Could Meta do more to protect us from cyber scams? - The Indicator from Planet Money

Summary7 min read

Podcast Summary: "Could Meta do more to protect us from cyber scams?"

The Indicator from Planet Money
Host: Darrian Woods
Guest: Stephen Vassarha (Gulf States Newsroom)
Release Date: July 10, 2025

Introduction: The Hidden Threat to Small Businesses

In the July 10, 2025 episode of The Indicator from Planet Money, host Darrian Woods delves into a pressing yet often overlooked issue: the vulnerability of small businesses to cyber scams. Partnering once again with Stephen Vassarha from the Gulf States Newsroom, the episode unpacks the intricate challenges faced by small business owners in the digital age and questions the responsibility of tech giants like Meta (formerly Facebook) in safeguarding these enterprises.

A Personal Tale: Hilary Hanning and the Little House Bar

The episode centers around Hilary Hanning, the owner of The Little House, a quaint neighborhood bar in New Orleans renowned for its unique ambiance—complete with taxidermied alligators and chicken feet—and its sophisticated selection of boutique wines and creative cocktails.

Hilary Hanning (04:45):
"You look around, we've got taxidermy and all kinds of stuff, but it's like encompassed with this very bougie-esque, really cool boutique wine selection and fun cocktails and stuff. It's struggling to death, but we're having fun now."

Despite the charm and dedication, Hilary's bar faces significant challenges, not just from the usual business hurdles but from a darker underbelly of cybercrime that threatens its very existence.

The Incident: How a Social Media Scam Unraveled

In November of the previous year, as Hilary prepared for a fundraiser benefitting a winery in North Carolina devastated by Hurricane Helene, she received a fraudulent message purportedly from Facebook's support team regarding "fraudulent activity" on her account.

Hilary Hanning (03:03):
"Yeah, if you don't think this is correct, you can appeal it, whatever. So, of course, in that knee-jerk moment, I hit appeal and it all, it all started to fall apart."

This seemingly innocuous action set off a cascade of malicious activities. Soon after, Hilary began receiving perplexing inquiries from friends about bizarre products—golf carts, televisions, and fake truck sales—linked to her Facebook page. Unbeknownst to her, her social media accounts had been hijacked, allowing scammers to attempt defrauding others using her established online presence.

Stephen Vassarha (03:21):
"Golf carts, televisions, a truck that they were trying to fake sell like. And I'm just like, in Atlanta traffic. I swear I almost died, like, 20 times."

The Broader Picture: Cybercrime's Impact on Small Businesses

Hilary’s experience is far from isolated. The episode highlights a Verizon analysis revealing that small businesses are targeted by cybercriminals four times more frequently than large corporations. Defining small businesses as those with fewer than 1,000 employees, Verizon attributes this increased vulnerability to the sheer number of small enterprises and their typically weaker security infrastructures.

Darrian Woods (04:31):
"Small businesses are often targeted because they have worse security, which, you know, makes sense. Owners are often stretched pretty thin. They often have to be their own janitors, their own accountants."

Furthermore, a MasterCard survey cited in the episode found that nearly half of the small and medium-sized businesses surveyed had experienced a cyber attack, with 20% of them forced to file for bankruptcy or close their doors as a direct consequence.

Why Small Businesses Are Prime Targets

The discussion underscores that small business owners, like Hilary, juggle multiple roles—often acting as janitors, accountants, and now, digital marketers. This multifaceted responsibility leaves little room for them to specialize in or prioritize cybersecurity.

Michael Daniel, head of the Cyber Threat Alliance, emphasizes:

Stephen Vassarha (04:44):
"It's hard to add an 18th hat to be your own cybersecurity expert."

This sentiment is echoed by Darrian Woods, who points out the unrealistic expectation placed upon business owners to also serve as cybersecurity specialists.

