6 Figure Creative Icon

Hackers Spent $3k Of My Money Promoting Elderly Women’s Bras, And Here’s What I Learned | Cyber Security Basics

Episode art
Ever had a heart-stopping, sweat-inducing moment? Yep, I’m talking about those times when the ground beneath you feels like it’s dropped a few hundred feet and your stomach decides to make a leap for your throat.
Now, in this beautiful age of technology, these moments don't just come from forgetting to set your morning alarm. For me, it came on September 29th.
Picture this: I’m a guy who doesn’t give two poops about personal social media scrolling. BUT, when it comes to Facebook and Instagram ads, I do invest a lot of money.
And on September 29th, someone played dirty and swiped access to my ads account. 19 days, folks. Nineteen. That's how long I was locked out, twiddling my thumbs while some hacker ran ads for elderly women’s bras on MY dime.
As hilarious as that sounds, they threw a huge wrench into my marketing machine that cranks out thousands of leads monthly.
Now, I’m no mathematician, but those 19 days of darkness cost me. We're not just talking about the pocket change of $3,000 they blew on those bra ads.
We're talking about tens of thousands of dollars with of lost opportunity because my ads were MIA. With paid ads, you can earn big if you spend big. Now, cut the ‘spend' part out for nearly three weeks. Ouch!
But let’s back up… Why am I even bringing up this drama?
Because we’re in an era where one simple digital slip can cascade into a financial avalanche. And here's the kicker: I thought I had my bases covered.
I had digital walls, moats, and guard dogs, all in the form of complex passwords and two-factor authentication. And yet, someone found that one unguarded window and climbed right in.
This isn’t a story for sympathy, but a plea for every freelancer out there. Those shiny digital tools and platforms that feel like extensions of our brains and hands? They're double-edged swords. One day, they're helping you dominate your niche, and the next, they're the nail in your financial coffin.
It doesn’t matter if you’re into paid ads, content creation, or just plain ol' social media engagement. Let this be a wake-up call. Our digital tools have multiple doors, and we need to make damn sure each one's bolted tight.
This week I'm sharing some insights on cyber security risks, including the one that got me, even though I thought I was secure.
The main takeaway is to be careful online. Small mistakes can lead to big problems.
In this episode you’ll discover:
  • How Brian's Meta account was hacked, and why that cost lots of money
  • Four ways your accounts are vulnerable to attack
  • The importance of two factor authentication
  • How phishing attacks work
  • Why keyloggers are dangerous to your accounts
  • The importance of using a VPN whenever you are not using a secure network
  • How to protect your accounts from attack
  • The two most important ways to protect your account
  • Additional steps to secure your accounts
  • Performing regular security checkups

Join The Discussion In Our Community

Click here to join the discussion in our Facebook community

Click the play button below in order to listen to this episode:

Episode Links

Facebook Community


Social Media


Send Us Your Feedback!







[00:00:00] Brian: Hello and welcome to the six figure creative podcast.

[00:00:02] Brian: I am your host Brian hood If it's your first time listening to the show or watching us on YouTube, first of all, welcome So glad to have you this podcast is for you If you are a freelancer You offer creative services and you want to earn more money from your creative skills without selling your soul.

[00:00:16] Brian: This podcast is for you. And actually this episode is a weird place to start compared to what we normally talk about, because today we're going to talk about how to not lose money instead of how to make money. And I'm going to explain all this in a second for my returning listeners. So glad to have you back.

[00:00:31] Brian: Thanks for giving the show a chance again and again every week for whatever reason I'm glad to have you back. Today is Halloween. Happy Halloween for all my Halloween lovers that are out there This is always a fun holiday to like decorate for and prepare for and enjoy with everybody as if the day this episode airs tomorrow, I'll be heading out to Peru my wife we're doing another what we call like a workation where we're just Indefinitely traveling with no real return date where we're going to be working and adventuring and seeing some cool stuff like Machu Picchu, Lake Titicaca.

[00:00:57] Brian: We're going to try to do like an Amazon river cruise for a few days[00:01:00] for my birthday in mid November and really looking forward to that. As of the day this episode airs, that'll be tomorrow that I head off for that. trying to get a little head on the podcast right now so that. I don't have to be on the treadmill for podcasts while we're traveling, but inevitably I always will record a few while we're traveling.

