November 24, 2023
Kris: We’ve all heard stories about people’s social media accounts getting hacked, but when it happens to you, you are never quite prepared for it. This is our story about it happening to us, and hopefully we can prevent it from happening to you too. You’re listening to Design and Prosper, episode 102.
[Intro music]
Kris: Hey everybody.
Don: Hello. So this is a bit of a heavy topic today. Yes. But an important one.
Kris: Yes. And we actually were going to record this about a month ago when it happened, but it was too raw and we’re too close to it. And we couldn’t.
Don: It made us too wobbly, and even in fact today, it will be an intentionally shorter podcast because we don’t want to be in this energy, however, it’s important to share it with everybody because wherever possible, we would love to help prevent it from happening to you. And so we are talking about the day that our Meta Ads account was hacked. Yes. And it was, it was a big shock.
Kris: It was a really big shock. So we’d only just set up ads the day before.
We have run ads before and we’ve had great success with our ads and we were going into a new launch for the last round of the academy and we were promoting our masterclass and we wanted to get as many designers across our ads as possible. So we set up an ad campaign, which we spent a lot of time, a lot, a lot of time working out and strategizing and putting it together. We were so proud of it. It was, it was going to be a really good ads campaign.
Don: So we thought, so we thought the plan was there. Yeah.
Kris: And then and we were in the middle of a And it was really, it was a big time. Don was moving house. There was just a lot going on for us both personally. We were like pulling out the energy, Come on, we can do this, we can do this.
Don: Because ads are not fun, generally. And it’s a little bit of hard work and there are a lot of layers. And to make it happen, and to make it happen in the way that we did, like Kris said, we’re really proud of it because… We had so many external influences going on, and we managed to create this really beautiful campaign.
Yeah. And so we were proud of it and we managed to get all the moving parts moving in the right direction. And it’s just devastating when the rug gets pulled from beneath you. Anyway. I’ll hand it back to Kris to, to keep telling the story.
Kris: So it was late on a Friday night, so close to midnight, and I was checking something because don’t usually work really late like that, but I checked on something and I noticed an email come, it came through saying that a person whose name I did not recognize had been added to Design and Prosper – our ad account in Meta, and I was like, Oh, you know, that’s not right. And you know, that punch in the gut kind of feeling like you just feel frozen, like, what is that? Who is that? What is happening? And from then on, the night just unfolded with me trying to get back into my account. So it was my personal account that got hacked. And then they accessed our Design and Prosper Facebook account with the ads account attached to it from there. And then locked me out of my account. So I couldn’t get back in.
And… It was just the way that it has unfolded. It’s happened to so many people that we’ve discovered now. This same thing is happening. So this is why we wanted to talk about it because we know a lot of you designers are boosting Instagram posts, you know, dabbling with the world of Facebook ads and that sort of thing.
And so what these hackers do, this is how they operate, right? They notice a new ad campaign. They must be alerted to it somehow. New ad campaign. And then they attempt to hack the account and if they get in, beauty, they get in then what they do is they take over your ads account, they kind of change everything about your account so it’s not really you anymore, they make it about them.
And they use your ads budget for fake ads that are designed to scam shoppers, basically. So people will buy a beautiful pair of shoes and never receive the shoes. Basically, they’re just using your ads budget in that way. And they do it really quickly. They’re really swift. They come in. And then they try to use up as much ad spend as they can in a short period of time. And so I can feel myself getting all like nervy about it. Just thinking about it. I know, I know it’s been hard. It actually felt so violating. It was so violating. So we were pretty lucky in that we lost 750 AUD. So Australian dollars, we lost 750 and that’s all they got away with until we were able to pull the pin.
Don: Yeah. Luckily, like Kris said, she’s not normally working on a Friday night, and in fact it was, you would’ve probably been looking at something personal and had the alert come through. Yeah. And just thankfully Kris was available and saw it and went into action straight away. But that’s not the case because they’re also super clever.
