A lesson in failed Facebook security and 5 tips for prevention.

We provide social media management services for various clients. Some of these clients are very high-profile clients with what you would call “Celebrity” status. This is a story about one of these clients, who I will not name since we usually operate as ghost managers. Let's just call this client “Mr. X.”

One day, Mr. X, who has a personal account on Facebook as well as a Facebook Celebrity Page, had his Facebook account hacked. Our first warning came in the form of an email from Facebook, letting Mr. X know that his email address was being changed from an “aol” account to a “yahoo” account. This was strange since Mr. X knew that he did not have a yahoo account.

That was when Mr. X forwarded the email to our team. We immediately went to the Facebook account and attempted to log in as Mr. X, only to get a failure saying that we did not have the correct password. We immediately followed Facebook protocols to report the page as a hijacked page.

As it turned out, the hacker had not just created a Yahoo account for Mr. X, but also a new Facebook account using the old aol email account. So when we put in the aol account, we discovered that there was a second account and all of our attempts to retrieve the password would only succeed in getting us into a fake account. This was set up as a decoy so that we would not attempt a recovery on the true account.

Seeing through the decoy, we used the Yahoo email address that was not connected to the true account and followed Facebook procedure to report the account as hacked. This allowed us to regain control of the true account. However, the damage had been done. The page in which Mr. X was an administrator, was now no longer in his control. The hacker had gone to the page administration settings and removed all of the administrators from the page and assigned his/her personal account administration access instead. We had officially lost control of the page.

We have been on Facebook, managing accounts and various issues here since 2006 and have never seen this happen. Mr. X had a very large audience and the hacker was now “posting” malicious links all over the page to no end. We anxiously searched through all of the help links and articles on Facebook and found several instances where this had happened with no happy resolution. We had no choice but to report the page as having illegal content on it, so that the page would be suspended immediately. Since that time we asked a panel of experts at the Ragan Social Media and PR Conference in Las Vegas to see what they had to say. No one had an answer.

If you have a Facebook page and have granted access to various administrators to help you run this page, then you need to pay attention. We have determined that there could have been measures in place to help us avoid this situation. These measures include:

1. Creating a centralized email account where all social media notifications go and that the social media team has access to 24/7. This gives the team the time they need to respond immediately to any notifications that come from Facebook. In this case, the hacker attacked in the middle of the night, when we were all asleep. The damage had been done and no one could see what had happened until hours later.
   
   
2. Create a strict schedule where all social media accounts and email accounts have a password change once a month.
   
   
3. Make sure all passwords are different for all social accounts. Do not repeat passwords for any of your accounts.
   
   
4. Make sure all passwords are a minimum of 8 characters, contain a mix of alpha and numeric and include at least 1 symbol. Have you social media team create the passwords for you. Keep the passwords in a secure location and do not email them to your personal accounts.
   
   
5. For Facebook administration, create a new Facebook account that is specifically used to administrate the Facebook page. This account has a special password that is changed monthly and it is completely blocked from public view, reducing the risk of being hacked. Make sure that the Facebook page is ONLY managed by this one account.

How Simple is Social Media?

"How Simple is Social Media?" 

We recently received this question in our inbox from Christina on February 17, 2012. It was really great timing too because Angie Lile had just returned from the Ragan Social Media Summit in Las Vegas. This was a large culmination of social media folks from all over the globe who come together to learn from each other and from the top experts in the field. We heard presentations from Southwest Airlines, The Discovery Channel and Zappos, just to name a few.

The top experts consisted of BrianSolis and Chris Brogan who closed the event out with a plethora of F-Bombs and social hilarity mixed with sound advice for how we should approach Social Media.

One of the common themes that Angie noticed with all of these social strategies was that social should be simple and that you should be using social to connect with individuals rather than counting them as a “Like” or a “follower”. Social followers are not statistics, they are people and if you expect for this to work for you, your actions should definitely follow this belief system.

There were several questions that you can ask yourself to find out whether you are in alignment with your beliefs or not and we've compiled them for you here:

1.  What are your company/brand's values? What do you believe in?

Your company is not just about making a profit, it actually has a value system, a belief system. Typically it mirror's your own belief system. The more you are in alignment with this the more your business will grow to incorporate those beliefs. Think of your social sites as your company's personality. As such, it would operate under the same beliefs. It would react with real-world environments in the same way.

2.  What goals have you established for your social media efforts?

If your only goal is about driving traffic to your website then you are setting yourself up for failure. The number one reason for social followers to move away from your social sites is because they feel like they are being spammed each time they see you. Not only that, but you run the risk of being excluded from your followers newsfeed because you lack engagement with your content. Create a goal list that includes other things such as creating a community space, providing customer service, or building relationships with your fans. For example Zappos rarely markets their shoes to their followers and instead they use social to interact with their followers on a more personal level. Sending pizza's to a random follower is considered the norm for Zappos. They don't ever think about selling when they interact with people so they have a very loyal fan base.

3.  What kind of business or company do you see yourself having in 10 years?

Do you want to be the company that gives rewards back to their employees? Will you have employees? Brand advocates come in all shapes and sizes, but research shows that the most valuable advocates can be your employees. Southwest airlines encourages their employees to share work-related stories which generates a huge amount of buzz for the brand on all of the social channels. Not everyone has Southwest's 45k employees but even 1 can be a great asset to your message.

4.  How do you see followers benefiting from your content?

If a follower is benefiting from your social feed, they will want to share that with others. With each post that you create, really ask yourself if this is something that you would share with others? If you have any doubts about putting it out there, then don't do it. If you don't want to read it, others will not want to either. It's that simple! If your company is mirroring your values, then it will be easy to find those pieces of content that inspire you and you will know instantly that this is what you want to share.

5. What are your followers saying about you or your company?

Don't be afraid to dig deep and see if your followers like what you are putting out there. You will want to change your strategy as you go along and see what works best. This is no place for a set-it-and-forget-it mentality. This includes opening a dialog when someone says they don't like what they see. If you start receiving negative feedback, make sure you stick it out and figure out how to find a solution. Even if you need to stand your ground. This shows that the social presence that they are interacting with is not just some inanimate thing not worthy of interacting with. You might even be surprised to find a few fans in your corner when things go that way. The obvious goal here is to be transparent and people will respect you more.