[00:01:14] Brian: Just so keep up to date with what's going on with the adventures. And as I'm traveling, I'm still working and learning and I always have topics I want to talk about on that. So that'll be upcoming. Probably late November, you'll start to see episodes for me actually in Peru or Brazil or wherever we're at in South America.

[00:01:28] Brian: But I just want to give that quick update. So the topic of today's show. It's something that is unfortunately near and dear to my heart because of what's, recently happened. So if you're new to this podcast or you haven't heard anything recently, on September 29th, my Facebook account was compromised.

[00:01:43] Brian: Now, I don't personally care about Facebook. I don't use Facebook like most people. However, I am a huge user of Facebook and meta ads because I put a lot of money into paid advertising for my businesses, especially on Instagram. If you don't already know this meta owns Instagram and Facebook. So if you want to advertise [00:02:00] on Instagram, you have to use meta or a. k. a. Facebook ads in order to promote on Instagram, which is the main area that I use. And so what sucks about that September 29th hacking, if you want to call it that, is that they gained access to our ads account and did a bunch of nefarious stuff. Long story short is I didn't have access to my ads account for 19 days.

[00:02:19] Brian: So that was 19 days that we didn't get to generate new leads one of our biggest avenues of, new leads that are constantly bringing us in thousands of leads a month. I didn't get to do that and they spent over 3, 000. Promoting an elderly women's bra on my ads account.

[00:02:34] Brian: So I haven't calculated what this has cost me. But besides the 3000 plus dollars that they spent, which ultimately met a wiped away anyways, once I gained access to my account anyway, so I didn't have to spend that. But other than the 3, 000 of wasted ad spend they did there. I also likely missed out on tens of thousands of lost opportunity of what I would have generated from generating new leads for all my businesses on meta ads during that 19 day period, because I spend a significant amount, [00:03:00] 10, 15, 000 a month on ads right now, at least we'll probably scaling that up soon.

[00:03:03] Brian: And that generates. Four to five x roi in the short term and probably double that long term for my businesses So 19 days without ads is a significant cost to my business And that was the real issue here is when I lost access to my personal facebook account and thus my ad accounts I had the opportunity cost of losing out on 19 days of paid ads for myself So this was a big expense for me, like tens of thousands of dollars lost during this time.

[00:03:29] Brian: so I wanted to have an episode dedicated to cybersecurity for freelancers because we all have risks out there, whether we realize it or not. And the craziest thing about me losing access to my Facebook account is that I took All my security measures very seriously, except for one small thing, and that one thing was significant enough for them to get into my account. so whether or not you ever plan to use paid ads. You're using social media for anything. It doesn't matter what the account is. Any freelancer can lose access to any account.

[00:03:57] Brian: And if that account is a significant part of their business, [00:04:00] it's going to be detrimental to you as a freelancer. It could be a social media account that generates most of your leads. It could be a YouTube channel that you create content on that generates a ton of your leads. It could be a bank account It has all of your money in it. It could be

[00:04:12] Brian: an email service provider that you use to access your email list and send out emails to your entire email list. There are tons of what I consider single points of failure or single points of detrimental loss in your business that if you don't take account security or cyber security seriously, you're putting yourself at risk.

[00:04:27] Brian: I want to at least talk through the basics today. I'm going to go through four main types of threats and how to avoid those. And the fourth one is the one that actually made me lose access to my Facebook account, so now I had to take that seriously and through all this I've had to do some serious searching to figure out what even happened because it made no sense that someone could even access my Facebook account because I did a lot of the best practices I'm going to talk about today I had a random 25 digit password for my Facebook account random numbers and characters that's not used anywhere else had two factor authentication turned on for my Facebook account.

[00:04:56] Brian: I had a dedicated email address that was just used just for [00:05:00] the login information on that Facebook account With its own 25 digit random password and its own two factor authentication So it seemed to me like there was no way someone could get into that and yet they still did because of number Four on my list today.

[00:05:10] Brian: All right. So number one, what's the number one threat that people fall into as a freelancer with their accounts? And that's something called password attacks.

[00:05:17] Brian: This is the most common, and this generally means that someone has somehow accessed your password for whatever thing you log into. And here's some common reasons why this can happen. The first is they can just guess your password. And this happens commonly when people have what they call super passwords.

[00:05:30] Brian: It's the same on every account, or it's just easy to guess.

