Cyber Incident Victim: Caloundra, Queensland, Australia
Date:
Oct 2023
Location:
Australia
Summary
Scammers compromised a Queensland photographer's Facebook business page through a phishing link disguised as a Meta communication, resulting in the loss of seven years of images, customer orders, and 16,000 followers. The attacker renamed the page and revoked access, causing significant emotional distress and financial harm, including $3,000 in prepaid calendar orders. A separate hairdressing business experienced an identical attack days later, losing 17 years of content. Cybersecurity experts highlighted the growing frequency of such incidents, noting that victims' reliance on social media for operations and inadequate security measures like multi-factor authentication exacerbated vulnerabilities. Meta reportedly provided no effective recourse despite repeated reports.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 2 techniques |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
Doug Bazley, a photographer based in Caloundra, Queensland, lost access to his Facebook business page on October 14-15, 2023, after interacting with a fraudulent message impersonating Meta Platforms. The attackers sent Bazley a link via Facebook Messenger that appeared legitimate, claiming his account required resolution of an unspecified issue. Upon clicking the link, Bazley immediately lost control of his page, which displayed a black screen before the profile photo and page name were altered by unauthorized parties. The compromise resulted in the permanent deletion of seven years' worth of business content, including approximately 16,000 followers, travel photography archives, and prepaid customer orders valued at nearly $3,000 AUD. Bazley reported no successful communication with Meta's support channels despite multiple attempts to regain access or report the incident, noting that automated systems failed to recognize the unauthorized activity.
The following day, Tahlia Rehua experienced identical compromise tactics against her Logan-based hairdressing business pages, losing both personal and professional Facebook assets containing 17 years of content. Forensic analysis by cybersecurity expert Dave Lacey confirmed both incidents stemmed from credential harvesting through malicious links, enabling attackers to bypass authentication controls. Neither victim had implemented multi-factor authentication prior to the breaches. Lacey noted the attacks reflected broader trends overwhelming response capabilities, with compromised business pages serving as vectors for additional fraud. Financial impacts included lost prepaid orders and operational disruption, while emotional consequences were described by Bazley as comparable to "his business burning down." The Australian Cyber Security Centre subsequently highlighted these cases during Cyber Security Awareness Month to illustrate risks associated with inadequate authentication protocols and phishing susceptibility.