Expert Recommendations: Simple Yet Overlooked Security Measures

When queried about protective measures, cybersecurity experts advocate for foundational practices that, while straightforward, are often neglected in the daily hustle:

Two-Factor Authentication: Adds an extra layer of security beyond just passwords.
Password Management: Ensuring passwords are strong and not reused across platforms.
Firewalls: Basic barriers that protect against unauthorized access.

Darrian Woods (05:24):
"Cybersecurity advice is like the basics of good diet cliches. Eat your veggies. Everything in moderation. Don't reuse passwords."

However, as Stephen Vassarha notes, implementing these measures can be cumbersome amidst the demands of running a business.

Shifting the Responsibility: Should Tech Giants Step In?

Michael Daniel argues that the onus should not solely be on small business owners to fortify their cybersecurity. Instead, he posits that major tech companies like Meta bear a significant responsibility in preemptively safeguarding their users.

Michael Daniel (05:13):
"We shouldn't expect [small businesses] to have to be their own cybersecurity experts. Instead, more of that responsibility should be on the tech companies."

Diving deeper, the conversation contrasts the proactive stance of the banking sector—where institutions are mandated to protect customers and absorb financial losses from fraud—with the current environment where social media platforms offer free services with minimal default security measures.

Stephen Vassarha (07:02):
"When we say the market is not structured for this, a good way to understand this is to compare the tech industry to banking. A bank is much more likely to be proactive on fraud that targets its customers."

In essence, while banks are legally and financially incentivized to prevent fraud, social media platforms like Facebook (Meta) lack similar pressures, often leaving users to fend for themselves.

Meta's Response: Investing in Security Yet Falling Short

In response to rising cyber threats, Meta acknowledges their ongoing efforts to combat scams but admits that the current market structure doesn't prioritize default security measures.

Erin Logan, Meta spokesperson, states:

Darrian Woods (07:54):
"Meta does not have a lot to lose that would push it to be more aggressive here."

Despite claims of investment in new technologies and solutions to prevent scams, Meta also emphasizes the need for a collective effort involving governments, banks, law enforcement, and other tech companies to effectively address the issue.

Case Resolution: Hilary's Struggle and Partial Recovery

Hilary’s ordeal took a further toll when a friend introduced her to what appeared to be a Meta representative. Believing she was seeking assistance, Hilary spent hours interacting with the scammer, inadvertently compromising her mother's bank account and resulting in a loss of approximately $10,000.

Hilary Hanning (08:44):
"He's like, Ms. Hanning, this is just a way to verify and work around and whatever... you realize that your mother's bank account has been depleted."

This incident underscores the sophistication of cyber scammers who exploit trust and urgency to manipulate victims. Ultimately, after months of grappling with the aftermath and reaching out to Meta, Hilary’s accounts were restored within hours, but the financial and emotional damage lingered.

Hilary Hanning (09:47):
"And then you're just humiliated and you're disappointed in yourself because you fell for it and you put people you love very much in a harder situation than they needed to be in."

Michael Daniel advises business owners not to internalize the blame for such scams, highlighting that the systemic issues make it difficult for individuals to avoid falling victim.

Stephen Vassarha (09:54):
"You know, actually, I started to try to avoid using that, using that terminology, falling for. It's natural that you would have those feelings. But I don't think that someone should beat themselves up because the entire deck is stacked against you."

Conclusion: The Imperative for Structural Change

The episode concludes by reiterating the urgent need for structural changes in how cybersecurity is managed for small businesses. Entrusting tech giants like Meta with greater responsibility could alleviate the burden on individual business owners, fostering a more secure digital environment.

Erin Logan (07:54):
"Tackling scams requires everyone to do their share, from governments to banks to law enforcement and other tech companies."

As cyber threats continue to evolve, the conversation between Darrian Woods and Stephen Vassarha highlights a pivotal moment for policy, corporate responsibility, and the survival of small businesses in an increasingly interconnected world.

