ALTHOUGH we know about scamming tactics at any point in our lives, we can be vulnerable. Recently, I was scammed into transferring a substantial amount of cash to a fraudster’s account. I’m usually cybercrime savvy with my own security guardrails. Still, I fell prey to the one vulnerability that I did not expect—what if it was a family member who was hacked?

Here were things that I wish I knew to avoid a Facebook impersonation scam:

Hackers are good at what they do

The hacker studied my Mom’s chat history and copied her voice and grammar. They knew that I managed her financial accounts. They even sent me a screenshot of her World Remit account to prove why I need to transfer the money urgently.

The first sign of a hack is any kind of suspicious online activity

It started with a phishing scam from one of my Mom’s friends. A phishing scam is a way to steal information under the guise of a reputable source. My Mom clicked on a link, then was directed to a fake Facebook page where she typed her log-in credentials.

She did know it was a fake site and didn’t do anything with the suspicious log-in attempts she received. The longer she waited to secure her account, the more time the hacker had to comb over her friend list and chat history.

Tip: Secure your login credentials. First, turn on multi-factor authentication (MFA). MFA is a method that verifies a user’s digital identity by asking for another additional resource like email, mobile, or even a thumbprint. Once you have MFA activated, you can also change your password, check log-in history, log out of all devices etc.

There is a catch by informing all the institutions involved and calling the authorities

When you battle it out with a faceless and nameless entity, you are doomed to lose. The hacker sent messages to my Mom’s contacts asking for money. We all reported the account as hacked, yet Facebook did nothing.

I also informed the bank about the fraud. They immediately deactivated my online banking and credit card. They told me, “The only thing we can do is to tell GCash to cancel the transaction.”

When I contacted GCash, I received the template message for fraudulent transactions. GCash suspends the alleged fraudster’s account for 72 hours until I secure a police report and only then can they suspend that account permanently.

I called the local cybercrime office and they told me to get a police report and court order so GCash can track the fraudster. But who do I report when I don’t even know the name of the hacker? Is it still worth it to spend money and months of effort to obtain a court order? By that time, the hacker could have made hundreds more fake GCash accounts.

Scams nowadays are sophisticated and well organized. I’ve accepted that my money is gone. In the olden days, criminals barged into houses and stole valuables. Now cybercrime, a modern form of robbery, doesn’t only take away money from victims but also personal data which carries emotional weight. Criminals behind them are difficult to catch, so we always need to keep our guard up.