Use good 2FA, folks. A little over a month ago, my sister-in-law’s Facebook page got hijacked by scammers. I posted
about it last week. She was at girls camp and the cell service was poor. One day she got a weak signal so she tried to open Facebook and it gave her an error that she needed to reset her password. She figured it was because she didn’t have a good signal (?), but when she got home she still couldn’t log in and none of the password recovery options worked. Turns out the scammers had not only changed her password, but they changed all of the password recovery options so she couldn’t reset it. I think that means they compromised her email too (she uses Hotmail- she has also changed that password).
For the next month the scammers made a few posts per day with scam links about how she was making hundreds of thousands of dollars trading crypto. She tried for a month to work with Facebook to get her account back- they never responded. Then I remembered that one of my old colleagues now works at Meta so I texted him. 48 hours later she had the account back in her control.
But now she is hearing about friends and acquaintances that sent money to those people. A family that she knows from when she was in high school and is struggling to make ends meet sent the scammers $2k. A couple of other people sent smaller amounts, and probably others that she doesn’t know about.
Make sure you use strong, unique passwords for every service and good 2FA (not just a SMS text message) to secure your accounts!