They’re doing this while two people who are on the other side of the world when we’re technically sleeping. So they’ve got a window, they’ve got like a good five, six hour window where they can be sort of going to town on your account when you are in bed asleep. So this is the sort of like sinister approach that they have.
Kris: Yeah, so what they did was to get me out of my account, they posted something offensive to my account, which nobody saw, but it automatically flags Facebook so that my account gets shut down, or at least temporarily shut down, so I couldn’t get in. That’s what they do. That’s one of the steps that they do. And then they take over your ad spend, they take over your account.
Don: Once they’ve locked you out.
Kris: Yeah. And then it’s really, really challenging to get back in because you’re in this infinite loop of you’re changing your password and then they’re changing the password. Then you’re changing the password.
Don: and they’re so clever.
Kris: They’re so clever. And one thing that I’m really sad to admit and a bit of shame to admit, actually, because I sort of prided myself on like security and that sort of thing with so many different aspects, but with Facebook, I didn’t have two factor authentication on, I did not have it on for my personal Facebook account. I thought I did.
Don: yep,
Kris: Which I had for Instagram, it just didn’t click with me because I’m not in Facebook very often. I just hadn’t. And you know, you don’t log into Facebook very often.
Don: And you don’t think this is going to happen, let’s face it.
Kris: me. I’ve heard of it happening to other people, but I just, you know, you don’t think it’s going to happen to you.
Don: We’re a relatively small business, and you would think, why would people target a relatively small business?
Kris: Well, this is who they’re targeting.
Don: That’s it.
Kris: Yes.
Don: We now know that they, like this is what I’m saying, we were thinking, we’re a small business, you know, we’re hardly in there, there’s all these reasons why we don’t think we need all this extra protection.
But we’re here to share with you today in the hope that we prevent it happening to you. That they are actually targeting small business and they are, that you really need to up the ante on your protection. And there’s now three steps that you can do. So you can do two factor authentication and then there’s a third step through a Google Google Authenticator or another, there’s another one that you can do.
So there’s three steps now and we really encourage and implore everybody to really protect, protect, protect. And use 1Password and, and those types of apps. Yeah.
Kris: Yeah, well, we have since absolutely tightened up every bit of security in our business. So, we dabbled with this sort of thing before, but now we’ve made it super tight. Everything is locked down. So to make sure it doesn’t happen to you, here’s what we need you to do. You need to have your two factor authentication on as many, many different aspects as possible because a lot of the hackers also are using just random algorithms…
Don: number generators.
Kris: yeah, number generators. that sort of thing to hack and so it’ll just, the algorithms will just run and run and run until it goes ding, ding, ding, ding, ding, and it gets one. And so that, that could happen, even if you have these things in place.
Don: That’s right, Kris, you’ve got another story where a family member’s credit card was hacked using that exact method that just that the running the numbers.
Kris: Yeah, so, my auntie actually just had this happen and she’s elderly. So it was a little bit tricky for her to realize this was happening. And what the hackers are doing is they run the numbers. So they will run just a random bunch of credit card numbers versus a random bunch of expiry dates.
And the algorithm would just keep on going till it gets a match. It’ll keep on trying test purchases until it gets a match with those numbers. So if they, if they succeed with one, Then they’ll make another purchase, and then they might make a big purchase. So, there’s things that you can do to keep yourself safe.
Like have 1Password. You can use 1Password app as a authenticator as well. You can have everything securely stored in there, and you can share it with your family or business partners or whatever. Donna and I share, share an account, like, together, so that everything is locked down and really secure.
You can also limit the amount of transactions that can come out of your account, and this can be a bit inconvenient sometimes, but you can contact your bank. I’m sure this would be the case across the planet. Contact your bank and limit the amount of the transaction that can go through.
Don: So lower it. Yeah,
Kris: So if there is a test transaction that goes through and they go, okay, we got the $100 one through and we’re now going to try a $500 one and then we’re going to try a $4,000 one, which is what happened with my aunt.
