrong. Wrong.  WHAT?>?  So quickly, I check my Messenger app on my phone to see if I see anything.

 

I do.  I see it.  And my heart sinks to my toes.

 

 

I know what you’re thinking.  Yeah, I don’t speak Arabic either.  Nor do I have a friend who does.  Nor do I have the three other ‘friends’ named Olav or whose profile pic is a terrifying clown face that came in that hour.

And just like that- a hacker came in at 7:19, changed my email address, my phone number, and my ‘three trusted contacts’ with Facebook so that I was COMPLETELY locked out of my account.  If you’re sitting here going ‘three trusted contacts????’ um.. KEEP READING.  It wasn’t long after I screenshot this that they kicked me off of Messenger too.

 

So now what?   I obviously realize I’ve been hacked.  I have a screenshot to prove exactly when it happened.  So, easy- right.  I’ll just contact Facebook and tell them and show this and it’ll be good.  It’ll be fixed by the morning, right?!?  ESPECIALLY since my business page is on there- and Facebook REQUIRES you to list an address on your business page and store a credit card for boosted posts- so SURELY there is customer service.

 

There is, sure.  When you can LOG IN.  When you have you password (nope), your email (nope), your phone number (nope), and then your THREE TRUSTED CONTACTS.  Wonder why the hacker friended three people so quickly???  Well now you know.  The final stop of security of Facebook is the three trusted contacts.  WHICH HE CHANGED.  So again, I was at a complete standstill.  No ‘you’ve been hacked’ page would even help me because I couldn’t get past this at all.

 

Despite crazy efforts and grasping at anything, I came to a horrible realization and reality that I don’t think anyone recognizes.  There is NO customer service for Facebook.  Nada.  Zilch.  Zip.  NOT A PHONE NUMBER.  NOT A REAL PERSON.  You can google it- and you’ll find a number, but you’ll also find about 14 posts that warn you that Facebook does not have a phone number and those are scams.  Lovely.   Oh.  and just an extra kick in the gut?  Have you ever googled Facebook’s actual address?  It’s 1 Hacker Way.  I wish I was joking.  Not even funny Facebook.  Like not at all.

 

Not only did they hack my Facebook account, they hacked into an email account I had deactivated 2 years ago.  Good times.  My computer also started giving me error messages that it was being accessed by conflicting countries.  Wonderful:) (note the sarcasm)

See that there??? That’s an international phone number. YEAH. They changed my phone number to an international one. :/

 

So…I’m pretty techy- but I took one look at that and KNEW I was in trouble- and it was over my head.  I immediately shut down and called Heart Technologies, an AMAZING Apple service provider in Peoria.  I would recommend them to anyone.  They encouraged me to bring my computer in…um….yesterday.  I got in my car and drove there immediately.    $180 and a week later- my laptop had been completely WIPED.  No worries clients- I’m a great businesswoman and backup my files like a champ.  I didn’t lose any files….but I did lose $180 and a week’s worth of work.

 

During this time, in an effort to report to Facebook- I had read that if you’re completely locked out and need to report- you need to create another account.  So I did.  I didn’t have a single friend or photo or post- I just wanted to report.  And report I did.  Every day.  I sent screenshots and the story.  Over and over.  And every time- I’d get back this lovely little automated message from Facebook telling me there wasn’t a problem. CASE CLOSED.  Really?  there’s not??  Thanks for reading my problem Facebook and caring about my business.  You’re the best.

 

I also found out during this time that a similar situation had happened to a fellow Peoria photographer.  I called her up and found out that she had a different scenario- but the same experience of having to fight tool and nail with Facebook to save her business.  I can’t tell you how much my stomach was curling inside listening to her story.  HOW and WHY is a company allowed to just crap on people this way?  I just don’t get it.

On Friday, August 4- my phone starting blowing up because the hacker was now online and posing as me and contacting my friends via video chat and messenger.  I had to send messages to anyone and everyone I could and trying to reach people to tell them NOT to respond:(    So, for the past few days now- the hacker is alive and well posing as me on Facebook.  HEY FACEBOOK. How about a quick ‘let’s check an IP address and see if this girl is right?’  hmmmm….

Finally, after all of my communication, I FINALLY hear back from Facebook yesterday regarding my situation.  And guess what?  They decided to take action and DISABLE the ACCOUNT I SET UP FOR REPORTING.  So they so diligently looked into my situation and instead of deleting the account that’s being run by a foreign terrorist, they disable the one I set up so I could report the illegal activity.  Nice work Facebook.  Way to be diligent.

 

So…here I sit.  I have a police report filed, and no way to communicate with the company who is letting this happen.  I even spoke with the FBI.  For those who know me- you know that amidst all of this horror, I was on cloud nine during that phone call.  I may or may not have dressed in all black and had cold coffee and a bunch of papers on my desk and talked for an hour with the agent like we were partners working across a desk.  Hey…a girl can dream.

