Geoff Edwards considered himself a sophisticated internet user, but now he considers himself a cautionary tale.
Hackers, he’s recently discovered, are capable of fooling anyone. He learned that lesson the hard way when he lost his Facebook account, and now he’s warning others.
It can happen to you too.
“None of us realize what shaky ground we stand on with this platform,” Edwards said. “Somebody can send you an email and you can make one wrong move and your whole Facebook world comes crashing down.”
For Edwards, who’s been on Facebook since 2009, the nightmare started May 28, 2022.
He woke up to a notification email, telling him someone had accessed his Facebook account at 3:46 a.m. that morning, using a different device than his tablet. The email asked him to verify that it was him.
It looked totally legit, so Edwards clicked through all the procedures to prove his identity and secure his account.
“They send a code to your phone, you enter that code at the website and you’re back on Facebook again,” he said. “I carried on with my day and when I came back in later that day I had Facebook advising me that my videos were ready to view.
“And I thought to myself, ‘What videos?’”
This email had links to 17 of them, all uploaded within two minutes of each other.
Edwards didn’t dare click on any of the links, but next thing he knew he was looking at another email, with Facebook saying his account was suspended, he’d breached community standards and he had 30 days to dispute it.
The problem at that point was, there was no way to dispute it. He couldn’t find any humans to talk to, only unhelpful links.
“Each link I tried sent me to that Facebook screen saying my account was suspended and I had 30 days to respond,” Edwards said. “I did find one link to people who are concerned about data breaches through Facebook. I wrote an email and actually got a human being who told me it wasn’t their department and they couldn’t help me.
“Somewhere in there was a phone number in California to try, but no one answers. It’s just a voice recording.”
As if that’s not bad enough, Edwards also got hit in the pocketbook.
He had a long-dormant PayPal account, still attached to Facebook and linked to his bank account. Whoever hacked his account bought Facebook advertising and he was tagged for $328.
“They didn’t get my credit card information, because that expired, otherwise they could have drained that account too,” Edwards said. “As it is, I’ve had to go through a bunch of business with my bank and register with Western Union and Equifax and that sort of thing, in case they try to do anything else.”
Edwards is far from the only person to be fooled by phishing emails, although he still struggles to understand what exactly triggered the hack.
“I’ve looked at the emails over and over and I still can’t tell which one might be a phishing email,” he said.
But a Google search using terms like Facebook hack or suspended will produce similar tales.
When he went to the RCMP to open a file after discovering the bank fraud, he said to an officer, “I can’t believe they got me.”
“And his response was, ‘Don’t kick yourself too hard about it. They’re professionals and they have a knack for making things look almost identical to a message from Facebook.”
In most cases, there’s no happy ending to this scenario. Once a Facebook account is compromised, there’s no getting it back.
For Edwards, an actor and audio/video content producer (streamworks.ca and geoffedwards.media), the lost account means lost contacts. There are 600 or so people he’s connected with over the years. Those contacts are gone. He’s thankful to still have his Twitter handle (@geoffedwards) with 1,100-plus followers, but Facebook appears to be a total writeoff.
“At this point I’d have to create a whole new identify on Facebook, and I don’t know if I want to,” he said. “But if I were back on Facebook today I’d tell people on there to nail down their account, be very cautious about what they click on and don’t depend on Facebook alone for your social media presence.
“Being on Facebook is a necessary evil these days because that’s where you connect with your customers and your community, and that’s where employers go to find out about you, but you need to be hyper-alert with any e-mails claiming to be from Facebook, or any social media platform for that matter.”