They can’t do the $4,000 one. And thankfully in Australia, our banks are pretty good like that. Like my auntie got her money back, you know, because the bank flagged it. So, it’s just really important to protect yourself like that. Another thing that you can do is lock down the ability for people to apply for credit in your name, and in Australia we have something called Credit Savvy, which you can try.
I’m sure this would be available different things around the world, but that’s the Australian specific one where you can. If somebody does get access to your details somehow, you can limit it. They talk about the dark web leaks and different things like that, you know, it can happen.
If somebody tries to apply for credit in your name. they are blocked. They won’t be able to. And it’s something that you can put in place for a set period of time. If you’re not thinking about applying for credit in, in the near future, it’s a good thing to do. Just lock it down.
Don: lock it down. Lock, lock, lock. That’s the key. I think, I think that’s it. Don’t be afraid to be in protection mode because it’s easier to protect than to try and hunt and gather things back and we still don’t have our Facebook account back.
Kris: No. And, we haven’t tried very hard, admittedly.
Don: I think shock, that’s the other thing, I think what I’d like to say, this happened to another family member of mine and they’re in business and their account was held ransom and anyway, it takes an enormous amount of energy. Observing what they went through, multiple, multiple efforts, multiple phone calls, multiple emails, tenacity, tenacity and a full time gig to get your personal details back.
Kris: well, their whole business model was based around Instagram, right?
Don: the whole business model.
Kris: Which is not what ours is at all. So, yes, it probably did impact our launch.
Last launch, we, we had less people because less people knew about us because we usually do broaden our net prior to a launch. So it did have that impact, but once again, it’s just, you never know when something’s going to get shut down. You never know when, when an aspect of, You’re, you’re marketing or whatever is just going to be shut down like that, especially when it’s out of your control and it’s on socials like that.
And that’s what happened to Donna’s relative where it was shocking.
Don: Shocking. And it’s a lesson in making sure that all of your eggs aren’t in one basket. And it’s difficult when that’s a whole business model. Your whole business model is there. But it’s really important, we believe, to make sure that you are looking across the, across the spectrum at ways that where your audience is and how you’re dealing with your audience, how you’re communicating with your audience.
So if one of those channels gets shut down, you have other avenues to communicate. Even if it’s to say, Hey, this thing has happened. We’re working behind the scenes to get it back up and running again. But we know you’re all here in this area. So we’re going to let you know. That we, we are actually doing what we can to, to get us, our business back online.
So just make sure you, you’ve got some other avenues, just to make sure there’s another way to communicate to your audience.
Kris: Yeah, and, so, because this happened right at the beginning of our launch, we just pivoted straight away and went, okay, new plan.
We’re not going to focus on that. And that’s probably why we haven’t chased up with Facebook because going around and around in circles with that for probably a good 48 hours was enough to do my head in personally. I couldn’t get in touch with them. I had one chat the night it happened, I managed to get into a chat, but I wasn’t savvy enough to realize that I could have locked the hacker out with my authenticator or if I had set up the two factor right then and there when I got back in. I got back in once and then my brain was just not firing on all cylinders because it was almost midnight and also because I was in stress mode and you know what happens to your brain when you’re in stress mode, you don’t think properly.
The other thing that I wasn’t quick enough about, but I got onto it the next morning was to shut down the funds, shut down the ability for the hackers to access the funds on our account.
Don: Yeah.
Kris: If anything like this happens to you, that’s what you would need to do really quickly. Make sure that whatever payment method you use for Meta, that you have the ability to shut it down.
Because we were using PayPal, but PayPal Says we were in a, in an agreement with Facebook, so we can’t get a refund from PayPal, even though PayPal, you know, touts itself as, you know, you can get refunds and all that sort of thing. It’s like the too hard basket, even in Australia, we have like, This cyber security department that’s connected to the government that’s connected to the police, even they’re like, yeah, we can’t do anything because it’s Facebook, you know, pretty much, you know, so these people are just getting away with it time and time again.
