From there, they also took control of the account she uses to run her small business, wiping out 90% of the customer base she had built up over the past four years – almost in an instant.
Their target? The PayPal account she uses to purchase Facebook ads for her business.
Ms McTaggart is among many small business owners who say they have seen their Facebook pages hacked and fraudulent charges made to their PayPal or bank accounts while scammers buy ads with their money.
It was last Thursday night when Ms McTaggart first noticed something was going on with her Facebook account.
âI was just watching TV and opened Facebook. I saw that I had received and accepted a friend request from a guy in the US that I had not sent a friend request to. “Ms. McTaggart said.
âThen, about five minutes later, Facebook sent me an email saying my account had been deactivated because I had violated community standards,â she said.
The ISIS flag violates Facebook’s community standards and automatically triggers an alert that forces Facebook to kick the user out of their account.
In another measure designed to keep her out, the hackers also changed Ms McTaggart’s age on her account, making her too young to own a Facebook account.
Ms McTaggart said she immediately took steps to attempt to report the hack to Facebook and prove her identity and age, but to no avail.
Then the hackers took control of his business page.
âI woke up the next morning and received an email from PayPal saying that a payment of $ 320 had been authorized for Facebook ads,â Ms. McTaggart said.
Ms McTaggart had previously used the PayPal account to purchase advertisements for her dreadlock business – Better Off Dread – where she designs and maintains dreadlocks for customers as well as selling accessories.
The mother-of-one said she was devastated to lose access to her personal and professional page.
Her business, which largely relies on Facebook, was her livelihood, Ms. McTaggart said.
âIt’s so distressing. Almost 90 percent of my new business inquiries go through Facebook,â she said.
âAlmost all of my communication with my customers is on Facebook, so deactivating my account completely cut off my ability to speak to any of these people.
“I booked with clients until mid-January and I have no way of confirming appointments with these people. They have no way of canceling if they are sick.”
Ms McTaggart said she was initially confident she could regain access to her accounts.
âI thought of course that would be resolved,â she said.
But, after exhausting all the suggestions offered by Facebook’s customer service online, Ms McTaggart said she was frustrated by Facebook’s lack of accountability, with no number available to call the social media giant directly.
âI gradually realized that this is a pretty complex situation and that there is actually no way to talk to a human on Facebook,â she said.
PayPal had also refused to reimburse the $ 320 the hackers spent on ads, she said.
âPayPal will not refund this because I had an advertising agreement with Facebook,â she said.
“And I couldn’t communicate with anyone on Facebook to get them reimbursed.”
Ms. McTaggart’s story is familiar to Ianni Nicolaou, an American real estate agent from Alabama.
Mr Nicolaou saw his personal Facebook page and his work page hacked two months ago in August and has not been able to regain access to both since.
âIt’s awful. I’m a real estate agent and it is absolutely necessary to use the platform these days,â Nicolaou told 9News .com.au.
âI have a business page that I advertise on.
“I invested money for my subscribers, and now it has come out of nowhere.”
After his accounts were hacked, Mr Nicolaou said he was also hit with charges of around AU $ 1,800 charged to the bank account linked to his Facebook business page.
âThere have been charges, charge after charge. They started at around $ 100 each and kept getting bigger,â he said.
âWhat frustrated me the most is that there is no acknowledgment from Facebook. There is no one to call on Facebook and say that you have fraudulent charges.
âI’ve literally tried everything, but you’re talking to robots.
“What I feel is that this is actually a fraud. I can’t talk to a human who wants to help me, but they are happy to take my money very well.”
Contacted by 9news.com.au, Meta Australia spokeswoman Antonia Sanda said her investigative team was working to restore the accounts of Ms McTaggart and Mr Nicolaou.
âWe want to keep suspicious activity off our platform and protect people’s accounts, and we strive to restore those accounts to their rightful owners,â she said.
âOnline phishing techniques are not unique to Facebook, but we are investing heavily in technology to protect the security of people’s accounts.
“We strongly encourage people to increase their security online by enabling application-based two-factor authentication and alerts for unrecognized connections.”
Tips to prevent your Facebook page from being hacked
- Take action and report an account: People can always report an account, ad, or message that they think is suspicious.
- Do not click on suspicious links: Do not rely on messages demanding money, offering freebies, or threatening to delete or ban your account (or verify your account on Instagram). To help you identify phishing and spam emails, you can view official emails sent from your settings in the app.
- Do not click on suspicious Meta / Facebook / Instagram links: If you receive a suspicious email or message, or see a post claiming to be from Facebook, do not click any links or attachments. If the link is suspicious, you will see the name or URL at the top of the page in Red with a red triangle.
- Do not reply to these messages / emails: Do not respond to messages asking for your password, social security number, or credit card information.
- Avoid phishing: If you accidentally entered your username or password in a strange link, someone else might be able to log into your account. Change your password regularly and don’t use the same passwords for everything.
- Receive alerts: Light up two-factor authentication for additional account security.
- Use additional security features: Receive alerts on unrecognized connections and light up two-factor authentication to increase the security of your account.