Risky sites offer tech support to Facebook users

Her first mistake was going to and typing: “What is the phone number for Facebook.”

The fan page that Teresa Allissa Citro of Maynard helps run for a Christian women’s organization had just been hacked, taken over by an unknown group of online saboteurs who redirected viewers to a website in Albania. She was anxiously trying to recapture the page, which has more than 160,000 followers.

Citro’s Web query returned several responses for sites that looked like Facebook technical support. She called one, spent hours on the phone with people she said called themselves Facebook tech support workers, and let them take control of her computer remotely.


Her organization, Sisters in Christ Worldwide, paid them $130 for services and software they said would keep the group’s Facebook page safe. It was a high price, but worth it if Citro and her group could regain control of the page they had spent years building.

Get Talking Points in your inbox:
An afternoon recap of the day’s most important business news, delivered weekdays.
Thank you for signing up! Sign up for more newsletters here

The problem: Citro wasn’t speaking with anyone at Facebook. The social media site does not have a tech support phone number. And it certainly does not charge users for software upgrades or other promised safeguards.

“That was a shakedown,” said Frederic Wolens, a spokesman for Facebook.

As Facebook has grown into a social media colossus with about 1 billion users worldwide, so too has a cottage industry of tech support outfits, often located overseas, that give a false impression they are affiliated with the Palo Alto, Calif., company.

Some, like the business Citro called, may be trying to sell unneeded software or services. Others could have more devious intentions, such as installing malicious software designed to gain access to personal financial information, according to online security experts.


Facebook does not authorize third-party businesses to provide tech support on its behalf. But the company has acknowledged that the growing number of outfits posing as its technical support service have become a problem. Facebook said it has taken steps to stop such practices.

A recent query for Facebook’s phone number on well-known search engines prominently displayed links to several unaffiliated businesses that purported to be providing technical support for the company.

A search on, just like the query Citro typed, displayed information about five such websites.

In a statement to the Globe, noted that it serves 100 million monthly users and “it can be a challenge to ensure user satisfaction with every listing. However, when we are made aware of an issue, we typically blacklist advertisers from our site.”

In this case, it has blocked the company that Citro said she was dealing with, NIAS e-Business­ Solutions.


When a reporter called the company, a tech support worker said the outfit was based in India and was certified to perform work for Facebook and other websites, such as Yahoo.

‘There was noone I could callwhen myFacebook page washacked.’

Indeed, this problem is not unique to Facebook. In 2012, the Federal Trade Commission launched a crackdown on companies that falsely claimed to be technical support arms for Dell Inc., Microsoft Corp., and Symantec Corp., the company that makes the antivirus software Norton.

In the vast and borderless world of the Internet, it is virtually impossible to prevent scams on the Web. Facebook has become an especially popular target for hackers as it has grown so large.

The New York Yankees have been victims, and so has actress Selena Gomez.

That level of hacker interest in Facebook is creating problems for users that in turn encourage the proliferation of websites purporting to offer technical support.

The fact that Facebook offers limited resources to users who have been hacked may also be a catalyst.

Facebook’s website does not list a phone number for any kind of help desk.

But it offers detailed instructions for users who have been hacked, explaining how they may be able to retrieve pages. It also encourages users to add layers of security — such as log-in notifications that send users alerts whenever someone signs onto a page from an unknown device.

Many Facebook hacks result from “phishing” schemes. Users are tricked into providing log-in information to attackers. Some hackers might want to target popular Facebook pages to make a statement — breaking into politicians’ pages has become something of an online sport for hackers — or to take advantage of organizations’ long lists of followers by posting links to other websites that sell products.

Even the most savvy social media professionals can run into a wall when trying to rescue Facebook pages.

“I was spending $20,000 a month on Facebook ads, and there was no one I could call when my Facebook page was hacked,” said Curt Maly, cofounder of Black Box Social Media, an Austin, Texas, company that manages the social media presence for many celebrity clients.

He isn’t sure how a Facebook page his company operates for a Texas real estate investor was hacked — Maly said he never revealed any log-in credentials — and doesn’t know why it was eventually returned to his control.

But Maly used the Web to wage a campaign to get Facebook to pay attention. Maly posted an article on his company’s website about the hacking that also offered tips for other victims. It quickly became the most popular item on the site.

“If you make enough noise, Facebook won’t acknowledge it, but your page will magically come back,” he said.

Facebook has previously run afoul of state and federal authorities for not providing enough customer support or information to its users, for the way it advertises the site, and over its terms of service.

As the result of a 2007 complaint from the New York attorney general’s office, Facebook changed the way it accepted complaints about inappropriate activity on the site. In 2011, a settlement with the FTC changed the way Facebook advises users about changes in its privacy policies.

But it is unclear if Facebook tech-support scams will persuade the company to begin taking calls from customers. Wolens said the company doesn’t do so now because it’s too difficult to verify a user’s identity over the phone.

Another issue: Facebook is a global service that includes about one-seventh of the world’s population.

“It’s hard to say whether they have an obligation to pick up the phone,” said Justin Brookman, director of consumer privacy for the Center for Democracy and Technology. “I’m not sure it’s practical.”

In many ways, he said, exposing yourself to hacks is part of the risk people accept when they sign up for Facebook.

That doesn’t impress Citro. She said that if Facebook had responded to many messages members of her group sent to the company, they could have avoided dealing with the company she thought was Facebook, and which had promised repeatedly to fix their problem.

The group was able to recover its fan page only after the Globe made inquiries to Facebook about the hacking, and the company provided some technical support.

Citro said Sisters in Christ Worldwide stopped payment on the transaction with the tech support company.

“I think Facebook has a responsibility,” Citro said. “They need to do something to protect people on social media.”

Michael B. Farrell
can be reached at