[00:05:32] Brian: Or sometimes passwords are leaked. login email and password on one account, and then that company is hacked, And your login information is released to nefarious places. And then those people use that same login information on other popular platforms like Facebook, Instagram, bank accounts, things like that to access it that way.

[00:05:51] Brian: So just sharing passwords can lead to this sort of stuff happening where you have the same password on two different accounts.

[00:05:56] Brian: And there's two ways to avoid this issue. The first is [00:06:00] pretty obvious. Just don't share passwords between accounts. Every single account that you have should have a different password.

[00:06:06] Brian: You don't have just like a super password for everything that you log into, like most people unfortunately do. And then also, possible, use something authentication. We have all done this in some way, shape, or form. It's where we, log in and the, Site says, I don't recognize this device or this browser, so you need to put in this code that we're going to give you it's either going to text you the code and you have to put it in this random series of numbers or if you're using a code generator like one password or Google Authenticator, it's this random six digit code that cycles every 30 seconds and you have to That specific code during that 30 second interval to actually get past this security feature.

[00:06:41] Brian: And the reason this is great is that even if someone has their your login information, your password, and everything they would need to access the account, they still can't log in because they don't have that six digit two factor authentication code.

[00:06:52] Brian: So that's the first main threat is password attacks and that's super easy to get past by the way If you are struggling to come up with and remember having unique [00:07:00] passwords on different accounts i'm going to show you an easy way to in this video I'm going to give you like just a bunch of great information on best practices for cyber security Especially when generating passwords and remembering passwords Great app to use for this it's a password management app that'll make this so much easier than trying to remember all these different login information for all these different websites.

[00:07:16] Brian: So that's the first one, password attacks. Number two is phishing attacks. Now phishing and spear phishing, I want to talk about both of these. These are basically targeted attempts to steal information from you. So you've seen something called phishing and that's where someone might send you a link in an email or a text or somewhere else.

[00:07:31] Brian: You click it and it's asking for information, banking information, login information, or whatever, free to log into the app. You put your name and password into the thing that looks like a Facebook login or it looks like an Instagram login. It looks like your bank account login, or it looks like your Amazon account login, and then you log in and an error occurs, whatever.

[00:07:47] Brian: What really happened there is it was a site created to look like. The actual Amazon or the actual Instagram or the actual Facebook, but all that did was capture your log information for those sites and then now they have your log information for those sites and they will [00:08:00] immediately go log into your account, wipe you out, take you out of it and

[00:08:03] Brian: make sure that they now have access to the account

[00:08:06] Brian: And there's two types of phishing attacks. There's the like broad phishing attacks that you just get a random email like that. And then there's something called spear phishing, which I didn't hear about until I was researching for this episode.

[00:08:15] Brian: And that's where they're hyper targeted towards you specifically as an individual. This is where someone knows, for example, me in my case. Someone might know that I advertise and spend a lot of money on Facebook ads, so they, single me out, Brian Hood, and they try to get me in a phishing attack, so things can be much more tailored to me specifically, or look like it's somebody talking directly to me, or we get these messages all the time for ourselves, by the way, and this isn't how we got our account compromised, but we get all sorts of phishing attacks on our account through DMs and emails and people trying to get us specifically to log into Facebook because people know that we spend ads because you can see All the ads that we run publicly on Meta's ads library.

[00:08:52] Brian: So this stuff's easy to find. So spear phishing attacks are common for people like me who spend a lot of money on paid ads.

[00:08:58] Brian: So now, how do we actually [00:09:00] avoid phishing or spear phishing attacks? The first is just don't click on links in emails. Especially DMs. Generally speaking whenever someone sends you an email, you're almost always better off just going directly to the site. For example, you'll get these all the time.

[00:09:12] Brian: I've seen every variation of this. We've shut your ad account down. Click here to re enable or something like that. There'll be an email that we might get. And if you click that link, it's a phishing attack. They're trying to get our login information to my account. So that they can then go take over an ad account instead, if you feel like your ad account has been compromised, instead of clicking any link in an email, even if it's from a legitimate source that you know is meta or Facebook or whatever account you think it is, just open the app itself and log in there or open your browser itself and go straight to the website and then within the actual browser that you went directly to the site on address, whatever issue came up that needs to be addressed.

