SAVE YOURSELF FROM A MASSIVE HEADACHE BY SECURING YOUR ONLINE ACCOUNTS
On July 11th this year, a hacker accessed our (My Social Practice) Facebook page and began running weight loss ads using our company credit card. Luckily we caught it almost immediately and canceled our credit cards.
But once the hackers got into our account, it took almost a month to regain control.
In this post, I'll explain how we got hacked, why we were hacked, and what we've done so that it doesn't happen again.
*
Watch the "Don't Get Hacked Like We Did" Webinar Recording
How We Got Hacked
It's my fault! It's all my fault!
I haven't updated my passwords for years. A hacker was able to get into my personal Facebook page using one of my two obvious passwords.
They could have accessed most of my online accounts, including my bank accounts, because I haven't used high-security passwords. I'm lucky that it was only Facebook.
Once they got into my Facebook account, they could access My Social Practice's Facebook page because my personal Facebook account is an admin on the page.
What Happened Once the Hacker Got Into Our Page
I received an email from Facebook at 2:58 am letting me know that somebody was changing the email I used on Facebook. I was asleep at this time and didn't see the email.
Here is a screenshot of the email I received. I've blacked out my email but left the email the hacker used.
Three minutes later, at 3:01 am, I received a second email from Facebook confirming that my email had been changed.
Once my email was changed, the hacker removed every one of the admins on our Facebook page. Replacing them were bogus Facebook accounts.
Removing the admins essentially locked everyone at My Social Practice out of accessing our Facebook page.
The hacker immediately went to work running weight loss and bra ads using our company credit card.
Before anyone had woken up and realized that we were hacked, a bill of almost $5,000 had been spent.
Why Was The Hacker Running Weight Loss Ads?
Much of the online advertising industry runs on affiliate networks. An affiliate network allows someone to run an ad on behalf of a company. If a consumer clicks on the ad and purchases from the company, a commission is paid to the advertiser.
Another reason online accounts get hacked is intentional vandalism. Some people hack because they're angry with the company.
Hacking has gone mainstream. You may have heard of Anonymous; it is a covert hacking group. Recently they've been hacking Russia.
This particular hacker ran weight loss ads from our account because they received a commission if someone clicked on the ad and then purchased a product.
What Did We Do To Regain Control?
The first thing we did was cancel our credit cards. Once the cards were not working, we submitted a ticket to Facebook about the hacker.
Here is a screenshot of our ticket using the link above.
It took almost a month to regain control of our account. Even though it was obvious to us that we had been hacked, Facebook had to do a ton of verification to put everything back together. The process required dozens of emails and messages back and forth.
Eventually, we were refunded the hacker's ad spend.
How Not To Get Hacked?
Even though we've been talking about Facebook, any of your online social media accounts can get hacked. Even dental websites can get hacked.
For a medical professional regulated by HIPAA, you should be highly concerned with patient data. You have to make sure your site is secure. Remember that prevention is the best course of action.
Here is a message about how to not get hacked by Adam Mosseri, head of Instagram.
After the hack, I changed all my passwords to high-security ones. I used a software app called LastPass. I found the app to work exceptionally well.
I will say that updating all my passwords was a severe pain that took almost three days of pulling my hair out. Now that they're updated, though, I feel much better.
Are You In Need Of More Help?
Although My Social Practice is not a security company, thousands of clients rely on us for online dental marketing support.
We often run into situations where our clients need guidance and support on security issues. We can help dentists and dental team members navigate issues like the one discussed in this article.
About the Author
Adrian Lefler is a dental marketer and a key member of the dental marketing team at My Social Practice. He has been involved in digital marketing for many years in the dental industry. Adrian has helped thousands of practices grow and thrive through digital marketing. Adrian and his wife Emilie have four children and live in Suncrest, Utah.