Facebook Account Takeover: Michele’s Story
Scammers hacked Michele’s account and tricked her friends into investing in a crypto scam.
This story is part of Operation Shamrock’s Survivor Stories series.
“I was the tool to access 1,200 people because my smiling face in uniform said ‘Trust me.””
Let’s get one thing out of the way immediately: Michele is an absolute badass.
She spent 17 years working as an avionics technician in the military, which means she fixed anything with an electrical input or output on fighter jets. Based on her extensive expertise, she was one of only a few in her service who became a commissioned officer despite not having a college degree. From there, she started training the next generation of techs.
Michele followed that up with three years of working with ill and injured soldiers preparing to transition back into civilian life before moving into a recruitment role. On top of her incredible military career, Michele has been asked to speak on leadership at women’s conferences and is a mother to two sons.
Before this all happened, “I could walk you through how to fix a fighter jet, but not how to keep my email safe,” Michele told the Operation Shamrock team. “I used the same passwords, didn’t know about two-factor authentication. I’m a small town girl good at military stuff, but I didn’t know how to safeguard myself.”
Because Michele has been in the military her entire adult life and is seen by those who know her as extremely competent, trustworthy, and caring, she has friends. A lot of friends — over 1,200 on Facebook.
First Signs of Trouble: Accounts Hacked
One day last October, Michele was at work when her personal email started blowing up. Password reset emails started rolling in one after the other. Her Ticketmaster account. Her account with the chain drug store. The food delivery service. And, of course, her Facebook account.
Michele quickly realized someone had hacked her Hotmail account to get access to these other accounts. She sprung into action and updated account after account to use a different email address and new passwords. With some accounts, she was successful. But that Facebook account with 1,200 friends? She was locked out and couldn’t regain access.
Facebook Account Takeover
Michele knew someone else had access to her Facebook account, and she knew this wasn’t good, but she had no sense of the full gravity of the situation.
Michele texted her husband and some friends. They all posted on her Facebook page that she’d been hacked. Whoever now controlled her account immediately deleted their posts and blocked her friends so they couldn’t re-post or report the account.
The next day, Michele reported the incident to the police. They told her they couldn’t assist at all and that she needed to pursue the matter directly with Facebook. When she pointed out the only way to contact Facebook was from Facebook, the cops suggested she create a new account to report the stolen one.
Scammers Impersonate Michele
By this point, the scammers were actively making use of Michele’s account. They fed her history of posts and personal messages into an AI system so they could post using Michele’s voice. They started with one that said, “Life is too short, I want to create a memory of how we met. Leave a comment with one word for how we first connected.” Dozens of former softball and volleyball teammates and military colleagues were responding.
The Facebook account takeover scammers posted as Michele every day. They shared a doctored photo of Michele claiming she’d become a certified crypto expert. They said she was trading cryptocurrency as a side hustle and making thousands of dollars doing so.
“I was the tool to access 1,200 people because my smiling face in uniform said ‘Trust me,’” said Michele.
Michele’s Attempts to Protect Her Friends
Meanwhile, Michele kept doing everything she could think of to fight back. She reported the hack to a national anti-fraud center. She set up Equifax and Transunion credit monitoring. She went back to the police. She hired an attorney.
She texted as many friends as she could, asking them to report the account. She emailed Facebook multiple times per day, pleading with them to take the account down. She never received a response. More than two dozen friends who reported the account hack received a template message from Facebook indicating the account had not violated “community standards.”
Then the phone calls started. Former coworkers were reaching out to ask if it was really Michele posting about cryptocurrency on Facebook. Matthew was one of these colleagues. They were friends, and he’d always found Michele to be “trustworthy and caring for others.”
The Scammers Succeed: Matthew Invests
Matthew was leery at first when he saw the Facebook posts from fake Michele. Eventually, though, he got interested and chatted with her hacker over Messenger. The scammer convinced Matthew to invest the $40,000 severance package he’d just received after retiring from the military.
Matthew was one of at least four of Michele’s friends who saw the posts on her hacked account, believed it was her, and lost money investing in a crypto-based pig butchering scheme. She has no idea if there are more friends out there who lost money but kept quiet about it.
“They’ve stolen my credibility. The trust people have in me. What this uniform stands for. Who I am as a human.”
Facebook Finally Responds
After two months of constant effort by Michele and her network, Facebook finally responded and took down the hacked account. The Facebook account takeover was over, but the damage was done.
The incident has shaken Michele to her core. “They’ve stolen my credibility. The trust people have in me. What this uniform stands for. Who I am as a human.”
Michele’s story isn’t just a cautionary tale for why two-factor authorization should be enabled on every possible account. It’s an indictment of Facebook and other technology companies who are slow to act.
A company like Meta — the owner of Facebook — with a market capitalization of over $1 trillion and an army of brilliant engineers, has the resources to end this problem tomorrow. All that’s missing is the will to do it.
Michele’s story also exemplifies the Educate. Mobilize. Disrupt. mission of Operation Shamrock. What happened to her is a reason to educate people about taking safety precautions like two-factor authentication and not reusing passwords across multiple platforms. It’s a chance to mobilize people to demand better from technology companies. Most importantly, it’s an opportunity to disrupt a main vector for these attacks — Facebook — by putting pressure on Meta to take action against these scammers.
Do you have a survivor story? Connect with our team to share your experience.
