Another small business says Facebook has been unresponsive to complaints about an account hijack - and scammers spending on the credit card tied to the account.
Scott Lawrie, director of the Scott Lawrie Gallery in
Scott Lawrie Gallery director Scott Lawrie. Photo / File
Another small business says Facebook has been unresponsive to complaints about an account hijack - and scammers spending on the credit card tied to the account.
Scott Lawrie, director of the Scott Lawrie Gallery in Auckland’s Mt Eden, says he received a Facebook alert about suspicious activity on his business manager account on March 23.
He tried to log on but couldn’t because the account had been hijacked by hackers who had changed the password. The cause of the breach has yet to be established.
Things went from bad to worse just hours later when he got a second security alert - this time from his bank, ASB, reporting suspicious activity on his account. The hackers had used the account tied to Lawrie’s Facebook business manager account to buy four lots of Facebook ads, each costing US$1500. The money was used to buy ads pushing scams. Along with sundry other charges the hackers put on his account, Lawrie was out of pocket to the tune of $10,400.
Lawrie says ASB came to the party, reversing the charges. But the bank also told him that, as things stood, the $10,400 was in legitimate charges. If its decision to reverse the charges was challenged, then the art gallery owner would be back on the hook and have to cover the bill.
There was also the practical problem - which remains - that neither Lawrie nor his IT contractor could get anything beyond a template response from Facebook’s support channels. That meant he could not do his usual promotion. He said he usually spends US$200 to US$300 per month on Facebook ads for his gallery.
The police and Netsafe were responsive, but neither could make any headway with Facebook.
“ASB has been amazing, as have Netsafe and the police, but Facebook has so far been hopeless,” Lawrie told the Herald.
“It’s been more than three weeks and there’s been nothing except an email asking me to send ID two weeks ago.”
Lawrie struck the same wall as tech columnist Peter Griffin - who was logged out of his own account by an impersonator and asked by Facebook to upload an image of his passport to prove his identity. He could not fill out a required Facebook form, however, because he was blocked from his own account (not that he was able to upload it in any case, but Griffin also had qualms about uploading ID documentation - understandable after the recent Latitude breach).
“Facebook has been an impervious wall,” Lawrie said.
His experience mirrors that of Christchurch tech firm Swiftpoint, which suffered through a six-week hijack of its Facebook business manager account, and its credit card being used to book scam ads, before a query from the Herald prompted the social network to swing into action. (This afternoon, Meta updated that Swiftpoint had been restored access to its account.)
Griffin, similarly, had no joy until he approached the company’s media team.
The Herald approached Facebook owner Meta for comment on Lawrie’s case.
A spokesman said Lawrie’s case would be investigated.
On the questions of why it had taken so long to address the gallery’s account hijack, or in what timeframe an individual or small business could expect Meta to address a complaint about an account takeover, the spokesman offered only the general response that:
“We are currently reviewing this issue. Scammers present a challenge in any online environment, and social media platforms are no exception. We’re committed to safeguarding the integrity of our services, and dedicate substantial resources and technology solutions to protect our community from fake accounts and other inauthentic behaviour.”
Last year, after financial journalist Frances Cook (on Instagram) and Newstalk ZB presenter Kate Hawkesby (Facebook) both had their social media accounts targeted by impersonators pushing crypto scams, with Meta again slow to respond, Meta’s head of public policy, New Zealand and Pacific Islands, Nick McDonnell, said it was against Facebook’s rules to scam people out of money.
“Impersonating others on our platforms is a clear violation of our policies, and we’ve removed this account for breaching our inauthentic behaviour policy. We have a dedicated team that’s tasked with detecting and blocking these kinds of scams,” McDonnell said.
Facebook has an online help and reporting section for hijacked or fake accounts here. Individuals and small businesses can also report a security breach to Crown agency Cert NZ or the Crown-backed Netsafe or ID Care.
Across the Tasman, the Australian Competition and Consumer Commission has taken legal action against Meta, claiming that it has not been assertive enough in enforcing its own policies against scammers, and that Facebook has generated “substantial revenue” from scam ads.
An ACCC spokesperson told the Herald the first Federal Court hearing for the case is scheduled for June.
Meta earlier told the Herald it would not comment on the case while it was before the courts.
NZ’s Commerce Commission says it is keeping a watching brief.
Although there have been cuts to staff at Meta, Twitter and Google, there are still “excellent lines of communications”, NZTech chief executive Graeme Muller told the Herald this week. NZTech is the administrator of the Aotearoa New Zealand Code of Practice for Online Safety and Harms, a self-regulatory code put together by Netsafe.
The state broadcaster spends nearly $30,000 on LA trip while it cuts shows and staff.