Site   Web

July 25, 2014

How I Recovered a Hacked Facebook Page

Image courtesy of [ chanpipat] / FreeDigitalPhotos.net

You always hear about people’s Facebook accounts getting hacked, and often see the consequences of it (constant event invites to random sales with dodgy links). However after working around social media for so long, I always thought I’d seen it all, and wouldn’t be fooled like so many others before me. So when I got hacked and had a Facebook page with 25k followers stolen from me, I was left feeling like a true sucker. But I got it back, and actually found a friend in a guy who had taken me to hell and back, from a country I’d never even heard of.

It starts fairly typically of any hack story you’ll find on Yahoo! Answers or on the Facebook community boards. I woke up very early on Wednesday morning to check my pride and joy, a Facebook page I’d organically grown to 25k followers in the space of two months. However, I was on alert as I discovered the following message in my inbox, posted by “Facebook Pages”:

“Dear Facebook user, After reviewing your page activity, it was determined that you were in violation of our Terms of Service. Your account might be permanently suspended. If you think this is a mistake, please verify your account on the link below. This would indicate that your Page does not have a violation on our Terms of Service. We will immediately review your account activity, and we will notify you again via e-mail. Verify your account at the link below:

**insert dodgy link here**

Thanks for being part of Facebook Community. “

I gave this a quick skim and believed it to be legit, partly because I was half asleep, and partly because I definitely had infringed copyright laws with a few of my posts. Looking back I should have noticed the grammatical errors or checked the profile that the message came from (which was a blatant fake) but nonetheless I clicked through to the link, which took me through to the page below.

Facebook phishing

Without thinking twice about it I entered my details, which directed me back to Facebook’s help page. I then messaged the phony “Facebook Pages” profile from my page to tell them that it was done, and that I was waiting to be reviewed. Feeling like I’d sorted the issue, I left the page and got ready for work, promising to check out how the review had gone before I left for the day.

After getting ready I went to log into my Facebook account but was having no luck. I tried my details again only to notice that it wasn’t my password that was incorrect, but my email address. In fact, it was saying that my e-mail address was not registered with any Facebook account. I was perplexed but tried again, this time logging in with the e-mail Facebook provides on default (Username@Facebook.com). This got me in, and it was at this point that I knew there were some serious issues.

Facebook had informed me that somebody in another region had tried to access my page. They’d done more than that.. this hacker had actually got complete access to my account, and proceeded to change the e-mail address to a spammy looking Gmail account. Not only this, they’d posted porn images on a bunch of local pages from my account, sent several friend requests and, to my dismay, removed my admin status from my beloved Facebook page. I was freaking out majorly, and for a number of reasons. My page was a big deal, but the account was also linked to my credit card and PayPal accounts, not to mention the probability of getting temporarily banned for posting porn everywhere.

I messaged the page a few times and got ignored, posted to the wall and got banned, and after not hearing from Facebook support I’d pretty much conceded defeat. However before I gave up I thought I’d talk in a language we all understand:

Tom: I’ll pay you for the page back. Just name your price and I’ll pay it.

Hacker: $1,000

Success! No way was I prepared to pay that kind of money, but at least the hacker had recognized me. I just had to keep him talking, get him to understand what he’d put me through:
Tom: Sure, just send me your PayPal details. USD yeah?

Hacker: You can send me via westerunion or moneygram

Just the fact that they said ‘me’ seemed to change the conversation. This wasn’t a robot, there was real human being behind this, probably somebody who could be reasoned with.

Tom: Would you consider being a nice guy and just giving it back? I worked very hard on the page

Tom: You’re from Europe yes? What good is this page to you?

No response for 12 hours, it was time to bait him:

Tom: Just send me your details and we’ll make the arrangement. Money gram please

Hacker: okey

Hacker: i will send you details just in case

Hacker: you are a nice guy too but man i need some monney even if you don`t send me 1000$..at least 300$ talk to you later

Tom: Don’t we all need money. I was going to sell this page soon anyways.

Hacker: Can I trust you?

Tom: Trust me in what way?

Hacker: I actually post stuff on pages I get. But this seems that you really give much time on it.

Hacker: When can you send me the money?

Tom: I could do it immediately. But how can I ensure you’ll give me ownership back?

Hacker: You will have my word. First I make you editor. Add me and I’ll make you editor right now.

Next thing I see a friend request pop up from a name I won’t mention, but could barely pronounce. The display picture was of a pretty girl looking away from the camera. Considering their last status update was back in 2012 I concluded this was fake.

Hacker (now using fake profile): When should I post on your page? I will only post once a day

Tom: What’s your site? Let me have a look at your content

Once he sent through his site I knew that I was dealing with a pro hacker, but an amateur online marketer. It was poorly designed, had spelling and grammatical errors everywhere, and the fact that the visitor counter he’d installed was still in double digits was proof that it wasn’t doing too well.

