There was also the practical problem - which remains - that neither Lawrie nor his IT contractor could get anything beyond a template response from Facebook’s support channels. That meant he could not do his usual promotion. He said he usually spends US$200 to US$300 per month on Facebook ads for his gallery.
The police and Netsafe were responsive, but neither could make any headway with Facebook.
“ASB has been amazing, as have Netsafe and the police, but Facebook has so far been hopeless,” Lawrie told the Herald.
“It’s been more than three weeks and there’s been nothing except an email asking me to send ID two weeks ago.”
Lawrie struck the same wall as tech columnist Peter Griffin - who was logged out of his own account by an impersonator and asked by Facebook to upload an image of his passport to prove his identity. He could not fill out a required Facebook form, however, because he was blocked from his own account (not that he was able to upload it in any case, but Griffin also had qualms about uploading ID documentation - understandable after the recent Latitude breach).
“Facebook has been an impervious wall,” Lawrie said.
His experience mirrors that of Christchurch tech firm Swiftpoint, which suffered through a six-week hijack of its Facebook business manager account, and its credit card being used to book scam ads, before a query from the Herald prompted the social network to swing into action. (This afternoon, Meta updated that Swiftpoint had been restored access to its account.)
Griffin, similarly, had no joy until he approached the company’s media team.
Meta responds
The Herald approached Facebook owner Meta for comment on Lawrie’s case.
A spokesman said Lawrie’s case would be investigated.
On the questions of why it had taken so long to address the gallery’s account hijack, or in what timeframe an individual or small business could expect Meta to address a complaint about an account takeover, the spokesman offered only the general response that:
“We are currently reviewing this issue. Scammers present a challenge in any online environment, and social media platforms are no exception. We’re committed to safeguarding the integrity of our services, and dedicate substantial resources and technology solutions to protect our community from fake accounts and other inauthentic behaviour.”
Last year, after financial journalist Frances Cook (on Instagram) and Newstalk ZB presenter Kate Hawkesby (Facebook) both had their social media accounts targeted by impersonators pushing crypto scams, with Meta again slow to respond, Meta’s head of public policy, New Zealand and Pacific Islands, Nick McDonnell, said it was against Facebook’s rules to scam people out of money.
“Impersonating others on our platforms is a clear violation of our policies, and we’ve removed this account for breaching our inauthentic behaviour policy. We have a dedicated team that’s tasked with detecting and blocking these kinds of scams,” McDonnell said.
Facebook has an online help and reporting section for hijacked or fake accounts here. Individuals and small businesses can also report a security breach to Crown agency Cert NZ or the Crown-backed Netsafe or ID Care.
Across the Tasman, the Australian Competition and Consumer Commission has taken legal action against Meta, claiming that it has not been assertive enough in enforcing its own policies against scammers, and that Facebook has generated “substantial revenue” from scam ads.
An ACCC spokesperson told the Herald the first Federal Court hearing for the case is scheduled for June.
Meta earlier told the Herald it would not comment on the case while it was before the courts.
NZ’s Commerce Commission says it is keeping a watching brief.
Although there have been cuts to staff at Meta, Twitter and Google, there are still “excellent lines of communications”, NZTech chief executive Graeme Muller told the Herald this week. NZTech is the administrator of the Aotearoa New Zealand Code of Practice for Online Safety and Harms, a self-regulatory code put together by Netsafe.
