Your work is vital. We are raising funds to support it.
In August 2018, the founder and director of a nonprofit animal shelter on the East Coast noticed something strange: a series of unfamiliar posts began appearing on the nonprofit's Facebook page page, and no one at the shelter could say where they were coming from. For several days, Alana and her staff simply deleted them from their account, which was followed by more than 1.3 million followers. It didn’t initially occur to the director, "Alana" that her account may have been breached. Then, in the early morning hours of August 19, a link to a fraudulent GoFundMe fund-raiser appeared on the shelter’s page, claiming the nonprofit was raising money for pets displaced by wildfires thousands of miles away in California. By the time Alana spotted the fund-raiser, it had already raised around $1,500. She quickly crafted a Facebook post alerting donors that it was fake, but the post was immediately removed. Another staff member soon discovered that a stranger had been added as an administrator to the shelter’s Facebook page nearly two months earlier. In a Facebook Messenger chat, the stranger warned the animal shelter to stop telling people the fund-raiser was bogus. “If I see one more post we will delete the page forever,” he wrote. The incident marked only the beginning of what would become a months-long struggle between Alana and a hacker determined to steal her nonprofit’s donations—by weaponizing Facebook.
Alana says she and her staff exhausted all of Facebook’s security recommendations to try to keep their hacker at bay, but he kept reappearing as an administrator on their page, under different, seemingly fake accounts. They turned on two-factor authentication, ran antivirus programs, and switched to a more secure password. Alana says she tried changing her password 30 times in a single day. Eventually, she even bought a new laptop. Weeks went by before her desperate pleas to Facebook reached anyone who could help. Finally, on September 29, Alana heard back from someone via Twitter: Guy Rosen, Facebook’s vice president of product management. Several days later, the hacker evaporated from the animal shelter’s page for good. He had gained repeated access to Alana’s account using a combination of social engineering and malicious phishing links—traps that can be avoided if you’re trained in how to spot them, but not by changing passwords. But Alana’s problems weren't over. Numerous fake Facebook accounts soon began appearing that impersonated people who worked for the shelter, or their friends and family. The harassment was exhausting, and it didn't stop until Alana transferred $1,500 to the hacker via an anonymous PayPal account—the same amount the fake GoFundMe had raised before it was shut down and the money returned to donors. Since then, Alana says, she and the shelter's Facebook page have been left alone.
This is a must read article from Wired. This nonprofit is NOT the only organization that has had this happen to them via Facebook. And Facebook offers no easy way to reach someone to address it.
-=-=-=-=-=- Jayne Cravens Author, The LAST Virtual Volunteering Guidebook
Close this window