It all began with a seemingly innocuous message on the popular Facebook Messenger platform: “What’s your phone number mate?”
Louise Manning, a resident of Queensland, initially believed it was an old acquaintance reconnecting with her, and after a brief exchange, she decided to share her phone number.
“I gave him my phone number,” she recounted, unaware of the impending disaster.
Louise engaged in a conversation she thought was harmless, not realizing she was speaking with a scammer instead of a friend. (ABC News)
Tragically, within moments, Louise found herself completely locked out of her Facebook account — her cherished photos, memories, and connections now held hostage by a faceless intruder.
“They changed the phone number, email address, everything like that… I couldn’t get access to it,” Ms. Manning lamented, expressing her frustration and helplessness.
Soon enough, her friends received similar messages from her hacked account, leading to confusion and concern.
“Several of them flagged it and went ‘that’s weird’, because I don’t normally use [the word mate],” she explained, recognizing the unusual language was a red flag.
“But others didn’t pick it up … I’ve heard of two people so far that have been hacked via my account,” she sadly revealed.
Louise’s once secure account was now under the control of a total stranger. (ABC News: Tobias Loftus)
Fortunately, some of her friends took quick action by reporting her compromised account to Facebook’s parent company, Meta, leading to its subsequent removal from the platform.
“I originally signed up to Facebook in 2006, so that’s nearly 20 years of photos of family and friends and things that have happened,” she reflected, emphasizing the profound loss.
“My sister passed away from uterine cancer about three weeks ago … most [of our photos] were on Facebook, so that’s really sad.” Louise’s situation was deeply emotional, as she had lost not just an account but also invaluable memories.
She remarked, “It’s a simple phrase, you know, ‘what’s your phone number mate?’. And then it just all blows up and it costs you an enormous amount of angst.”
Some of Louise’s friends acted quickly, reporting her account to Facebook’s parent company, Meta, which resulted in its removal. (ABC News: Tobias Loftus)
This unfortunate incident marked another setback for Ms. Manning, who, earlier in 2022, suffered the loss of sensitive personal information including her passport and driver’s license due to the Optus data breach.
The type of scam that ensnared her is far from novel — it has been plaguing unsuspecting victims for years. Yet, despite public awareness campaigns, individuals like Louise continue to fall prey to these deceptive tactics.
How does the scam work?
Scammers frequently impersonate friends and claim they have lost their mobile phone, requesting the victim’s phone number to receive a text message code that is purportedly necessary to regain access to their social media account.
Unbeknownst to the victim, that very code allows the scammer to infiltrate their account, and before long, the genuine user is effectively locked out.
The ‘Hi Mum’ scam is rife in Australia. Here are the signs to watch out for
Professor Neil Curtis, a cybersecurity expert from the University of Southern Queensland, remarked that accessing someone’s social media account using only a phone number — without having the scammer obtain a code — typically necessitates hackers having physical or virtual access to the victim’s SIM card.
“If they’ve hacked your SIM card, then they’ve likely gone to your service provider posing as you and convinced them to duplicate the SIM, which would then let them receive all your calls and messages,” he explained.”
Professor Curtis advised against disclosing personal information like birthdays on social media, as these details can be exploited by scammers to gain unauthorized access.
“The more you put on social, the more you lose, the more that hacker can get,” he cautioned.
Professor Neil Curtis emphasizes the importance of safeguarding personal information against potential cyber threats. (Supplied: University of Southern Queensland)
If personal information isn’t shared carelessly, the most significant risk from a Facebook scam — aside from losing cherished memories if the account is permanently shut down — is the reputational damage it can inflict, he asserted.
“Somebody could see your Facebook account engage in illegal activities, it might be selling Bitcoin, or illicit content,” he warned, pointing out the broader implications of lost accounts.
“All your friends that are in your Facebook account are going to be hit as well.” This highlights the potential ripple effect of such scams on social networks.
Thousands of scams reported this year
This year alone, a concerning total of 21,657 hacks or identity-based scams have been reported to Scam Watch across Australia.