[00:09:47] Brian: and the terrifying thing about phishing attacks and some of the other things that I'm talking about today is many of these attacks come from outside countries previously it was relatively easy to spot these because there would be all sorts of grammatical or typo issues in the [00:10:00] emails, but Now with chat GPT and AI driven copy creation or copywriting, a lot of these emails appear very genuine and are well written and they can use horribly written English and then get chat GPT to rewrite it in perfect English.

[00:10:14] Brian: So a lot of the things like the telltale signs of like a poorly written phishing attempt are getting harder and harder to spot. So that's why if you're in doubt or if you're ever just paranoid like I am now, I just won't click links and emails that are taking me to things that I log into or things that are important.

[00:10:28] Brian: I'll click a link if it's somebody that I subscribe to that I'm reading a blog article or listening to a podcast episode. There's no major issues there typically, but I will almost never click a link going to a banking app or a social media platform or anything that's integral to my business.

[00:10:43] Brian: So that's number two is phishing and spear phishing attempts. Number three is malware. And there's different types of malware out there. There's ransomware, spyware, viruses generally the two most common are malware and ransomware. And what these are is it's just pieces of software or nefarious software that gets installed on your [00:11:00] computer.

[00:11:00] Brian: Again, I'm just talking as a layman here. I'm not a programmer. I don't fully understand all this, but like a virus essentially. And it's doing something nefarious in the background. It won't be completely obvious, usually, sometimes ransomware is, but it's not usually obvious that you have malware, but it will do things in the background that are accessing information that it shouldn't.

[00:11:15] Brian: For example, and this may not be the same as malware, but it's the same concept, is something called a keylogger. Things can be installed on your computer that is tracking everything that you type. And so anytime you type a password, anytime you type something that is private information, the keylogger can Steal that from you ransomware can be in some ways even worse because what it will do is it will find software or files or things on your computer or just your computer itself and Then hold those things ransom behind a paywall and say it won't you will not get access to this again unless you pay and these things can be really hard to get off Your computer or get access back once something has gotten into your device and I've heard of this happening Not just on Windows devices, which is one of the most obvious things, but Apple devices and even mobile devices I've heard of malware and things like this getting into mobile devices now.

[00:11:59] Brian: So [00:12:00] how do we avoid this? first preventative So just don't click on links and emails and socials and DMS again This is how a lot of these things spread is through links and downloading attachments things like that pretty basic stuff Again, this is a basics episode

[00:12:10] Brian: but thing number two here is to use anti malware software and there's preventative things and there's remedial things meaning like Preventative just means that if you click on a link or you go somewhere that's known to be nefarious or this file that you're about to download has something attached to it, the malware software will scan that and then prevent you from downloading it in the first place.

[00:12:27] Brian: So it prevents things from happening, but it also can detect things that are already on your computer and then. What's called quarantine those things and then delete those files so that they're not on your computer anymore. I have two that I actually downloaded and used because I was convinced that's how the hackers gained access to my information was through some sort of malware or keylogger.

[00:12:44] Brian: So I downloaded one called Bitdefender. That's for Mac. And Kapersky, which is also for Mac. And I've seen a lot of reviews and there's no perfect software out there anyways, so don't take my word as gospel here. But I just wanted twice. Just so I had two different what we consider opinions like a doctor's opinions on my computer to make sure there's [00:13:00] nothing on there.

[00:13:00] Brian: And it found nothing. And I have it installed on all my devices essentially at this point because I got extremely paranoid after all this happened, trying to figure out how the hell they got in. again, that's number three is malware. This is another common way people gain access to things. But now fourth and final for this list on this kind of basics episode on cybersecurity is something called cookie hacking and or.

[00:13:19] Brian: Man in the middle attacks. So what is this? well, first of all This is how I believe the hackers gain access to my account so this is where hackers somehow intercept communications or cookies that are stored in your browser

[00:13:31] Brian: and What this essentially does I'm gonna try to explain as best I can as best I understand cookie hacking is when, for example, you log into your account on Facebook, which is my case, and you are logged in, and when you leave the site and come back, you don't have to log in again. That's because there's cookies saved in your browser that says that this session, this person in this browser, in this environment, is Brian Hood.

