Note: The reason for this piece’s subtitle will become apparent in about 1500 words
A couple of months ago, I woke up to a text message referencing a cabin being built in the woods. The sender, a music industry friend, assumed I knew what he was referring to. I had no idea.
At first, I thought nothing of it, clearly another accidental text (this same person had sent one the previous week, followed by “Sorry! That was meant for my brother”). A short time later, however, other acquaintances began sending me text after text:
“What’s with all these strange posts?” “You ok, pal?” “Have you been hacked?”
The latter question was on point.
Overnight, my Facebook artist page had been hijacked, inadvertently transformed into a host body, invaded by digital, leech-like parasites.
Fast moving images of construction activity, timelapsed for maximum speed, usually with some innovative approach, were most frequent. Each clickbait video had similarly unimaginative title: “Amazing skills!” “Great work by brilliant minds!” Some took place in nature, such as the aforementioned clip of a man impressively building a forest cabin. There was also wildlife in action: "“Fox hunting for breakfast in the backyard!” One man caught fish with rubber tubes: “Fishing skills!” A particularly athletic fellow hitched a ride behind a highspeed motorboat, let go of the rope, and glided along a lake without the aid of water skies or a bodyboard: “He doesn’t walk on water!”
Adding to my anxiety, the button to access artist page was missing. In other words, I could only view my page as an outside observer, not its owner.
It's bad enough to have unwanted posts springing up on your page like a bad case of cyber-acne. Yet this sense of violation is made worse when you’re prevented from removing any of these posts, can’t post anything new and can’t alert your followers from your own page. Most maddening of all was to see a few of my own fans engaging with and commenting on the videos, like I was the one posting them intentionally and writing the captions. To borrow a popular term from the 90s: “As if!”
So how did this happen? How could someone manage to effectively pull the wool over my eyes and gain access to my page?
This is the moment where it feels like we – you the readers and myself – are sitting in a group therapy and now it is my turn to speak:
“My name is Alex and I fell for a really stupid scam.” 🎸
It all began when I received an offer to take part in an online event, or to use modern business jargon – a “webinar.” It was geared for folks with a large online presence.
Since my Facebook Artist Page has over 150,000 followers as of this writing and I am a “creative,” I was told I fit the bill. I would be on a panel discussing digital strategies with dozens of other higher profile practitioners of various fields – music, travel, cooking, fashion, art, dance, you name it – for an online Q&A.
This sounded good to me. Besides, there was a $1,000+ fee involved (which really should have been my first tipoff). What wasn’t to like?
The initial email appeared to come from a high profile Gen Z podcast. It was beyond my listening purview (I’m a Gen Xer), but – according to a quick Google search –top rated and hosted by two legitimate lifestyle influencers. The problem, of course, wasn’t the team behind the podcast (which I won’t name here because they had nothing to do with any of this) but someone falsely claiming to be its producer.
The proverbial long story short is that I said “Yes.” It was a humbling and humiliating experience and I should have known better. And at this point, I imagine some of you thinking what I would no doubt be thinking right at this moment if I were a reader of this piece, rather than its author:
Are you an idiot? How could you not know this was BS?!
Before going any further, please allow me to offer a few arguments in my defense:
1) The lingo and jargon sounded entirely professional – the best I’ve ever seen in a scam. The logo, photography and other imagery of the podcast being impersonated was perfectly replicated. In addition, there was impeccable spelling, punctuation and wording, along with an email address and domain that looked legit.
2) The proposal sounded right in line with past events I’ve done, both online and in person. In fact, a few years ago at the annual NAMM convention, I’d appeared at a very similarly described event with a similarly diverse array of panelists, discussing digital strategies and social media tips for up & coming artists.
3) My quick response was part of a big batch of emails I was frantically catching up on after recently learning that my ailing father had passed away. I don’t mean to use grief and an excuse for gullibility, but let’s face it – I wasn’t in the clearest frame of mind and this was a contributing factor.
Up until then, I knew a scam when I saw one. Or so I thought. 🎸
We’ve all gotten those fake alerts: “A package for you is being held at the local FedEx facility, Click here for details”; “Your social media accounts is in violation and on the verge of being deleted! Click here for more info”; “We’ve just charged your credit card for the subscription you requested! Click here to cancel.."
