It began five weeks ago, when friends started asking Sheri Larson about the fortune she’d made overnight by trading cryptocurrency. “People were telling me they’d seen that on my personal Facebook account,” the Moorhead Business Association director remembers. “I went to take a look … but I couldn’t get into my account.”
She had been hacked. Somehow an unknown party had taken over her long-standing account, photos and all, and changed the password to lock her out.
That was bad enough, but the headache had just begun.
Sheri is an administrator of the MBA’s main Facebook page and its private groups – a juicy target for scammers, with 3,400 “likes” and 4,400 followers. By taking over Sheri’s personal account, unknown grifters were able not only to post their scammy messages about crypto in front of her social media friends. They could also reach the association’s members through its own accounts: By faking Sheri’s account, they held the key to locking her out along with the other admins.
And though the hacker takeover was reported to Facebook itself, little was done. Instead, Sheri and Cassie Temple, who handles the MBA’s digital communications, had to start over with the help of MBA member Jeff Carney of DarkHorse IT. His most basic recommendation: Immediately set up two-step authentication on their personal accounts. (Step-by-step instructions can be found on his blog at www.kfgo.darkhorseit.com.)
Cassie reports, “We sent emails to our entire membership telling them that MBA has definitely not changed its mission to Bitcoin sales! We told them how to find and follow our new page.” The replacement page, found by searching “Moorhead Business Association,” carries a message in its banner describing the hack and testifying to its authenticity. Messages on that site date back only to its birth in mid-August. The old, hacked site was still online as of this writing; it can be recognized by the age of its posts, which ended in mid-summer. The cryptocurrency messages no longer appear.
The MBA’s experience, Cassie says, is far from unique: If individuals’ personal pages are hacked, the malefactor can do his dirty work on whatever business sites they administer. Two-step authentication is essential to defend their integrity.
But the MBA’s best defense, she says, lay outside the social medium in a more basic internet communication tool – its comprehensive email list.
“This would have been much worse without email,” the owner of Beyond Marketing warns. “But we had our list. We send emails to our membership every week, so we could communicate with everyone immediately and let them know what was going on.
“That was our saving grace. And that’s my biggest advice: Always have an email list of your members or customers. Nobody is going to attack that.”
MBA fights back against hack attack