“You reached your $25.00 billing threshold and were charged $25.00 for your Facebook ads.” This message appeared in my notifications. This looks like be a Russian hack. I have never run FB ads and never gave my CC number to FB. The screenshot is below. The Visa number ends in 4 digits that don’t belong to my card. The text below is clearly in Russian. The first reaction is unsettling since you think you were charged. Until you investigate further. Friends, be extra vigilant about what information you share on social media. It will be stored and propagate over many servers, at least some of which will get hacked.
I reported this to FB. Lets see what happens and how quickly.
So I dug a little deeper. There is more to the story. I clicked on the notifications option in the FB Business page. And it brought up a person whose access is pending to my business pages. I clicked on the name and it brought up a list of my pages and to my surprise there was a user listed with admin privileges. Someone I never gave access to: Tommy Hilf email@example.com. So it is possible that my account got hacked. That’s on FB. I never got an email from them that my account was accessed from a different location or that admin privileges were granted to this person. It is possible they guessed my email and password. But again, if your account is accessed from a location you never accessed before you should get a warning email from FB. I will be changing my password and monitoring this to see if this is a chronic problem.
My first impression is that someone was running ads and attempted, successfully apparently, to make it look like they originated on my account. They used Visa ending with 0489. I can only presume it was a prepaid Visa. There was $5 outstanding which was declined when I tried to run the payment through. Below is the receipt. Russian text is repeated under Campaigns. All of this happened between yesterday and today, May 27-28.
I tried to see the ad that was fraudulently ran via my business account. The screenshots below show how close I got but when I tried to open it for editing I got a message saying I did not have access. Finally, I got a message saying that the Facebook Ads were disabled because the $5 balance owing was declined on the prepaid Visa used by the hackers.
The reason I am documenting all the information is to show how quickly and easily our accounts can be exploited. These things happened within 24 hours and behind the scenes. If I didn’t catch the notification about the ad spending it could have gone for at least another day. The ad campaign was set until August. So they could easily prepay $25 indefinitely. The FB ads apparently are postpaid each time the threshold of $25 is reached. The budget was set to $125 per day. The hackers, to me, were careless and exposed themselves too easily. Probably because they have bigger fish to fry. I don’t know. But you can simply multiply this incident by many millions and see how much damage can be done.
Additionally, it must be noted that if I was running ad campaigns on Facebook then the ambiguous notification that I received at the start could have been very easily overlooked. It did not indicate the campaign that was being charged. It could have potentially go on for a very long time.