All this is complete garbage, of course, designed to lure us into a phishing scam to capture our IP address and if we’re gullible enough, surrendering personal and financial information. The red flags are all too common: Email addresses that are “bot” like (too many numbers or characters), faulty grammar, misspellings and/or wording that misses the mark somehow and would never clear communications department of FedEx, Amazon or whichever major company is being impersonated.
Then, there are those silly questionnaires and personality tests ie “Which ______ character are YOU?” (insert Star Wars, Game of Thrones or other popular entertainment juggernaut). There are also apps which alter your appearance, all of which encourage you to participate and share with online “friends.” Although less harmful than the first examples – whose sole purpose is identity theft, online robbery and or hacking – such activities are nothing but a flagrant attempt to gain information on you by “data harvesters” whose goal is to sell it to the highest bidder for use in targeted ads.
I’ve always avoided such silly, activity-based enticements and have warned friends against them. I laugh off the fraudulent emails, texts and calls on a nearly daily basis. They can’t fool me.
Or can they?
These hackers got past my gatekeeping by creating a scenario that seemed to pass the “smell test” and checked all the previous boxes I’d used to ward off imposters. The enabler of this new level of cyber-grifting, you guessed it: AI.
AI apps such as ChatGPT, Bing, Grammerly and similar programs – which seem to be multiplying like unneutered animals – can be quite beneficial to us well meaning, productivity-focused folks. The flip side is that this rapidly developing technology has equal beneficiaries who are unscrupulous, including these complete wastes of carbon who tricked me into giving access to my Facebook page.
So while it is hoped that this piece entertains and informs, it is also being written to sound a warning: We are entering a new era of sophistication for scams and hacks. 🎸
Here's what happened next: A phone call was arranged with the “producer.” He had a slight accent, which sounded South Asian (I’m not sure which country). He spoke very good English and sounded as professional as expected (Side note: It boggles the mind as to why someone who – being bilingual with this level of computer and communication skills – could be a potential candidate for a high salary tech job, could launch his own business or do any number of constructive things with his life, instead chooses to squander his advantages by becoming a hacker/scammer relegated to the dregs of digital society).
He walked me through a few steps on a platform I’d had very limited experience with: Meta Business Suite.
For anyone unfamiliar, it’s sort of like an umbrella platform that links your Meta profiles – FB pages, Instagram pages etc. It exists outside of your Facebook profile. Although you enter it through FB, the “Suite” functions as an entirely separate ecosystem. It also contains options for sharing and even relinquishing operations of your main page to someone else (why this option exists, in retrospect, makes no sense). So by tweaking a few options in the Business Suite, I was unknowingly surrendering control of my page, under the guise of allowing shared access.
I can hear the sound of palms clasping foreheads.
Why would you even agree to THAT?!
Here is one more argument in my defense (I’ll stop after this, I promise):
A month or so earlier, a music venue had requested access to my page to advertise an upcoming concert that I was performing with one of my projects. They’d walked me through the Business Suite in a similar manner (a pull-down menu here, a click there). I’d followed their instructions and the result was a successful shared ad that went off without a hitch. Afterwards, the concert venue’s access was promptly removed as promised (I’d have been able to so so if not) and any concerns I’d had were alleviated.
I was expecting a similar outcome in this case, only to find out I’d been tricked like Elmer Fudd by a nihilistic Loony Toons villain.
The Suite was my hackers’ means to not only access my page but override my controls and allow repeated invasions of my Facebook page. So if you take one thing away from these words it’s this: Protect your Meta Business Suite at all costs.
Of course, after this most recent experience, I’ll no longer be granting any stranger access to my Meta Business Suite ever again, concert promotion be damned. 🎸
Now let’s talk about the experience of fixing the problem (here is where our subtitle comes into play). Before doing so, allow me to briefly but strategically veer off-topic…
A whole other essay could be written about the myriad of phony Facebook and Instagram accounts constantly pretending to be me and other musician friends in an attempt to scam our fans. I can only imagine how many of these fake accounts plague professional athletes, Hollywood actors and those with upper echelon levels of celebrity.
Not a week goes by where I don’t have to report an account with a name like “AlexSkolnickPrivate” “AlexSkolnickLiveChat” “OfficialAlexSkolnick” or something similar. They regularly answer replies to my posts with words such as: “I’m so grateful you are my fan. Please message me privately here!”