So….bottom line.  DEFRIEND ME.  Like, yesterday.  Just do it.  I won’t be hurt.  I want you protected and that person acting as me ISN’T ME.  No worries friends.  I am going to make a comeback.  It’s going to be bigger and better than before and I’ll eventually go back to my motivational posts and hilarious captions, amirite;)  But for now.  DEFRIEND MY BUTT.  And go follow me on Instagram or Snapchat because I’ll be posting my work there:)

 

BUT FIRST.  BEFORE YOU DO ANYTHING.  BEFORE YOU EVEN LEAVE YOUR PHONE OR COMPUTER.  DO THIS.  PROTECT YOURSELF.  Here’s how:

 

I’ve learned a lot in the last two weeks about online security.  I want to teach you FIVE simple steps to keep yourself safe.  The IT guys at Heart and the FBI agent both told me that I was targeted because of my ‘reach’.  I have a lot of friends and a lot of fans.  Okay hacker.  You’re right.  I have a great reach.  And I’m gonna use that REACH to make sure that all of my people know how to stay away from jerkfaces like you.

 

I get it.  I know this is annoying.  And seems silly.  And it’s just ‘another thing’.  But it’s common sense.  Think about it.  When you walk into a hotel room, RAISE YOUR HAND if you go into the bathroom and if the SHOWER CURTAIN IS CLOSED- YOU SLOWLY OPEN IT AND CHECK IT before you sit down to pee.  Admit it.  We all do it.  We’re making sure we’re protected before we proceed.

PROTECT THEN POST.  PROTECT THEN POST.  Say it with me.  Tattoo it on you.  Just do it.

 

So let’s talk Facebook, my favorite:)  These steps are available if you google ‘how to protect yourself on Facebook’.

1- Set up 2-factor authentication. What is this?  2-factor is basically like 2 steps to log in to something.  You have your password- sure.  But you can add an additional step to protect yourself.  MOST often, this is done via text.  You’ll add your phone number to Facebook and then they’ll send you a text with a code.  The text only comes to your phone and you enter it onto your computer.  Then you’re logged in.

 

Just a note and tip on 2-factor authentication.  MOST places have this in place now- even if they never told you about it.  Google, Instagram, PayPal, your bank, etc. etc.  ALL have this feature.  DO IT FOR ALL OF THEM RIGHT NOW.  Most often, it is located in the ‘settings’ or ‘privacy and security’ links of those pages.

And when you’ve done that- go download an app called ‘Authy’.  It’s available in the app store.  It’s a super safe version of getting your codes.  You can add anything you access a 2-factor code for into the app and then when you need to get a code- simply open your app and there it is.  It’s a little safer than just a text- although don’t get me wrong, a text is 1 billion times better than not getting anything at all.

 

2-  Trusted contacts.  Facebook set up this security feature when you’re locked out where you designate three trusted contacts that Facebook will send a code to and then you can reaccess your site.  My lovely hacker went and changed it to his three good buddies he friended right away- therefore, locking me out for good.  So go do this.  Don’t make it your husband, sister, and BFF.  Be smart.  Make it three people that you can easily communicate with but that a hacker wouldn’t guess obviously.

 

3- Check your access.  You can easily see on Facebook WHERE in the world (for reals) someone accessed your account.  This may scare the pee out of you.  It’s okay.  Now you know.  You can go and ‘X’ out of the ones that are obviously not you.  And if you see somewhere that wasn’t you- go change your password now.

 

4- Finally, secure your email address associated with your Facebook account.  This is what happened to me.  They reactivated an old email to get access to my account.  So make sure your email address you are using that is associated with your account is secure as well.  I would bet that your email also has 2-factor and some other security features as well.  USE them.

 

5-  Passwords.  I know you’ve heard this more times than you’ve heard that stupid Despacito song on the radio this summer.  But it’s SO true.  They have to be crazy.  Like longer winded and more bat sh$t crazy than my aunts.  Characters, words, misspelled words, numbers.  And NOT the same for everything.  Does this seem overwhelming?  Like…crap, I can’t remember where I put my keys let alone 17 passwords?  There’s help for that.  There are multiple password apps for you.  My favorite that the IT guy taught me?  LastPass.  It actually regenerates a new long-butt password every single time.  And for those places where your activity has been dormant for awhile?  It will go in and actually reset that password for you.  It’s awesome.  Go get it.

 

Friends.  Fellow small business owners.  Please spend 10 minutes today and go protect yourself online.   I don’t want anyone to have to do this:(  I’m making it a personal mission to make sure my friends and small business owners are protected.  PLEASE read this blog, and then PLEASE share the link on your own Facebook sites so that this ‘reach’ my hackers were attracted to gets even bigger.  You wanna see reach, hackers?  Oh let me show you what my people can do.

 

Keep smiling, keep hustling, stay positive.  And protect then post:)

 

Kara