Cybercriminals are not only targeting big retailers like Indigo for money. Two sisters who are small business owners are warning others to tighten up their online security measures after a costly cyberattack.
Jessi Fournier and Bekki Martin are the co-owners of J’adore Fine Cheese and Chocolate in Barrie — a business they have been running for nearly a decade. Jessi began receiving warning messages about her personal Facebook account about a month ago.
“I was getting email alerts telling me that my phone number has been changed to my Facebook page, my email has been changed,” she said.
“I went to deny it, and they said to enter the authentication code from an app you selected. I don’t have an authentication app, but the hacker did.”
Through her personal account, the hacker was able to infiltrate the business one. The sisters are both administrators on their business page, but they claim that the hacker was able to kick Jessi out by making changes to her personal page.
She received a notification stating that her account was suspended because she wasn’t old enough to use Facebook. The platform requires users to be at least 13 years old.
The hacker made themselves admins and then went after the company’s website and Instagram, forcing the sisters to shut everything down — all of this occurring during the busy Valentine’s Day season. They estimate the losses to be in the thousands.
“We had to change all of our banking information, we changed our credit cards, we had to do so many things when this happened,” said Jessi.
More robust security settings may have prevented hack, sisters say
While Bekki remains an admin on the page, she believes the hacker has somehow made her unable to take back control of the page despite her efforts. While they have gone to Meta, Facebook’s parent company, for help, the investigation process has been frustrating.
“We’re very thankful they’ve helped us regain our Instagram. Right now, we are fighting to get Facebook back, and we’re going in circles with that,” Jessi explained.
“Since the pandemic, many businesses got rid of their brick-and-mortar businesses and went online. We were not an online company. We are now, and now we’re at their mercy.”
The sisters believe that they might have been spared this nightmare if they had fortified their online accounts using an authenticator app earlier. Cybersecurity expert, Chester Wisniewski, agrees.
“The most common one people refer to is called Google Authenticator, but Microsoft also provides one, and quite a few third parties make them available as well,” Wisniewski explained.
“When you set up your account with, say, Facebook, you scan a QR code, and it loads it into this app. Every thirty seconds, the app generates a secret number you must put in in addition to your password when logging into the site.”
Many routes businesses can go to enhance online protection: expert
According to Wisniewski, this level of security is more difficult for criminals to bypass, but there are further steps businesses can take.
“To me, your willingness to have your account compromised should dictate how far you would go to protect your accounts. Certainly, the least secure is text messages; in the middle, we have these authenticator applications. In the best case scenario, you may use a hardware USB token to secure your accounts.”
He noted that USB tokens would be a more expensive option but more secure. He also recommended changing passwords often and not using the same password across different accounts.
Luckily, the sisters’ e-commerce partner Shopify has assured Bekki and Jessi that none of their customer or banking information has been compromised.
They have since regained control of their business’s online presence but risk losing their Facebook page. While Meta continues investigating, Jessi is concerned that the hacker is poised to act.
“We only have a week left to get him off admin before he takes over as the admin permanently.”
— to toronto.citynews.ca