When the name "Lily Collins" pops up, people think of the lead actress in the Netflix hit series “Emily in Paris.” But in the world of cybersecurity, it’s also the name of a hack that can seize control of your Facebook account within seconds.
Hackers are changing the victims’ profile names and pictures, posing as the popular actress instead.
Watch NBC6 free wherever you are
NBC Responds and Telemundo Responde teams nationwide have received reports about this hack with many viewers sharing the challenges they’re facing trying to recover their accounts.
Among them, Dawne Richards.
Get local news you need to know to start your day with NBC 6's News Headlines newsletter.
"Everything I've Ever Done on Facebook Has Now Been Done by Lily"
For Dawne, Facebook is more than just a social media platform. It’s a vault of treasured memories "It kind of saved me because I felt like I wasn't by myself.”
Responds
Responding to every consumer complaint
“I lost my husband four and a half years ago. I have videos of him there … I had three videos of him dancing with my granddaughter and they are just gone,” Dawne said while fighting back tears.
But the hackers didn’t just seize these cherished moments. They also threatened her livelihood.
Dawne runs multiple businesses on Facebook and manages pages for others.
"Everything I've ever done on Facebook has now been done by Lily," Dawne said, referring to the hack.
Recovering Your Account
Facebook has an Online Help Center with articles, links, and tips. The company has also created a page dedicated to account recovery. But there's no direct number to call for assistance.
Eva Velasquez of the Identity Resource Center offers this perspective: "You need to realize how these are set up, and that there is no customer service for you to call because you are not their customer – you are the product."
Velasquez says the reports they've received concerning social media account takeovers have grown exponentially in the last two years, adding the only way for victims to resolve the situation is through the social media platform itself.
Dawne says she tried nearly everything to recover her account.
"I direct messaged them (Meta) on Twitter, every platform I can think of. I wrote to (Senator) Marco Rubio's office. I filed a complaint with the FTC. I filed a complaint with the FBI, the Internet Crime Complaint Center … NBC6, you were the only people who responded,” she said.
NBC6 Responds contacted Meta, Facebook's parent company, about Dawne’s situation. A spokesperson told us, “I am going to flag this for a team to take a look at.”
He went on to say, “We know that losing access to an account can be a distressing experience and we need to keep improving in this area. These efforts cut across many teams at Meta and we continue making progress. However, anything we do to make access easier, will also make it easier for the bad actors - it's a highly adversarial space so we need to do things mindfully so as to not make the overall problem worse.”
After months of waiting and filing a complaint with the California State Attorney’s Office (where Meta is based), Dawne finally got her account back and the videos and photos stored within.
“It brings people back to life. A photo is great, but it's frozen in time, whereas a video feels so much more immediate and current,” Dawne said while watching the videos of her late husband. “And it’s like people are back with you.”
Protecting Your Account
Dmitry Bestuzhev, a cybersecurity expert, warns it only takes clicking a link or downloading a malicious file to jeopardize your account.
“If I just make it click here just by mistake, my computer would be immediately infected. And my information, personal information saved in the browser would be stolen. Specifically the cookie's password, your username and it doesn't matter the browser,” he said.
For those who use platforms like Facebook for business or personal reasons, experts recommend:
- Backup videos and business data elsewhere.
- Create strong passwords with at least 12 characters, symbols, upper and lowercase letters.
- Avoid using the same password across multiple platforms.
- Set up login alerts and two-factor authentication.