He gave me back editor controls of my Facebook page (I could post but not do much else), which was a start, but I continued to go in with a soft approach:

Tom: Can you make a comedy post?(it’s a comedy fan page) Then we post that one first, and slowly just post all kinds of stuff

Hacker: I thought you had money:P. Lol.

Tom: What do you mean?

Hacker: I mean, I don’t really have the life you have.

Tom: Where are you from?

Hacker: Kosovo

Tom: Ah

Pardon my ignorance, but I’d never heard of Kosovo before. I’ve barely travelled outside of Australia, and have never been to Europe. I quickly read up on it on Wikipedia to discover Kosovo’s brief history – it had only been a country as of 2008, when it had unilaterally declared independence from Serbia. According to Wikipedia Kosovo was known to be “Extremely vulnerable to organized crime and thus to money laundering,” so everything was starting to make sense.

Hacker: just send me 200$ i will give this page to you

I sensed that there was somewhat of a power shift taking place. The site he showed me was struggling, which was why he had proceeded to hack other pages.. in a way to grab some quick traffic.

Tom: Hey listen but, if you start posting on this page you’ll currently get no interaction, nobody will click man the base is too small, you might get 10 clicks tops a post.

Hacker: This isn’t the first page I use for posting. I know what I’m doing on this

Tom: Man I own my own content site, similar to yours. There’s a reason I haven’t posted yet.. the base is too small it’ll just destroy the page.

Hacker: oh

Tom: If we grow this page we can make money. Off affiliate deals and off your website’s AdSense

Tom: I’ll split it with you. Just let me continue to grow the page

From this point on the subject matter of the conversation completely changed. He asked one more time for money, but it became more an opportunity for him to pick my brain, to learn more about growing a website. I showed him blogs of mine and gave him advice on what he can do for his page. In the space of about 10 minutes this clever, manipulative hacker became like a kindergartener on his first day of school, soaking into his brain everything I was throwing at him.

Tom: Do you ever get content ideas from reddit?

Hacker: Whats reddit

Tom: Omg really? Man, this will help you more than any money I could give you.

Hacker: I will not even think of removing you from your fan page or something

Hacker: I just learnd something. And that’s good.

Hacker: Btw thanks for sharing

We went on about content strategies, SEO, etc for a while, but I had a few more questions to ask him. This was so fascinating to me, I’d never been hacked, let alone got the chance to communicate with a hacker.

Tom: How many pages have you hacked?

Hacker: Hundreds man.

Tom: What’s the largest

Hacker: 600k

Hacker: But don’t say hacked lol sounds stupid

Tom: What’s your actual name?

Hacker: Elvir

Elvir was opening up, and he proceeded to tell me more about himself. He’s a 22-year-old economics student, trying to make money off websites in his spare time. He still had a.blogspot domain which he wanted to change but he couldn’t afford a domain, and he wasn’t getting enough traffic to generate AdSense revenue.

We continued talking for the next two days sporadically. He’d ask me various questions around online marketing, while I was trying to get to know more about him. At this point I thought it was time to see if I’d completely reimbursed him.

Tom: hey can you make me admin? i need to add my account so i can post vid again.

Hacker: I make you admin now. (and he did)

Hacker: But I really need that help from you

Once I got admin status back I quickly deleted him off the page, changed all my login details and made a new account to manage the page (just in case he could get back in). Despite this however we still talk a few times a week, usually when he wants advice on how to write a headline, or how he should fix his page design. I actually even sent him over some money for a domain on a $15 prepaid credit card, which he was thrilled about.

I know that most situations don’t end as positively as this — it sounds like nearly everybody who has their Facebook page hacked virtually loses it for good, and Facebook doesn’t try to help out in the slightest. But it made me learn that there’s still a human element, a vulnerability if you will, in everyone.

What started out as one of my scariest online experiences actually turned into something of fascination, and my experiences with Elvir in Kosovo sure went a way into affirming that’s there a little bit of good (and evil) in all of us.

Article Source: http://EzineArticles.com/8586723


avatar

Article By Tom Willis.

4 Responses to “How I Recovered a Hacked Facebook Page

    avatar Sudipto says:

    Hey tom,
    Thanks for sharing your experience with us. Yes, these days hacking is become very common and we have to make our security good enough so that our account should not hacked.

    avatar ecommerce website development says:

    Interesting. Thanks for the share

    Fascinating story! Reading this made me wonder what I’d do if my own FB page got hacked. I guess you’re right, there’s still a bit of humanity in all of us.

    The bigger truth, however, is that this example (Elvir from Kosovo), is just a 1 in a Trillion lucky chance. Once a hacker is in, he names his price and it is usually a very high one. Too high to swallow.

Submit a Comment

Your email address will not be published. Required fields are marked *






Please leave these two fields as-is:

Protected by Invisible Defender. Showed 403 to 6,723,103 bad guys.

css.php