[00:13:52] Brian: And as long as this device on this browser, then you can keep coming back again and again and again, and you don't have to log in again. Cookie hacking, from [00:14:00] what I understand, is when someone, and we'll talk about how they access this, when someone... Accesses your cookies in your browser and then accesses that cookie that says I am Brian hood. I am logged into Facebook and therefore I can go into your account and I don't have to log in again. And that was what as far as I understand, was allowing them to bypass my two factor authentication.

[00:14:17] Brian: And the reason they were able to access this was because I was at a coffee shop in my neighborhood and I was a public Wi Fi network and I didn't use a VPN, which is Spoiler alert for how you avoid this in the U. S. I don't think it's as common for people to think about using a VPN on a public Wi Fi network It's very common overseas mainly because Europeans and people in Asia will have VPNs Just to watch like American Netflix and we do when we travel I have a VPN just so I can appear that I'm in the US so they can watch shows or movies while we're traveling Other countries that aren't typically available in those locations.

[00:14:49] Brian: So this is a common use of VPNs and essentially Is used by most people to pretend you're somewhere that you're not. In this case, what a VPN is used for is to encrypt, I believe, your traffic so that people can't [00:15:00] access things like your cookies or hack into your browser or whatever.

[00:15:02] Brian: So because I was browsing on an unsecured network at a local coffee shop without a VPN, someone was able to access through their network, my browser

[00:15:10] Brian: and then essentially lock me out of my own account. Now the thing I'm not fully sure of, and I don't know enough about, it's called session hijacking or cookie hacking is kind of the same thing. What I'm not sure about that is when someone is, has stolen my cookies and has logged in as me through my cookies.

[00:15:24] Brian: If someone could then disable my own two factor authentication without having that code, it would seem like a huge security flaw if that's able to happen, but they did do that, they somehow disabled my two factor authentication, and I believe they were able to do it through what's called a man in the middle attack, which is similar to cookie hacking where they're able to essentially hijack my browsing session and Intercept my two factor authentication code when I was attempting to type it in because there was a definitive moment when I was at the coffee shop in Facebook ads, launching some new ads, setting up some retargeting campaigns, just normal stuff, and something had popped up where my account was locked, and this has happened a couple of times before where it says we believe someone's trying to hack you or [00:16:00] whatever, and this has happened enough before where I'll be in the comfort of my home, and it'll say my account's locked, and I just click a couple buttons, and it unlocks the account.

[00:16:08] Brian: It's just weird. It's almost like a the boy who cried wolf where Facebook has done this enough times over the years or over the last eight months where they're telling me something has been compromised or potentially compromise without giving me any information and then saying you need to authorize it is you and I click literally like two buttons on the account and then I'm authorized what I believe happened this specific time.

[00:16:27] Brian: Was that exact same stuff came up? However, at that time, it asked for my two factor authentication code. And I believe that's where the man in the middle attack comes in. Where, when I typed the code, they were instantly able to access that code. And then, instantly, they removed it from my account when I did that.

[00:16:42] Brian: I'm not sure if that's the case or not. And I'm still not totally sure how they... Disabled my two factor authentication, but that's the best that I can come up with as of right now. So how do we avoid this, Enough about me specifically, but how do we avoid this from happening to us? The first is to just use a VPN if you're ever on a public network. You're not at the comfort of your own private Wi Fi [00:17:00] network in your house. Use a VPN. Next is if you can avoid using any sort of public Wi Fi for sensitive things, please avoid it at all costs. Now, obviously when we're traveling in Peru, I have to use Wi Fi when we're traveling for my businesses.

[00:17:12] Brian: So I will have to use a VPN, but when you can avoid using public Wi Fi, especially without a VPN, and then make sure you are logged in with HTTPS. So if you look at a URL at the top of the page, and honestly, Chrome is great about not allowing you to go to pages without. An SSL encryption.

[00:17:27] Brian: But when you look at the URL most websites if you actually click into the website and like you highlight the URL at the top of the page, it'll show h TTPs colon slash slash and then the website url. Sometimes if there's not an SSL encryptions, what this's called, it'll just say http colon slash slash and we'll have the s and that s is very important to make sure that the SSL encryption is secure so that things like this can't happen.

[00:17:49] Brian: It doesn't mean it's impossible, but makes it harder. So obviously make sure. Your SSL encryptions on whatever sites you're on are enabled and working. And two more things, and this is something I didn't really consider before. One is log [00:18:00] out of websites that are sensitive. Things that are important to your business, banks, social media, log out of those accounts when you're not using them so that you have to log back in.

