Your support needs to scale: Don’t be like Meta, dev team

Your support needs to scale: Don’t be like Meta, dev team


A rash of small businesses on Facebook found their accounts locked after being hacked. And it is impossible to contact Meta to solve the problem.

A trickle of reports has turned into a flood. Meanwhile, businesses, charities and non-profits are losing revenue while Facebook fails to deliver. Online self-service flows are broken, Meta support follows useless scripts and promised callbacks never materialize.

The moral of the story? Don’t overlook the tool to support users – even if the service is “free”. In this week Secure software Blogwatch, we are the product.

Your humble blogwatcher curated these blog bits for your entertainment. Not to mention: Vandalizing old email.

Facebook farce

What is craic? Tatum Hunter reports – “The long, lonely wait to restore a hacked Facebook”:

“Not much seems to have changed”
Lucretia Groce … was kicked out of her account. Someone had posted offensive content from her page. … Her account had been hacked. Groce said she cried for hours.

How, without access to her personal account, could she restore the business site she had worked so hard to grow? [She] estimates she has lost $18,000 in income after waiting months for her account to be unlocked. … Her old videos were still making money … but none of the money showed up in her bank account.

Her frustrating experience is not unique. [I’ve] received hundreds of emails from people banned from their Facebook accounts… Many lose their accounts to hackers, who take over Facebook pages to resell them or for search engine rankings. … Despite reporting revenues of more than $27 billion in the third quarter … Meta is a multinational tech giant with no real customer support.

The company says 40,000 [people] is devoted to safety and security. … Last year [it said] it was working on new processes to solve these problems. A year later, not much seems to have changed.

It sounds like a big ball of bullshit. Here is treborhclew’s experience:

“This is a disaster”
My startup’s Facebook account was … “permanently suspended” shortly after creating a Facebook Business Ad account. I don’t have a personal Facebook, so I was required to create one; I did it using my company email and then created a business ad account.

I was able to unsuspend my personal account by uploading a copy of my ID. However, the suspension on the company’s Facebook account is still active. Automated emails from Facebook say to expect a response within 48 hours, but I’ve been waiting to hear back for a week.

And, if that wasn’t enough of a headache, I have a signed deal with the local news to advertise my company/product by the end of November. This is a disaster.

How does this work? Ashley Belanger explains – “Meta continues to boot small business owners for being hacked”:

“This in financial losses”
[This] has happened to seemingly dozens of individuals and small business owners: … A hacker gains access to a Meta account, then adds their account to the business owner’s ad account before removing the original account owner. At that point, the hacker has completely taken over the ad account. The hacker then moves quickly to knock the original user off Meta before they notice.

To do this, the hacker posts inappropriate content such as pornography, which quickly prompts Meta content moderators to disable the original account. When an account is disabled… many business owners [said] attempts to appeal Meta’s decisions are repeatedly rejected.

This scam is likely difficult for Meta because hackers gain access to accounts using emails the company believes have been compromised, making account recovery still risky. … And while ad payments will typically be disabled once the account is disabled, the hackers deleting the original accounts as an admin means that the ad accounts remain active and exploitable. [This] has resulted in financial losses for many small business owners, and Meta knows it.

Something else? w/Rymbra has been on the receiving end, so to speak:

[They] look up your friends/2. degree colleagues for money. They will review your speech/manner since they have access to your DM history and will message them with an emergency so that judgment is rushed.

One of my friends is an indie musician in another state that I collaborate with sometimes. The hacker got control of his Instagram and they hit me on IG messenger when he asked to borrow $50 for medicine for his aunt and he would pay me back the next day. … Someone else who is just cool with him online might have fallen for it.

Because you are the product? Riders of Fate brings tough love:

“Facebook will throw any user under the bus”
As much as I understand how terrible this is for someone trying to make a living online, relying on social media…to continue/sustain business is pretty much a suicidal move.

I understand that Facebook could be less absolutist in how they handle cases of infringement…but she was not their customer. She was theirs merchandise. They literally have no incentive at all to keep her as a user.

She assumes that she has some significance to Facebook, when in fact she has almost none. … I feel for her, but Facebook will throw any user under the bus and not feel an iota of remorse.

So how does Meta’s support flow work? Not good, says u/No-Fox3243:

“Like a bad joke”
First, Meta will remove your existing compromised emails and send you a password reset link to the new, never used on FB before, email you provide them. If you’re like me…you’ll go straight to settings and add your phone number and a backup email, knowing how insecure it is to have just one email in there. This will get you locked right out again.

The only way to get back is to pass the equivalent of the squid games. From a list of about 10 comments that are completely out of context, you have to choose which 4 were made by you. If you fail that (and I claim it’s wrong as I chose 4 I know I made) then … 3 friends must verify your identity through a link FB will send them.

I only choose my family that is here in the room. No, no you won’t: You will choose 3 from a list of 10 generated by Facebook. Then you have to call or text them, convince them it’s you, and get them to click on the suspicious FB link. … Of these 10, 7 are acquaintances from sports, one is your grandmother with Alzheimer’s, and you don’t even know who 2 are, let alone have contact information for.

And now you’re pissed. … It’s like a bad joke.

Catch 22? Close closes the book: [You’re fired—Ed.]

Facebook makes it so you need an account to report and block fraudulent activity? Isn’t this actively enabling a crime if you don’t at least give the victim the fastest possible way to report it?

Meanwhile, how about contacting a friend of a friend who works for facebook? Spatzmania illustrated the volley in that flight:

Once hired, every Facebook employee is warned that access to another’s Facebook account … is recorded and closely monitored, and that accessing an account without the owner’s explicit permission is a first-time firing. The warning (and the fact that you will be fired for it) is also repeated at the time of access.

And finally:

Don’t try this at home, kids

Previously in And finally

You have read Secure Software Blogwatch by Richie Jennings. Richi curates the best blog posts, the coolest forums, and the weirdest websites… so you don’t have to. Hate mail can be addressed @RiCHi or [email protected]. Ask your doctor before reading. Your mileage may vary. Past results are no guarantee of future results. Do not stare into the laser with the remaining eye. E&OE. 30.

Image sauce: (via Unsplash; leveled and trimmed)

*** This is a Security Bloggers Network syndicated blog from ReversingLabs Blog written by Richi Jennings. Read the original post at:

You may also like...

Leave a Reply

Your email address will not be published. Required fields are marked *