Like those phony notifications above, they are nothing but attempts to gain access to personal/financial information and/or hacking of an account like I experienced. I need an intern just to help manage all these Meta-pests. Thankfully my fans have gotten good at spotting these scams (perhaps I should learn from them).
For the reasons described directly above and throughout this piece, I’ve become extremely annoyed with the youthful tech titan known as “Zuck.”
Fom his conduct as Meta CEO – particularly overseeing his company’s monopolistic practices – to the complicit behavior of his enablers, who seem to treat him as though he can do no wrong, it is time to call it out.
Did Mark Zuckerberg personally hack into my account and cause the onscreen aggravation as described in the beginning of this essay? Of course not. Is he the one behind the constant scam accounts impersonating members of the musical community and others.? I’m pretty sure he has better things to do. But does he bear responsibility for these recurring intrusions and the difficulty solving them? 100%.
No other major corporation could get away with the customer service – or lack thereof – of Meta/Facebook. 🎸
Some may argue that as a “free” service, Facebook and other Meta products shouldn’t be held to the same customer service standards as, say, mobile phone companies, airlines, cable providers, credit card services etc.. I argue that a company that has earned billions (for their CEO alone) off of the public’s engagement is entirely obligated to those basic standards.]
Corporate sectors of transportation, finance, communication and other public services at least provide a number to call if there’s a problem. Granted, we can be put on hold for what seems like a lifetime. And once put through, we’ve all had experiences in which a customer service rep can be less than helpful. Still, at least there is a path of resolution to follow.
Facebook? There no “hotline” number to call or even a tech-support “chat.” Their “HELP” page brings you right back to the same place in which you started after running you around in circles – a Kafkian labyrinth of verbal funhouse mirrors.
Only after an extensive Google search (“My Facebook Page Has Been Hacked!”) was I able to locate a proper link and send a report to reclaim my page. After an hour or so, I received a banal, almost passive-aggressive formal email advising me to change my password (which I’d already done). There was no means to followup on my case, no call or chat option for tech support or any other other helpful details.
However, there was good news: My page had been relinked. Sure enough, there was my icon button, enabling me to switch over to my artist page. Whew!
I could see source information of the silly clickbait posts, along with details – exact times they’d been posted and even names and profiles of those who’d posted them. There were grandmothers, elementary school teachers, truckers, a cross-section of Americans you could picture at a county fair or local polling place on election day. These were my hackers?!
A closer look revealed that these were just ordinary, everyday folks who’d drifted away from FB (totally understandable), hadn’t posted anything in several years and had never gotten around to deletion. In other words: Abandoned Facebook pages floating in the digital abyss, now being used as Zombie accounts by nameless, faceless hackers in order to wreak online havoc.
Before removing the illicit posts, I gathered screenshots, hit the “Report” option connected to each and blocked the corresponding accounts.
My direct access to my FB Artist Page having been restored relatively quickly, I was finally feeling pretty good about things. However, the moment of brightness was to be short lived.
My first post back in control of my page was a brief explanation of what had happened, along with giant middle finger emoji directed at the hackers. Admittedly, this was brash, impulsive and unwise, as someone very near and dear to me, a self-described nerd who’d been helping me resolve the problem (and also a private person who does not wish for attention), let me know in a tough-love scolding. I was sure the worst was behind me. She was right, of course. I had foolishly allowed my anger to get the better of me.
By the time I woke up the next morning, the hackers had shown me who was boss. 🎸
As referenced earlier, weaknesses in the Meta Business Suite had allowed someone – who I’d thought was legitimate but turned out to be an intruder – to override my access, switching me to “Basic Access” and themselves to “Full Control.”
New “Administrators” had appeared. Their email addresses seemed newly created as they were based on my name (ie AlexSkolnickOnline@..). Any changes, including restoring control to my own pages, required permission…from the hackers! Worst of all, it allowed them to take over my page again and again.
Like a scene from the Bill Murray classic Groundhog Day, each morning began with friends flooding my phone with texts, along with fans messaging me online:
You got hacked again!!
I’d file the report with that lone link I’d been able to unearth. Access would be restored for a day or so. They they’d break in all over again via the Meta Business Suite and start posting more silly clickbait. Each time, I’d receive that same form-letter email with no personal interaction, no acknowledgment of prior reports, no case number and a advice to change my password.