[00:18:09] Brian: Because what happens is when you stay logged in, it's essentially authenticated that this is you. So if someone steals your cookies or hacks your cookies, Or hijacks their session. They're essentially taking over that session when you log out and invalidates those cookies from what I understand and keeps them from being able to access your account if they do hack your cookies.

[00:18:26] Brian: So when you log out, it essentially says these cookies are now spoiled, throw them away so they're not worth stealing. And then finally, to prevent this is just. Regularly clear cookies. I always avoid this because it's annoying because when you clear your cookies, it by default logs you out of everything that you'll ever been logged into and it even tells sites as far as I understand, there's like no record of you being here.

[00:18:44] Brian: So like if you have two factor authentication set up, you have to log back in with all of this stuff. That's really annoying, but I can tell you right now, it is a lot less annoying than losing 19 days of paid ads potential and tens of thousands of dollars of lost revenue because you didn't want to clear your cookies.

[00:18:59] Brian: So that is the fourth and [00:19:00] final thing is cookie hacking slash man in the middle attack slash session hijacking. All these things that I don't fully understand and I now know a little bit more about. And if you do nothing else, just do these two things. Use a VPN when you're browsing on a, any network

[00:19:12] Brian: and then log out of sites that are important to you, that you don't want someone else to be able to access. If you just do those two things, that'll keep 99 percent of this at bay. So before we wrap this up, let's talk about some additional measures, things that are important or things that are good to know or use when it comes to keeping everything secure for your business.

[00:19:26] Brian: The first is use a password manager. I use one called one password. We've used it for years. It's never been compromised and unlike one called uh, what was it called? Last pass. Last pass was hacked like a big global hack last year. I think in tons of people's stuff was compromised. One password. Has somehow avoided all of that.

[00:19:45] Brian: So the good thing about one password is They require some additional things of security to even access your account. they need your login email They need your login password and they need something called an emergency kit code It's like this code that's generated that is on a pdf [00:20:00] that you save somewhere and without that code No new browsers or devices can ever log in even with your name password And two factor authentication, you have all of these as kind of like way to keep people from accessing your account, but the point of all this is so that you can use one password to generate random 25 digit or whatever you want passwords for these sites and you never have to remember them.

[00:20:19] Brian: That's why it's called one password. The only password you have to remember is the one to get into one password and. in most cases with that you can use your face on phone or your finger to log in so you don't even have to type the password for one password if you have your biometrics enabled on your devices or whatever they call that login with fingerprint and or face ID

[00:20:38] Brian: and this has been a game changer because every important login that I have has its own unique password and if it's available two factor authentication for that as well so that way you don't have to remember If your Netflix login, your bank account login, or all your bank account logins, your Facebook, your Instagram, all your different email address logins.

[00:20:54] Brian: These should all be random passwords that cannot be guessed, that are not shared. So if [00:21:00] one site is compromised, like when Sony was, hacked years ago, you don't lose all your other accounts because that login information worked everywhere else.

[00:21:07] Brian: Next is use two factor authentication whenever you can. Again I've, I've mentioned this a million times, but I've got a point here. Before when my Facebook account was hacked, I had my login information and my, two factor authentication all set up through one password. My thought was maybe somebody accessed my one password account, but I checked all the logs and everything and it wasn't that so that wasn't the issue, but just still for peace of mind actually separated.

[00:21:28] Brian: All my login information now is stored in one password for all my devices, but all my two factor authentication codes are stored in a completely different system on a completely different device. And this means so that if one is compromised, they still can't access my two factor authentication codes and everything else.

[00:21:42] Brian: So they still can't access my most important site. So even if one password is compromised, my two factor authentication codes are all done through a completely different authentication app. I'm not going to tell you which one because I don't think it matters, But there's a lot of different ones that are out there.

[00:21:54] Brian: if you need a couple of good ones, again, one passwords, two factor authentication is great, but also you could use if you [00:22:00] wanted I think Google Authenticator is another one that is popular for people.

[00:22:03] Brian: Next is creating a dedicated email address. That is just used for super sensitive logins. Reason being is a lot of websites, if you know their password and login information for the email address associated with those sites, then you can just say, I forgot my password. It'll send you a code to the email address that's tied to that account.