And when I’ve spoken to people about it, it’s like, Oh yeah, that happened tomy friend. Oh yeah, that happened to this person. And it’s usually people who have just started an ad campaign.
It’s the people who, maybe like yourself, you’re thinking, I’m going to boost a post. Facebook keeps asking me to boost a post, or Instagram keeps asking me to boost a post. Why not? I might try to boost the post. And then bam. You know, that could be when they strike, so just make sure it doesn’t happen toyou. It doesn’t have to happen to you.
Don: Safeguard, safeguard, safeguard. So I think we’ve covered off all the safeguards that, We, we now use, and like Kris said, immediately shut down any access to funds, any way that they can access funds. Make sure you get your two factor authentication on all of your accounts. Now, there’s an additional third avenue. You can have Google Authenticator on top of the two factor authenticator. So there are Multiple ways. Use a a password protection site, such as 1Password or there’s LastPass. There’s a couple of other ones that you could do your due diligence and have a look into. definitely do something proactive because you don’t want to be talking about it like we are now. Protect yourself.
Kris: Yeah. And I’m always a firm believer of everything happens for a reason. What are the lessons to be learned from this? And we were talking about, well, we better create a new Design and Prosper on Facebook.
Maybe we will do that eventually. I need to get my personal Facebook account back up and running, which I’m not really in a hurry to do because I wasn’t really in there very much. I’m not a big Facebook user, so it’s like, okay, whatever. But sometimes these things are a nudge in a different direction. So that’s what we’ve been considering as well. Like, do we actually want to do Facebook ads anymore? Do we want to do something else? Maybe it’s like trying something we’ve never tried before.
Don: Yeah, absolutely. other advertising platforms.
Kris: You know, like what else is out there in this world? And it kind of makes me feel having had this Facebook as difficult as it is to contact. It sort of turns me off it. Cause I’m thinking, even if we did do a big ad campaign again, there could be some other aspect that just gets pulled. Like, Donna and I are part of a very big community, which is a paid community on Facebook. Their Facebook group got shut down recently. And it’s like 8 or 9,000 people in this group. It’s a very active group. It’s a wonderful group. But it got shut down. It got flagged and shut down. And it’s like, nobody can get in touch with Facebook.
Don: Nobody can solve the problem. That’s it. Because I think the thing is.. we feel for Facebook in a way, in that they,
Kris: Do you?
Don: ha ha, too soon? Too soon, peeps. It’s too soon. But just coming from the perspective of, when we started talking about this we could not believe the sheer amount of people that it’s happening to. So in our minds, the empaths that we are, we’re like, oh my goodness, so that the team at Facebook of having to deal with literally, hundreds of thousands of these cases, it’s an epidemic.
And so we’re like, no wonder it’s difficult to to get help with this, you know. So we believe something has to happen at a higher level within Facebook to actually prevent this from happening for a lot of people. That’s, that’s out of our control. So we can only control what we can control and we can only take care of ourselves in the ways that we’ve just described in this podcast.
But at the end of the day, that pivot that Kris was talking about it could be exciting for us. It’s made us look at things with fresh eyes and okay. What are our options? What do we need to look at now? And what I’m really proud to say that when it did happen you know, yes, Kris did spend 48 hours relentlessly trying to regain everything.
And because it was Kris’s personal account, that it was important that that effort was put in, but then when it was like, you know what? Arms in the air, this is not working, we cannot get any further with this, we pivoted in that moment. We were like, okay, we cannot let this define this launch that we’re period that we’re in.
We cannot let this derail us completely. So. We had to think really, really quickly on our feet. Go, go, go. What do we do now? And I think that when things like this happen to you, that’s, that brings a creative juices. It brings out other options. You start thinking a little bit broader, a little bit deeper.
And, you know, you can make things happen in a different way all together that are positive for your business.
Kris: Once the adrenals settle down.
Don: Once the adrenals settle down!
