Facebook 'did nothing about Taylor Swift ticket hack scam'
- Published
Facebook users whose accounts were hacked and hijacked to sell fake Taylor Swift tickets have criticised the platform for not doing more to stop the scammers.
Some said friends had lost hundreds of pounds after responding to scam posts offering tickets to Swift's UK tour dates, and that Facebook did not respond to multiple attempts to report the hacks.
Kerry Plant, from Worcester, said: "Had they reacted to this a little bit sooner, then we could have prevented quite a bit of this."
Facebook said it takes "the safety and security of our community seriously" and is "continually investing in protections against fraud".
There has been huge demand for tickets to see the pop superstar's Eras tour, which reaches Europe when she plays in Paris on Thursday, before UK dates in June and August.
Last month, Lloyds Bank estimated that British fans had lost £1m in ticket scams, 90% of which were said to have started on Facebook.
Ms Plant said two Facebook friends had lost more than £300 each after being duped by posts advertising tickets on her feed after her account was hacked.
'You're powerless'
She said she tried Facebook's suggested steps to report a hack, as well as emailing the company about 15 times, reporting a data breach and trying to contact them on other social media platforms. Friends also reported her account and the fake posts, she said.
"It’s upset me quite a bit that I've not been able to stop this happening, and that Facebook hadn't responded to me, despite quite a lot of effort," she said.
"We even found [Facebook chief executive] Mark Zuckerberg’s email and emailed him, but a couple of days later I got an email back saying, 'You don't have permission to email this person'.
"So lots of hours have been spent trying to rectify it. But I feel like they're obviously such a big company that they just don't care about this sort of stuff."
Other people almost fell for the scam, but contacted Ms Plant directly to check before handing over any money.
She said she resorted to contacting all of her other friends separately to warn them.
"I think the worst thing is you can't do anything about it. They’re such a big organisation that you’re pretty powerless really," Ms Plant added.
The company removed her account last week after being contacted by the BBC.
Watch on iPlayer
- Attribution
Zhenya Winter, from London, also had her account hacked, and discovered a friend of her sister had fallen foul of a scam post on her account selling non-existent tickets.
"I found out by my sister calling me up saying, 'This lady is absolutely distraught,'" she said.
"Even though it's not my fault, you feel guilty."
Ms Winter, who works in the payments industry, said the post was so sophisticated that she suspects the hackers used artificial intelligence to replicate her writing style.
"Even some of my fellow experts in payments were potentially duped by it. But I managed to get to them just before they did the transaction."
She tried to report the hack and contact Facebook multiple times, and asked friends to do the same, but was "furious" at the lack of response.
And when friends tried to comment on the posts to warn others, they were blocked by the hackers, meaning their replies did not appear.
"It's hugely frustrating," she said. "So even when I knew this was happening, I was absolutely defenceless to do anything apart from to communicate via WhatsApp or whatever to my mates.
"Apart from that, I'm absolutely powerless. I don’t particularly want to use Facebook ever again.
"I think they have a responsibility to take action quickly. It's obviously a scam. They've had multiple complaints about it."
- Published17 April
- Published23 April
- Published6 April
- Published6 April
Facebook has since removed Ms Winter's account, but the time it took "frankly isn't good enough", she said.
"They took ages to do it... After I reported it, there were still scams going on for at least two or three weeks afterwards."
The hackers asked for payments to be sent to accounts with "challenger banks" like Revolut and Monzo, which are more susceptible to fraud, Ms Winter said.
If someone is tempted by an ad on Facebook, she suggested it is always worth double checking with the account holder by contacting them separately first.
"I would always be in doubt," she said. "Assume that it's nefarious until you can confirm it."
Karen Elrick, from Glasgow, told the BBC last month that three or four Facebook friends had lost about £750 each.
Her account was hacked in December and Facebook has still not responded, despite multiple requests, she said. She doesn't have control of her account, which is still active.
"For whatever reason, Facebook don't seem to be that interested and don’t seem to be taking it down," she said.
"It's very frustrating and there’s nothing I can do about it."
Consumer organisation Which? said: "If Facebook does not respond to reports of accounts being hijacked by scammers, this is completely unacceptable.
"This is exactly the type of failing that Ofcom should be prepared to take strong action against using the Online Safety Act, including potentially issuing fines.
"The regulator must also hold platforms to a high standard to prevent these scams from happening in the first place."
Facebook said it is investigating the accounts that have been brought to its attention.
"We are continually investing in protections against fraud on our platforms and work closely with law enforcement to tackle this issue," a statement said.
"We take the safety and security of our community seriously. We encourage everyone to create a strong password, enable two factor authentication and to be suspicious of emails or messages asking for personal details.
"We also have a feature called Security Checkup to help people keep their Instagram and Facebook accounts secure."
Get in touch
Have you been affected by the issues raised in this story?