[00:22:20] Brian: And if they gain access to that code, then they can get into your site and change the password and everything. So generally if you have some sensitive logins like your Facebook, if you do a lot of ads or your bank accounts or some other mission critical piece of software or Even Dropbox or somewhere where all of your projects are housed have a dedicated email address for those super sensitive ones and always stay logged out of it and Always make sure that that is never used anywhere else and that just Reduces the amount of risk in any one area Whereas a lot of people use the same email address for every login and there can be some risks with that and then finally And this is just final thoughts here for additional measures of security is any site that has multiple users in it check for admin [00:23:00] access on all of those accounts.

[00:23:00] Brian: So, For example, on Facebook and Facebook ads, you want to make sure that no one has admin access or access to an ads account or access to one of your Facebook or Instagram pages that shouldn't have access, for example, when I went back through after again access back. Through my ads account and we kicked the hackers out of the account.

[00:23:15] Brian: I went back through and found an agency that we used to work with for social media that still had access to things I kicked him out of the account not because I don't trust him But because if he were hacked he would then be able to get into my account that way So there's just certain things you want to make sure that no one has access to anything a bank account a social media account a youtube channel admin access in your google login area just make sure That any of these no one has access that shouldn't have access That's basically the moral of the story here because sometimes you might have an old business partner Or an old employee and they still can access things that they shouldn't have access to hopefully this is helpful if this even helps one person avoid what I went through i've done my job here

[00:23:50] Brian: and just some final thoughts for anyone who maybe does have hacked facebook account Or instagram account how I got back in the first thing to do and this is the first thing I did is just go to facebook. com slash hacked [00:24:00] To indicate that the account is hacked It's supposed to lock the account, but somehow the hacker still bypass the account.

[00:24:06] Brian: and then there's Facebook. Verify something like that, where you have to verify that you are who you say you are by uploading selfie and a piece of ID, something like that. And. When they review that, they should access only to the email address that was associated with that verification process.

[00:24:20] Brian: And I went through that many times. here's the crazy thing and how I ultimately got my account back was, I kept doing the same damn thing over and over and over again through a period of weeks until it finally worked. That's the only thing I did. It's so stupid. The thing about Facebook and Instagram and meta in general is I had to do what is essentially deemed as insane.

[00:24:37] Brian: What do they say insanity is? Is doing the same thing over and over again expecting a different result. I knew enough about meta to know that Literally doing the same thing over and over again would eventually yield a different result. It took way too long and just note that whether you do this, process that I just outlined, whether you do it from a mobile device, the mobile app, mobile browser, desktop browser every one of these devices and settings yields a different result.

[00:24:58] Brian: And I think they're constantly [00:25:00] changing things and trying new things and things didn't work when they should. was a mess and many times I gained access to my account only to still be locked out because I didn't have access to the two factor authentication code that the hacker set up. And every time I went through this cycle, it was just like this death loop.

[00:25:15] Brian: It was horribly frustrating. I watched every YouTube video, read every Reddit thread, trying to figure out how to bypass this. None of it worked until eventually it did. So all I can say is if it doesn't work, just keep trying, don't give up. And if you have any specific questions, send me up podcast at six figure creative.

[00:25:31] Brian: com and I can try to help you out. So that is it for this episode, but different than usual, but just knowing how much money I lost out on and how much money can be tied to issues like this, I felt like it was an appropriate episode. It's one of those like time sensitive episodes that like it was a horrible experience.

[00:25:45] Brian: I was super sad the entire time and I hope it never happens again. Hopefully I learned enough to keep this from happening again, but. Even now I still don't fully understand all the intricacies of what happened, but I do know it was a large Vietnamese group that does this. And [00:26:00] they do this to hundreds of accounts.

[00:26:01] Brian: And I know this because I can see the pixel data of the pixel they installed on my account. It shows every cell, every website click, every account they've added this to that they've compromised. And it's hundreds of accounts. And they generate thousands of sales a month doing this. Hundreds of thousands of dollars a month.

[00:26:15] Brian: And somehow, Meta can't figure out how to stop it. Don't ask me. But that is it for this episode. Next week, we'll start another series that I am excited to start. And I'll talk about what that is next week. Bye. That's it for this weird one off episode. I'm going to go have fun in Peru. And until next time, thanks so much for listening to the Six Figure Creative Podcast.

Recent Podcast Episodes...