Don: it’s just, it’s so, it’s so off putting. It really gets you to the core. It really does. It’s so unsettling. You know, it’s so violating. It’s a violation. And it’s a really tricky one to navigate back through that. And then every time you talk about it, it hits a nerve, you know.
Kris: It was like cat and mouse for a good 48 hours where every time I got in, they get me out. And then every time I got back in, they get me out. It was like I kept getting these notifications. Your password has been changed again. Your password has
Don: Yeah.
Kris: Like, that wasn’t me. That wasn’t me. And it was just awful. It was an awful, awful feeling. So, another lesson in this and not to do with our Facebook problem, but the one that we’re talking about before with my aunt, and I’m sure you’ve all heard this story with other people as well, with their credit cards being hacked and that sort of thing.
Our relationship with money needs to shift, I think, as well. You know, a lot of money experts (I’ll put experts in inverted commas), people who talk about money and money manifestation, they talk about how you need a really close relationship with your money, you need to be really on good terms with it, and if anything, this is a very good excuse to be logging into your bank accounts very regularly And looking at it and having like, hello, how are you going today? Yeah, you’re all good? Great. See you later? I’ll log out. You know, like it’s it’s really important especially if you’re not sure if your bank is right on top of security. They might be. They might, something might slip through the cracks. It is a good idea just to check in regularly and that is like it’s a well known manifestation practice as well to get so comfortable inside your bank account.
I know that probably make a lot of you feel really uncomfortable because we think I don’t want to look in there, you know, it’s terrifying in there.
Don: I was like that for a very long time. I’ve shifted my whole relationship with money, is different now and I don’t have any qualms about opening up my bank account anymore, but I did because I know I was overspending and I didn’t want to see the reality, right?
Because that’s the reality. Whatever you’re staring back at you, that’s the reality. But having that regular check in with your bank account and that really close relationship means that you will flag things straight away. You will see it the minute you log in. What’s that? What’s that?
Kris: Yeah Yeah, and it’s empowerment it’s not about going in there from a perspective of fear like who’s out to get me today Who’s out to get me? It’s not like that.
Don: That is such an important point, Kris.
Kris: It’s about going in and embracing it and saying this is my space and this is my money home and this is where everything’s happening. Everything’s looking good and you know, you might be wanting to track your income as well, like all the stuff that’s coming in. Like tracking everything that comes in, not just actual money, dollar amounts, but you gifts and value based things as well. Like when somebody buys you dinner or when somebody tracking all that can be really good. So get in your bank account every day, like hop in, have a look and see what’s going on and make it a really safe, lovely place. And just put some limits on things just so that, you know, people are going to be dirt bags.
Don: Yeah, yeah, yeah. That’s it. They will be and you can only do what you can do. You can only control what you can control. So, don’t even try. To, to do things outside of that. Just do what you can do. That’s all you need to be doing right now.
Kris: So we hope that we can prevent this happening to you.
Don: Mm hmm.
Kris: We don’t want this to happen to you. So if you put a few things in place, it, it really shouldn’t.
Don: It’ll minimize that, yeah, and that risk will be a lot, lot lower if you’ve got those strategies in place. So all the best with that.
Kris: A little bit of a funny episode today in terms of like a little bit of a downer in some ways.
Don: Yeah.
Kris: But then it’s positive at the same time because there’s things that we can do.
Don: Yeah, absolutely. And, like we said at the beginning, even when things have a negative impact on our business, it’s important to talk about it.
It’s important to then go straight into having some strategies to address it and control what we can control. And that’s our aim for this episode is that we’ve given you some, some strategies to implement immediately and safeguard you as much as we possibly can. So, yeah, again, Kris and I always hope our hindsight is your foresight. This happened to us. It doesn’t have to happen to you. There are things you can do.
Kris: Okay, everybody. We’ll talk soon.
Don: Bye.
Kris: Bye.
© Copyright 2024 Design & Prosper Pty Ltd