Hackers Use Facebook to Target Non-Profit Organizations

If you have dedicated your time and personal resources to run a non-profit organization, the last thing you want is for someone with malicious intentions to taint your reputation and ruin your hard work. If you have created a Facebook page to represent your organization and help build a community, someone with those kinds of malicious intentions could be a Facebook hacker. Hackers have taken over hundreds and thousands of accounts that belong to regular users who might have from several hundred to thousands of "friends."

The intentions of these attackers can be unique in every case, and we review some of the common ones in this report. Of course, hackers who take over pages that might have much larger followings are likely to have different intentions. In many cases, it is hard to spot fake accounts on Facebook that belong to hackers, and recognizing when a hacker takes over a legit account or page on Facebook can be even harder. Whether you are a follower or a creator of a page representing a non-profit organization on Facebook, we suggest you continue reading to learn what to do if hackers attack.

How to spot fake accounts on Facebook that belong to hackers?

It is not news that Facebook – just like most other social networking platforms – has a problem with fake accounts. During the first quarter of 2018, Facebook removed 583 million accounts. The latest statistics show that there are 2.27 billion active users (monthly), and so the amount of removed accounts is pretty shocking. Some of these fake accounts can be quite sophisticated, but others can be unveiled fast just by looking at the content that is shared via them. Here a few things that might help you figure out which fake accounts on Facebook belong to hackers.

  • The content that is shared is very spammy and shows suspicious advertisements;
  • The name in the URL does not match the name of the person/group;
  • The account has many followers/friends but no reactions or comments to the posted content;
  • The pictures on the account are clearly unauthentic;
  • The About section is not informative.

Fake Facebook accounts are primarily used to approach real users. Some people accept Friend invites from just anyone, and if Facebook hackers befriend clueless users, they can post on their walls, as well as introduce them to content via their own feed. They can tag people on posts and photos that promote products. They can also access information that is not available publicly (e.g., telephone number, email address, hometown, etc.). While fake accounts can be used to promote unreliable services and products, Facebook hackers can also use them to spread malicious links that are used to spread malware and expose users to scams! Malicious links could also be sent via the Facebook Messenger.

Facebook hackers can take over legitimate accounts and pages

While Facebook hackers can create fictitious accounts and pages to serve their attacks, they also can take over authentic accounts and pages that belong to real Facebook users. We have already discussed what users should do if they discover that someone hacked their account and is impersonating them. But how are you supposed to know if someone did hack the account? If Facebook hackers take over the account by brute-forcing a weak password, they can change it and lock you out of your account. Even if you are able to regain access to your account, hackers can repeat the attack. If you do not act quickly, Facebook hackers might have enough time to post malicious links or promotional content, send misleading messages to your friends, steal photos, and do many other terrible things. Of course, if that is how hackers take over, you are bound to notice the attack. On the other hand, if they just send messages with corrupted attachments or steal information without making any obvious changes, you might remain oblivious about the attack.

Regular users' accounts are not the only target. As reported by Wired, Facebook hackers have shifted their interest to non-profit organizations and their Facebook pages as well. The administrator of one of these pages reported that an unknown attacker was able to post on behalf of the organization (an animal shelter) using admin privileges. One of these posts linked to a fake GoFundMe page, and by the time the real administrators realized this, people had already donated $1,500. They thought they were donating to the organization, but, in reality, they were stuffing the pockets of a Facebook hacker. Luckily, the money was returned to the donors. Unfortunately, the hackers created numerous accounts to support the attack, and the nightmare did not end until the creator of the page transferred $1,500 to the attackers' PayPal account. This was the outcome because Facebook's Support was not able to help.

Facebook offers its own donation tool too, and the company has also hosted the "Giving Tuesday," an event that rallied Facebook users to support different causes on November 29th. $125 million was raised, and we can only hope that all of this money ended up in the accounts of those who really needed it.

How to protect your non-profit Facebook page

The owners of Facebook Business pages already know what they need to do to secure their accounts, and many of the same tips apply to the owners of Facebook pages that represent, for example, non-profit organizations. It is essential to secure these pages because, evidently, Facebook hackers can do some real damage. Even if you are able to take the account back and prevent Facebook hackers from scamming the page's followers, the reputation of your organization can be ruined, and it might affect the fundraisers and donation events you might plan in the future.

First and foremost, make sure you add two-factor authentication to ensure that no one can take over the account using a brute-force attack. It is also essential that the login password you set up is strong and cannot be guessed. We suggest employing the Cyclonis Password Manager to help you with the management of all passwords. This tool will help you generate a strong password and check its complexity. It will also encrypt the password and keep it safe in a vault protected by a master password that only you will know. Without a doubt, the stronger your password is, the safer your account and page will be. If you secure the page and monitor it carefully, we hope that you will never have to face Facebook hackers.

January 11, 2019

Leave a Reply