Well-known wedding makeup artist and store owner of Just Beautiful in Port Macquarie, NSW, Karine Hughes had her Facebook page hijacked by someone in America three weeks ago.

Her customers - whom she relies heavily on for getting into contact through the page - have since dwindled rapidly and left the distraught owner losing hundreds of dollars each day.

Ms Hughes is sharing her story to warn other businesses about how quickly and easily a cyberattack can happen to vulnerable owners, despite her having two-factor authentication.

“I got this weird notification on my personal Facebook page, which said that a guy from Chicago had accepted my friend request and I thought that was pretty weird because I never sent anything,” Ms Hughes said.

“And I didn’t really think too much of it other than it being weird, until about an hour or so later when I tried to get into my Facebook business page and I couldn’t get in.

“It wasn’t until I was able to get into the back end of the Facebook page for businesses, and found that man had put himself as an admin on my business page despite me having two-factor authentication.”

Ms Hughes, who has been removed as admin of her page and yet to recover the account, contacted Facebook and reported the hack multiple times but with no avail.

“I’m just desperate to get the page back because I’m really losing business. A lot of people approach us for their wedding makeup and I’ve got no way to tell people that my Facebook page has been hacked,” she said.

“Over the last couple of days, I’m just getting text messages from people saying why aren’t you responding to us and I’ve had to explain I’ve been hacked.

“It’s also my reputation as a business that’s going down the drain because people think I’m just being slack and not responding.”

Cybercrime is rising with Australians losing over $300 million to scams.

Australia’s largest small business organisation My Business has seen cyber hacks soar this month and is warning that complacency is the biggest threat when it comes to cyber crime.

“Using the name of your childhood pet, your birthday or the street you grew up on simply isn’t enough to protect yourself from scams or cyber attacks in 2023,” My Business general manager Phil Parisis said.

“If it’s easy for you to remember, chances are it’s also easy for cybercriminals to guess and that’s not only putting you at risk but also exposing the businesses and corporations that you work for.

“Often a password is a first line of defence in a cyberattack so you want to make sure it’s like a locked door.”

The latest data from Microsoft shows hackers are conducting 921 password attacks every second, a 74 per cent increase from 2021.

And of the more than 15 billion passwords analysed from publicly-released data breaches, only around two billion were unique.

“Often people have the same password across their personal and work accounts which increases their chances of being hacked and losing multiple accounts at the same time,” Mr Parisis said.

A spokesperson for Meta confirmed they will now be investigating the matter.

“Scammers present a challenge in any online environment, and social media platforms are no exception,” the spokesperson said.

“We’re committed to safeguarding the integrity of our services, and dedicate substantial resources and technology solutions to protect our community from fake accounts and other inauthentic behaviour. “

TOP FIVE TIPS FOR CREATING STRONG PASSWORDS:

• Multi-factor Authentication: A security measure that requires two or more proofs of identity to grant you access. Multi-factor authentication typically requires a combination of either passwords, PINs, secret questions, an authenticator app, or fingerprint/other biometric.
• Use a mix of characters: Use a combination of upper case and lower case letters, numbers, and special characters (such as %, *, and @) in your password. This makes it much harder for someone to guess your password using brute force methods. The longer your password, the harder it is to crack. Aim for a password that‘s at least 12 characters long.
• Avoid common words and phrases: Avoid using common words or phrases in your password, such as “password,” ”123456,” or ”qwerty.” These are among the most commonly used passwords and are easily guessed by attackers.
• Don't reuse passwords: Never use the same password for multiple accounts. If one password is compromised, all of your accounts are at risk. Staff should have their own accounts and passwords.
• Use a password manager: The best passwords are the ones you don’t have to remember at all. A password manager can generate strong, unique passwords for each of your accounts and store them securely. This eliminates the need to remember multiple passwords and helps you create stronger passwords overall.

More Coverage

‘Gone in 3 secs’: 85K Aussie private school kids, staff warned

Adella Beaini

‘Dark clouds’: Jett Kenny’s crusade for sister Jaimi

Adella Beaini