Hacker turns New Jersey woman's Facebook account against her, tries to scam her friends
For months, Sherri Evans says she's been fighting to regain access to her Facebook account and the many priceless memories locked away with it.
The South Jersey woman, like many users, has been uploading family photos to her page for years. That all stopped in February when she was locked out of the account by a hacker.
It's not unusual for In Your Corner to hear about hijacked Facebook accounts or how difficult it can be for users to reclaim them. But Evans says this hacker took it to a whole new level and started using her profile to try to scam her friends.
"What really gets me the most is the feeling of being violated," Evans said. "Some crazy person is violating all of my personal material and videos and pictures and messages."
Evans showed us screenshots of a post the hacker made on her page after locking her out, claiming she was having an estate sale for her uncle, who was being moved into a care facility. To reserve an item, it said, a deposit was needed.
The post read: "We're conducting a sale of personal items due to my uncle's move to a care facility, which requires significant downsizing. To manage this transition smoothly, items are being sold on a first-come, first-serve basis. The prices are friendly and affordable."
The texts and calls started soon after from relatives and friends, Evans said. Some immediately recognized she'd been hacked, but others expressed genuine interest in the items listed for sale -- everything from vehicles to appliances and exercise equipment.
"All of a sudden, I was getting phone calls asking … 'can they buy the Jeep,'" she said. "One of the cheer moms wanted to know if she could have the Peloton, and how much was I charging for it."
Evans' case isn't a one-off. We typed, "We are conducting a sale" into Facebook's search bar and found dozens of nearly identical posts all pushing this same scheme.
Similar scams include bereavement posts requesting donations for the family.
Drexel University cybersecurity expert Rob D'Ovidio says it's what's known as a classic spear phishing scheme.
"It's very targeted," he said. "It's taking advantage of that trust that's within your network that you, as someone who's connected to me on Facebook, you're going to trust that I'm not going to put you in harm's way, and that's what these criminals are taking advantage of."
D'Ovidio says the number one thing you can do to protect your account from being hijacked to begin with is to set up two-factor authentication. That will add another verification step to the login process.
Evans admits that's something she didn't have set up at the time, but plans to add it if she can ever get her account back. Despite several attempts, Evans said she's been unable to get through to a real, live person with Meta or Facebook for help.
She's at least grateful that, as far as she knows, none of her friends have fallen for the fake sales.
Meta did not respond to requests from CBS News Philadelphia to look into Evans' case.
At least 40 state attorneys general have demanded Meta take "immediate action" on what they said is a "dramatic" spike in hacked accounts and a lack of response to help users.
The company did not address its lack of response but did respond to the letter, telling the tech publication WIRED that it invests heavily in its trained enforcement and review teams and has specialized detection tools to identify compromised accounts.
Hacked users are advised to go to Facebook.com/hacked and report it to the Federal Trade Commission.
Do you have a money question, a consumer issue, or a scam story you want to share? Email InYourCorner@cbs.com.