Due to my work with The Melbourne Magic Festival, I do a lot of advertising with Facebook Ads (Meta Ads). We don’t have a very big budget to play with, only around $4,000 spread over four or five months, but it gets the job done.
Last month, I was surprised to see that my Amex was billed $1250 by Facebook Australia. I immediately contacted Amex who blocked Facebook Australia from taking any more money out of my account and I looked into what was going on.
Somebody had hacked into one of my old, unused campaigns and set up a $7,400 daily advertising budget to promote a scam website selling ladies sandals.
I saw that the hacker, within just a few hours, had racked up a bill of $2,871.76 for 76,929 impressions.
Facebook had tried to charge my Amex for the addition $1,621.76 but the charge hadn’t gone through.
I did my best to try to contact Facebook (Meta) but other than a HELP button in the Ads Manager, there is literally no other way to communicate with them. (I also then discovered that they had overbilled my Magic Festival campaign bu almost $500… but that’s another story).
A few days later I discovered Facebook HAD successfully withdrawn the other money from my account by billing me from ‘Facebook Dublin’, and Amex had only blocked ‘Facebook Australia’.
Eventually, Facebook emailed me telling me they had not detected any suspicious activity on my account and would not be refunding me any charges.
It wasn’t until I replied with a screenshot of the timestamped creation of the fraudulent campaign that they replied saying they would refund my money in full.
What was so interesting about this screenshot?
Instead of my name listed as the person who created and modified the changes in the account, it was META.
And just today, after they have declared the issue resolved, I see that META has set the campaign from ACTIVE to INACTIVE.
So this leads me to wonder… WHO managed to hack into my account, protected by two factor authentication, and make changes? WHO runs the fraud website ShopClank? And HOW did they manage to call themselves META when they hacked into my account?
Sadly, as far as I am aware, there is no watchdog organisation you can go to if you have an issue with Meta, except Meta themselves.
I’m still chasing up the overcharging issue, (I just received their email telling me they detected “no suspicious activity” in that case either), but it is interesting to see the back end of all these scam advertisers Facebook allows to fill our Newsfeeds with…
UPDATE: April 23, 2024
I was working on a campaign for the Melbourne Magic Festival and I just went back and checked this hacked account’s history and you’ll never guess what… the log that shows who created the ads and when, has magically changed, with references to META being replaced with NEXIST, the company I hired to run our Magic Festival ads in 2022.
I wonder who has the power to change the activity log…..?