I began including specific information in my reports – how the hackers had infiltrated the Business Suite and that it was the cause of my having to write in so many times. I included screen shots. The cold automatic responses from Facebook were always the same, with no acknowledgement of the additional information I’d provided.
Nothing made a difference. I was growing desperate.
By weeks end, not knowing what else to do, I put out an all-points bulletin on my social platforms – Instagram, Twitter/X, Threads, personal FB pages – pleading for anyone who could help. My adviser knew of someone else with a high profile platform (in the pet community) that had been taken in by a similar sounding scam, only to be locked out of her account. This type of public plea was the only way she’d been able to recover her page. I hoped the same would be true for me and feared losing the page and all my content permanently.
Immediately afterward, I reached out to my main band’s record label to alert them. I was concerned the band’s page might not be safe from being hacked, since it was also connected to my Meta Business Suite.
The label rep turned out to be very helpful, connecting me to a point person in charge of operations for the company’s tech and social media platforms. This gentleman stayed in constant touch and promptly saw to the safety of the band’s page helping me recover mine.
Because our record label is a major business, they have a backchannel to Meta. They still have to file reports and solutions takes much longer than they should, but it is much more effective than an individual attempting to resolve an issue from Facebook’s SNL skit of a “Help” section.
Meanwhile, a very helpful acquaintance in the San Francisco Bay Area replied to my public plea for help. She disclosed that she personally knows a Meta employee, who is also a musician and fan of mine.
“Jackpot!” I thought to myself.
This individual was incredibly helpful and reassuring to chat with. Yet, even HE had to file a “report” and go through channels, as he worked in a different Meta department than the one required to address my specific issue. At least he was reaching a higher level of support than I was with that barely useful Help Section link.
Within 24 hours, the invasions had stopped. I’m not sure if it was the quick result of one or both VIP backchannel reports being filed or if the hackers just grew tired with constantly taking over my page only to have access given back by my constant FB Help Page reports.
Within a few days, the unwanted email addresses had been entirely removed from the Business Suite. The platform was still damaged to the point I still had no control. But at least I had individual access to all my pages and no intruders could use it. I haven’t been hacked since (knock on wood). 🎸
Weeks later, I received follow ups from both of my point people, checking to see if the Business Suite was working again and everything was normal.
Thankfully it was and is.
I’m grateful to both of these individuals and all who helped me through this stressful episode. I also know I’m more fortunate than most have been in a position where I was able to find people to help. I feel for those who don’t have these additional resources. A few people shared horror stories of having to part with their pages permanently after hackers took over and I don’t envy them.
Again, it’s not that the customer service of of major airlines, phone and cable providers, banks etc is always great (it’s often not) but here is the takeaway: We can file complaints and the companies have incentive to make improvements. Why? Because we have the option to take our business elsewhere.
Not in the case of Facebook/Meta. We can’t go anywhere else because Zuckerberg has created a monopoly. He has too much control at the company for his board or anyone else to challenge him in his leadership. And there is no competition that can come along and cause him to improve his customer service.
Together, Zuck and his “yes” people have exacerbated and made worse an unavoidable and symbolic problem of our largely online existence in the 2020s: Hacks frauds and scams. Things are about to get much worse with the advent of AI. 🎸
I leave you with a plea for help that sounds very familiar. This was literally posted as this piece was being written.
The moral? If it can happen to “The Demon,” no one is safe.
Be careful out there.
PS Gene: I haven’t heard from you yet, but my offer still stands - I have folks who can help. DM me
Hi! This is a reader supported platform. While I don’t feel I’m able to write enough at the moment to currently justify a paywall, that may change (I’m grateful to those who’ve become paid subscribers, regardless). To receive new posts & support my written work, consider becoming a free or paid subscriber.
I lost my Facebook personal and business pages in 2022 when I was hacked. I spent the better part of a year trying to get it back, gave up and tried to create a new page. To no avail. Whatever the hackers did flagged my name against even making a new page! Finally, someone I know had a direct FB connection and that person was able to help create a new page. But my old page, with 12 years of photos, events, friends etc? Gone forever 😢
Scary times with sophisticated hackers. Wondering if some hackers have access from the inside of host platforms, e.g., employees. My sister’s phone was hacked into, with the hacker tracking her in real time as she walked to the bank to report! Stay vigilant.