Cissie Lowe is a huge Elvis Presley fan who loves everything about The King. She decided to take her fandom to social media, founding an Elvis fan page on seven years ago, but now her beloved page has led to problems.
The Facebook page ended up gaining 32,000 followers, whom Lowe considers personal friends. Moderating the site took up a good part of her free time, until a hacker recently took it over and locked her out.
"A month ago, it got stolen from me," she said. "And nothing's been done about it."
Lowe believes a hacker in Indonesia — based on tracing the new administrator — now controls the group she founded seven years ago.
"He took me out of my group, blocked me and I couldn't even get in it," she said. "He took my admin status away."
She believes the hacker is now making money selling the contact info of all her followers.
She has no idea how the scammer managed to get her password. Facebook has yet to respond for comment.
How this new Facebook scams works
Unfortunately, scams are all too common where someone takes control of a Facebook page or another social media site.
One phishing scheme, however, has impacted 10 million people and counting. Chris Cleveland, founder and CEP of PIXM, said his company recently uncovered a massive phishing campaign on Facebook Messenger. He said an attack typically starts with a message from someone you know. But the message isn't from a friend. It's actually a hacker who has taken over the page.
"I get this message," Cleveland said, "and I enter my credentials there. Now the hacker can send that message to all my friends [posing as me] and propagate the message that way."
In an example provided by PIXM and HelpNet Security, someone clicked a link about something interesting, or perhaps a government stimulus or grant program, that appears to be sent by a friend. Once that person clicks the link, they're redirected to a legitimate ad that makes it look official before being sent back to a fake login page. That's where hackers ask the person to re-enter a Facebook password. As soon that's done, they have control of the account.
How to protect yourself
Cleveland said two-factor authentication is a must, where someone gets a text alert before anything is changed on the account. Also, beware of unusual requests from friends, such as requests to click something to get free government money.
"Even if you trust that person," Cleveland said, "make sure you contact them first before you take that call to action or click on that link."
Finally, he said never use a Facebook password for other accounts. If the password is compromised in any way, the hacker can get into other social media accounts and even bank accounts.
Cissie Young is devastated, unable to access her Elvis fan club and contact her 32,000 friends.
"I got robbed. I feel violated," she said.
She may or may not be a victim of this latest scam but is just praying that Facebook restores her administrator credentials for her Elvis fan club.
Bottom line: If something feels strange, don't click, so you don't waste your money.
Don't Waste Your Money" is a registered trademark of Scripps Media, Inc. ("Scripps").
Follow John on Instagram @johnmataresemoney
Follow John on Twitter (@JohnMatarese)
For more consumer news and money-saving advice, go to