We have heard over and over about people getting hacked. From major corporations that get hit with ransomware, to the casual social media user, we hear about and seeing an increase of events around the world.

I have always protected myself the best way that I knew how, and kept the belief that it wouldn’t happen to me, but that all changed.

After my mother passed away in August, I began to do a lot online, creating different memorials for her using Word. I put all of my documents onto a flash drive and headed to FedEx/Kinkos to print copies.

The clerk inserted my drive into the computer at the center and printed everything that I needed, and I was in and out of the door in 10 mins. And that visit I would learn was the beginning of the hack that nearly crippled my business and social media.

I was heading out to Sedona for a week so I wanted to get some of the info from my Flash Drive onto my Mac before I left so that I could do some work while I was away. I inserted the drive, copied the files, and then turned off the Mac and headed to the airport. I ended up not doing any work and headed back home before a trip to Hawaii for my mother’s service.

I never needed to turn the Mac at my house on because everything was already done personal and business wise, and everything I needed was in “the Cloud” if I needed access while away. Again, I never once need to turn my laptop on because I was either too busy or could do what I needed to do on my phone.

After I returned home again, I turned my computer on and a few emails came in letting me know that a request to change my password on Facebook was made a few times. They included a code and a button to take me to my account which I did not click. I never click on anything, ever, so I opened my browser and updated my Facebook password. All good.

I was home for two days and headed back to Sedona for another week for the holiday and shut the Mac down as usual. Nothing out of the ordinary, no security emails came in. All good.

I got home and again turned the Mac back on and I was hit with emails again about Facebook. I secured the account but the emails kept flying in, each time updating a stronger password. I checked the emails I had associated with my account and they were secure. I even kept my original on there from a domain I owned at one time.

After a day passed I woke up to a notice on my phone that my Facebook password had been changed and that I was no longer an Admin on my Real Talk with Jack McAdoo business page. I tried to log in but failed, I tried using my Two Factor Authorization codes and they failed. (2FA) But I honestly think getting denied so many times actually save my account because Facebook shut it down after seeing all of the attempts. I was hacked. Not a simple hack, but what would turn out to be a massive one.

I use Facebook Ads Manager to handle all of my advertising across social media. I link my business pages to it so that I can seamlessly create and post ads. My ads are billed to credit cards that connect to Pay Pal Business… for that…added security. They got in. Remember that old email account from a domain I don’t have anymore? The hackers actually went to a company that now owned it, bought it, and created two emails for it. One of the was identical to the one I once used. That same email was removed from the Facebook account. I saw this because when you try to get back into your account they show all the emails that the request is being sent to.

I am internet savvy to a degree that most are not. I am analytical to a fault but those traits helped me get the account back. I had a thought to see who owned the domain now and the name server showed who it was purchased from. I contacted them, sent a few screenshots, and they saw the fraud happening and shut that account down. (I was allowed to repurchase it a few days later).

The hacker wanted my account so bad that they went out of their way to buy a domain and create a matching email account. As I kept bombarding Facebook with constant emails to abuse@fb.com and sending my ID for identity verification, I started to contact my financial institutions about a breach. Pay Pal was on the phone while a fraudulent charge was going through real time. We blocked it and removed Facebook from the account, and rescued Pay Pal.

One of my business bank accounts was rescued and I now seem protected. After five days I had reclaimed my Facebook account and seeing the damage they had done. When I logged in to my ads manager, I saw that I was being charged $100 a day, 7 days a week, for 365 days for just one ad campaign. I saw that they were billing another bank account and I immediately froze that account for good. I actually caught it right before it was actually posting to the account. It is there that I also learned that they had added two other Facebook names as admins.

They had actually hacked two other accounts that I have never seen before, made them admins to my ads manager and two business pages, and also attached a stolen American Express card to the account. I contacted Amex and told them to protect my card and informed them about the stolen card. They actually did nothing about the stolen card to notify that owner. I was stunned.

A day had now passed and it looked like everything was good to go. I turned on my Mac and did some work, went to bed, and woke up the next day to a notice saying my password had been changed again. This time, instead of panicking I look at my emails that were now secure, my 2FA’s and other forms of security and nothing was alerted that this was real. I logged in to Facebook and changed my password just in case from my phone. I also turned off my Mac, because I sensed the Mac was in play for the hacker. I monitored all of my accounts all day to catch anything the second it happened. All good.

The next day I purchased a Security Key from Yubico.com as an extra layer of security for everything I do online. A hacker can have your username and password, but if 2FA is turned on and the verification of identity is using a security key, they are not getting in. I know nothing is 100% but a key is pretty close.

Also, my Mac is still off. Every time it was on, I received emails about requests and changes. When it was off, nothing, i.e.. Hawaii and Sedona. I also added Kaspersky Security to my Macs and phone for constant real time security for all of my accounts. I also learned that my Mac, yes, Mac, had a major Malware/Keylogger on it called OSX/XCSSET. It is an extreme Malware and wreaked havoc on me. How did I get it? Fedex/Kinkos. It is on their system and got to my Mac by the flash drive.

This Malware replicates browsers and websites therefore tricking the user that they are on a real site, like Facebook, Zoom, or even Skype. It has a line of code that will steal your Crypto, that happened to me as well and the FBI is working on it for me.

The hackers also used IP addresses from Hawaii, thinking that is where I was. They used fake VPN’s to do this. I have learned that the hackers are in Brazil and Singapore and will probably not be found in this case, but eventually they will.

I am almost back to 100%, and I have yet to turn on and deep clean the main Mac. That will be done in a highly secure environment away from the internet. Protect yourself. Yes, we can all get hacked and it is hell to get everything back and re-protected. Stay safe.

Resources to help you:
XCSSET INFO:

Yubico Desktop Key, Iphone Key

Facebook Hacked Help