The Australian Signals Directorate (ASD) has categorized cybercrimes as both a persistent and disruptive national threat.
“Cybercriminals are adapting to capitalize on new opportunities, such as artificial intelligence, which has lowered the barrier for sophistication needed to carry out cybercrimes,” a spokesperson noted.
Think you’re smarter than a scammer? Put yourself to the test
The ASD’s recent annual cyber threat report, released this week, identified identity fraud as the most commonly self-reported type of cybercrime for individuals, followed closely by online shopping fraud and online banking fraud.
In line with the ongoing threat, Australia’s more populous states, particularly Queensland and Victoria, report disproportionately higher rates of cybercrime relative to their population sizes.
“The average cost of cybercrime per report has seen year-on-year increases for both small businesses and individuals — rising to $49,600 for small businesses (up 8 percent) and $30,700 for individual victims (up 17 percent),” the spokesperson added.
To enhance online security, Professor Curtis recommends utilizing multi-factor authentication apps such as Microsoft Authenticator, especially when biometric tools like facial recognition or fingerprint scans are enabled to authorize account access.
“If you suspect that you’ve been compromised or notice any suspicious activity, change all your passwords immediately,” he advised.
Professor Curtis urges using additional verification methods when communicating online to enhance security. (AP: Jenny Kane)
He also suggested that families create unique passphrases that only they understand, enabling easy verification in case anyone loses their phone, ensuring they can confirm their identity securely.
Additionally, he emphasized the importance of making phone calls, even over social media apps, to confirm the identity of the individuals being communicated with.
With the Black Friday shopping event approaching, Curtis cautioned that this period often attracts cybercriminals eager to exploit vulnerabilities through phishing attempts and fraudulent schemes.
“In the lead-up to Christmas, there is an increased likelihood of encounters with scammers. Therefore, it is crucial to exercise heightened vigilance and question everything,” he urged.
Meta removes accounts
In response to increasing concerns about user safety, social media behemoth Meta, which oversees Facebook and Instagram, reported having removed an impressive 1.2 billion fake accounts and 322 million instances of spam content from its platforms.
“Meta is committed to maintaining the integrity of our platforms; we are continually investing in tools and technologies to combat scams,” a representative from the company stated.
“The safety of our users is our top priority, and we strive to collaborate with industry leaders, governmental bodies, and law enforcement to shield Australians from scams.” This highlights Meta’s ongoing commitment to creating a safer online environment.
Louise Manning recounts her sense of relief in not losing any money, but her dismay lies in the time and memories lost due to the hack. (ABC News: Tobias Loftus)
In the end, Louise Manning felt fortunate that her finances remained intact despite the ordeal — she only lost her time and irreplaceable memories.
“Everybody needs to know about this,” she assertively stated, underscoring the significance of spreading awareness about such scams.
“It might sound small, you know I lost access to my Facebook account, but it really can have quite large ramifications.” This poignant realization serves as a cautionary message to others about the far-reaching consequences of seemingly minor actions online.
How can users enhance their online security to prevent falling victim to cyber scams?
Al media platforms, including Meta (the parent company of Facebook and Instagram), have begun to implement stricter measures to combat scams and protect users. These efforts include removing accounts that are found to engage in fraudulent activities and enhancing their security protocols to prevent unauthorized access.
Meta has acknowledged the growing threat posed by scams and is continuously working to improve its systems to better identify and mitigate these risks. As part of these initiatives, they are also collaborating with law enforcement and cybersecurity experts to develop more effective strategies against fraudulent practices.
In light of these developments, users are encouraged to take proactive steps to safeguard their online presence. This includes regularly updating passwords, employing two-factor authentication, and being vigilant about any unusual activities on their accounts. Additionally, education on recognizing common scams can empower users to avoid falling victim to such schemes.
the landscape of online security is rapidly evolving, and both social media platforms and individuals must remain agile and informed to effectively combat the rising tide of cyber threats.
