Facebook prides itself on improving the world by connecting people, but when a Kansas woman's account was hacked, her legal help couldn't get past the company's faceless automated help system.
“If you’ve been scammed and you can’t get an empathetic, urgent and transparent response from the organization by which you do business, then you’re being hurt twice,” said cybersecurity expert Adam Levin, an author and former director of the New Jersey Division of Consumer Affairs.
In a phishing scam, someone claiming to be a government official told the mentally ill Kansas woman that she’d earned a $100,000 government grant for single mothers. Her only source of income is a $700 monthly disability check.
The scammer tricked the woman into giving up her Facebook password to claim it, and then changed her password, locking her out of her account, and used her identity to solicit money from her friends and family.
James Jones, a former information technology professional and a paralegal for Kansas Legal Services, called on the woman's behalf but was never able to reach an actual person to explain the situation.
“As far as I’m concerned, they’re complicit in this," Jones said. He will be presenting his client's story to law enforcement and consumer advocates at a Federal Trade Commission event Wednesday aimed at combating scams in the Kansas City area.
The client's daughter reported her mother's account, and Facebook sent an automated response that it had reviewed the profile and found no violations of the community standards.
“Everything is automated at Facebook. It’s unbelievable,” said Linda Sherry, Consumer Action’s director of national priorities. "If for some reason they can’t figure out why it violated their community standards, they’re not going to be any help at all," she said.
“In terms of providing individual assistance to people, it’s really not what they do,” Levin said. “Facebook made the pitch to Congress that they’re a community, but what they are is a practically $1 trillion advertising platform.”
Facebook has a team and automated systems in place to look for and stop scams, spokesperson Pete Voss said in an email. Hijacking an account does violate the community standards, he said, so the client’s daughter could have appealed the decision. Facebook is also working to expand its appeals process, he said.
Facebook has resources for users who are concerned they’ve been hacked, including a help page that offers a guided path to getting their accounts back through their emails or cellphone, Voss said. The site also offers additional security features you can opt into through your profile's settings.
The company has come under fire of late for shoddy data security, allowing third parties to harvest user information and failing to monitor fake news and hate speech on its platform. CEO Mark Zuckerberg appeared before the U.S. Senate in April to answer questions from lawmakers, and he was criticized throughout for the company's inability to communicate clearly with users.
"Here's what everybody's been trying to tell you today — and I say this gently — your user agreement sucks," Senator John Kennedy of Louisiana said at one point.
It's not just U.S. senators who have struggled with the site.
James suspects his client was targeted because she belonged to a mental illness support group on Facebook. The members of the group were solicited for money once the woman's account was taken over, he said.
“If I look at who is getting scammed, it’s the elderly, the poor and the mentally ill,” Jones said.
This is a common tactic from scammers, Levin confirmed.
A wily scammer can bamboozle even those who are experienced with technology, he said. They often sift through public social media feeds for information about you to make their tall tales more believable.
“They zone in on people, and the pitch they make to people is specifically designed to take advantage of whatever their weak spot is,” he said.
Compounding the problem, those who are less technologically literate — and thus less able to easily ask for help from Facebook — are also those most likely to fall victim to online scams, Levin said.
But failure to provide adequately personalized customer service is not just Facebook's problem, Levin said.
“How many times have you called your bank, and all you want to do is talk to a human, and you have to fight your way through?” he said.
Automation may be annoying, but don't expect it to go away anytime soon: Facebook and other companies have powerful incentives to automate as much as they can because it’s both cheaper and more efficient, said Susan Grant of the Consumer Federation of America. The trend toward automation is likely to only speed up as technology continues to improve.
The best way to avoid being scammed is to be as “cyber-hygienic” as possible, Levin said, like using two-factor authentication, having specified recovery contacts, changing your password regularly or taking other steps.
But the easiest way to be safe? Don't ever, ever give your password to a third party.
“If you’ve given up your password, you’ve basically given up the keys to the castle,” Sherry said.
Steps you can take then, according to Sherry and Levin, include deleting your account or trying to change your password if you still can. If you've been locked out, and you didn't list recovery contacts, you may be in trouble.
When companies get a message saying someone needs to access an account without knowing the password, they may assume it's a scam, Levin said. “With some companies you’re still guilty until proven innocent."
Enlisting the help of professional identity theft protections agencies can be very helpful, Levin said. It’s one thing if Facebook gets a call from someone representing themselves to be a paralegal, he said, but it’s another if it's from an identity theft professional whom Facebook has worked with before.
Even if it’s a small chance that perpetrators will be caught and punished, you should always report a scam to authorities, Kansas Attorney General Derek Schmidt said. The FBI, Secret Service or state attorney general's office are your best bets.
“It can be confusing and that’s when, I think, a lot of people throw their hands up and just say, ‘I don’t want to go on,’ ” Schmidt said.
Federal authorities aggregate data from victim reports and then use it to look for patterns to catch scammers. Also, if you lost money and there’s a cash settlement later on, Schmidt said, you could be able to get your money back when there's a record of your complaint.
It's rare, but it happens.