Katie McClure, a hospitality and tourism management junior, was impersonated on Facebook for 12 hours by a hacker who took control of her account and personal email.
She contacted San Diego State’s IT Security Office because she was afraid the hacker was targeting other students. Information Security Officer Felecia Vlahos called McClure into her office to help her get back her accounts.
“We thought her Mac had been compromised and her email, because some of the information that the hacker had, had only appeared in print in Katie’s email,” Vlahos said.
McClure noticed she could not access her Facebook account on her phone on Sept. 30 around 4 p.m. after attempting to log in several times.
She thought her phone wasn’t working properly because it was old.
“About 30 minutes after that, I got a text from my friend, and she had screenshotted some Facebook messages and said, ‘Is this you?’ And it was the hacker asking her for her student account information in order to log onto the WiFi,” McClure said.
McClure immediately told her friend it was not her. She then started getting text messages from her friends at other universities asking her why she was messaging them on Facebook to get their student account information.
She then realized someone had hacked into her Facebook account and was impersonating her.
Throughout the night, McClure received screenshots of conversations the hacker had with her friends asking them for the same thing: their account information in order to gain access to their university’s WiFi.
“Each conversation I received was different,” McClure said. “It was not a robot. It was a human pretending to be me.”
The hacker read McClure’s personal emails and Facebook messages to the point where he or she knew what was going on in her life and how to talk like her.
When asking her friends from out of state for their account information, the hacker claimed McClure was in town and needed access to the WiFi to send a PDF of her passport to her mom.
“The day before all of this happened I was trying to get my passport because I am studying abroad in the spring,” McClure said. “The hacker went through my emails and saw my emails from the study abroad office and knew to ask my friends about it.”
She tried to log onto her Facebook and emails to reset the password, but the hacker locked her out of her accounts. Finally, she was able to lock down her Facebook and block her account for 24 hours. Within those 24 hours, no one could log into her account or look her up on Facebook, it was as if she had never created an account.
With the help of the Information Security Office, McClure was able to use a device that had not been attacked by the hacker to log onto her email, Apple ID and Facebook to take back her accounts.
After a day, McClure was able to take back control of her accounts. The identity of the person who stole her account information is still unknown.