Phishing, vishing, smishing — these terms for various hacking attempts are probably familiar to those of us who have had to sit through mandatory cybersecurity trainings at work as internet criminals become more sophisticated.
Hackers are after your social security number, your bank account information and your company’s internal communications, the sessions emphasize. But none of these seemed to be the motivating factor when someone took over the Facebook page for Amicci’s this fall and started posting AI-generated images of soldiers and veterans.
Why would hackers want access to social media for a Little Italy restaurant with a modest Facebook following, and what was behind all the veteran-themed posts? I try to get to the bottom of the conundrum in this week’s column.
‘A Catch-22 of a disaster’
Jody Baker’s first indication that the Amicci’s page had been hacked was an email on her day off.
Baker, who has managed the casual Italian eatery for the past 34 years, was technically not supposed to work that day in early September, but she decided to go to the restaurant to help with preparations for a memorial meal honoring the late Ravens offensive coordinator Joe D’Alessandris.
When she logged in to her work email, she noticed a message telling her the password to the Amicci’s Facebook account had been changed.
Baker immediately tried to log into Facebook and quickly realized she was locked out. Soon, she was blocked from seeing the page altogether.
What followed were weeks of frustration as Baker tried to get Facebook to investigate the hack. She says she was never able to reach a human to help her, and online forms trying to prove the page was stolen didn’t get anywhere because hackers had already changed all of the account information.
“It was just a Catch-22 of a disaster,” Baker said.
Even worse was the disruption to the restaurant’s customer outreach. Confused diners reached out wondering why pictures of pasta had suddenly been replaced by AI-generated images of military veterans with amputated limbs. Initially, the page kept the “Amicci’s of Little Italy” name before changing it to “Honoring Our Heroes.”
The new administrators added a patriotic, stars-and-stripes-studded cover photo with the header “Today USA News” and changed the business page’s classification from “restaurant” to “news and media website.”
Later, Baker said, the account started posting even stranger content, including images of skin conditions. The confusion hurt Amicci’s, which counts social media among its main marketing strategies.
“We’re offending people, and we’re not doing our promotion we normally do,” she said.
Baker made a new Facebook account for Amicci’s and shared posts trying to spread the word about the takeover. As of this week, the hacked page appears to have been taken down.
What exactly the hackers were hoping to achieve is still a mystery to Baker.
“I’m at a loss,” she said. “I wasn’t doing anything sophisticated or something to warrant taking the page. I think there would be easier ways to go about getting my credit card information.”
I took the case to Cliff Steinhauer, the director of information security and engagement for the National Cybersecurity Alliance, a nonprofit dedicated to cybersecurity education. He told me there are a few ways hackers can capitalize on a stolen social media page.
One classic scheme is commandeering a page to sell sunglasses or some other product — perhaps restaurant gift cards — that the hackers then promote to the page’s followers.
Usually, the whole setup is a scam to steal credit card information from would-be customers. Sometimes, scammers will even send messages from the hijacked page for a more “personal touch.”
In the case of Amicci’s, Baker said she never heard from customers that the hacked Facebook page was trying to sell them anything. In that case, Steinhauer said, it’s more likely hackers were trying to harvest followers for other purposes.
“There’s a huge underground market for pages that have a lot of social media followers,” he explained. “Often, they’re trying to gain followers and move those followers to other places.”
These so-called spam pages use attention-grabbing, easily produced AI images to funnel followers to “content farms” outside of Facebook’s domain that are loaded with advertisements.
The schemes have taken off with the wide availability of AI content, which allows hackers to quickly churn out attention-grabbing posts.
At the same time, Facebook’s algorithm has started feeding users more “unconnected posts” — content that’s unrelated to the friends, groups or pages they follow — according to a report by the Harvard Kennedy School.
The Harvard study noted that a post with an AI-generated image was among Facebook’s top 20 most viewed in the third quarter of 2023.
Steinhauer didn’t have data on how often Facebook pages are hijacked, but said he’s heard many stories similar to Amicci’s.
Unfortunately, he added, it’s hard to get anyone to follow up on a hacked social media page. Companies like Facebook are overwhelmed by requests, and investigators tend to focus on high-profile incidents — like when a British man hacked the Twitter accounts of notable figures including President Joe Biden, former President Barack Obama and businessman Elon Musk in a scheme to steal bitcoin.
“If Elon Musk’s Facebook gets taken over they’re probably going to prioritize that a little more than your local Italian restaurant,” Steinhauer said.
To avoid a similar fate, he recommends setting up multifactor authentication for your social media accounts, keeping anti-virus software updated and avoiding clicking on links or sharing personal information online unless you’re sure a website or email is legitimate.
Baker has resigned herself to starting over on Facebook. The restaurant’s new page had a little more than 300 followers on Tuesday — a fraction of the nearly 9,000 it had previously amassed.
“Now everyday I wake up worried,” she said. “I just hope it doesn’t happen to anyone else.”
The one silver lining? “Luckily it wasn’t our Instagram,” Baker added. At more than 10,000 followers, “that’s our biggest platform.”
Have a news tip? Contact reporter Amanda Yeager at [email protected], 443-790-1738 or @amandacyeager on X.