Key Takeaways:

Small businesses are disproportionately targeted by cybercriminals due to their typically weaker security measures.
Foundational cybersecurity practices are essential but often neglected amidst daily operational demands.
Tech giants like Meta have a significant role to play in safeguarding their users and should adopt more proactive security measures.
Structural changes in the cybersecurity landscape are necessary to protect small businesses effectively, preventing financial losses and operational disruptions.

Loading summary

Transcript55 lines

[00:01]
NPR Host
Npr.
[00:12]
Darrian Woods
This is the Indicator from Planet Money. I'm Darrian woods and back with me for a second today in a row is friend of the show, Stephen Vassarha from the Gulf States Newsroom.
[00:21]
Stephen Vassarha
Good to be back with you, Darian. And today I have a very different story for you about small businesses like the Little House. It's this neighborhood bar in New Orleans, the kind of place where you can sip wine while surrounded by taxidermied alligators and chicken feet.
[00:39]
Hilary Hanning
We're swamp chic, if you will.
[00:41]
Stephen Vassarha
Swamp chic. I hadn't heard that one before.
[00:43]
Darrian Woods
That is the bar's owner, Hilary Hanning.
[00:46]
Hilary Hanning
You look around, we've got taxidermy and all kinds of stuff, but it's like encompassed with this very bougie esque, really cool boutique wine selection and fun cocktails and stuff. It's struggling to death, but we're having fun now.
[01:01]
Stephen Vassarha
The real reason we're here is the source of some of that struggle.
[01:05]
Meta AI Ad
This message comes from Meta AI. Meta AI is the personal AI to help you with whatever you need. Not only is Meta AI now an app, but it's also on the apps you already Love. Facebook, Instagram, WhatsApp and Messenger. Plus the Ray Ban Meta glasses. It's easy to access wherever you are throughout the day. Experience Meta's newest AI that's tailored to you by downloading the Meta AI app. Try the Meta AI app today on the Apple App Store and Google Play. This message comes from Fisher Investments Senior Vice President Michael Hosmar shares one way their fiduciary duty comes to life when working with clients.
[01:45]
Michael Hosmar
We listen to our clients goals, their objectives, their personal needs, and we build a plan that puts their needs first. They want to know what we're truly thinking about, how that thing thinking is being built into our plan for them. Because that's how seriously we take our fiduciary responsibility.
[02:03]
Meta AI Ad
Learn more@fisherinvestments.com Investing in securities involves the risk of loss.
[02:09]
Stephen Vassarha
Hillary's been dealing with a problem that's harmed thousands of small businesses and caused many to shut down.
[02:15]
Darrian Woods
We're talking about cybercrime. Hacks at big companies like Sony and Equifax get plenty of attention. But small businesses fall victim to cybercrime way more often than big ones.
[02:30]
Stephen Vassarha
So on today's show, we hear about the scam that threatened this New Orleans neighborhood bar and the case for why tech giants should take on more of the responsibility for cybersecurity. Not mom and Pops. Let's zoom back to November last year. Hillary was planning A fundraiser for a winery in North Carolina devastated by Hurricane Helene.
[02:54]
Darrian Woods
On a busy day, before opening the bar, Hillary got a Facebook message. It looked to be from Facebook's support team, and it said there was fraudulent activity on her account.
[03:03]
Hilary Hanning
Yeah, if you don't think this is correct, you can appeal it, whatever. So, of course, in that knee jerk moment, I hit appeal and it all, it all started to fall apart.
[03:12]
Stephen Vassarha
After that, Hilary started getting these unusual calls from friends. They were asking about these strange products being sold on her Facebook page.
[03:22]
Hilary Hanning
Golf carts, televisions, a truck that they were trying to fake sell like. And I'm just like, in Atlanta traffic. I swear I almost died, like, 20 times.
[03:33]
Darrian Woods
The social accounts for Hillary's bar were stolen, and the fraudster was now trying to use them to defraud others.
[03:40]
Stephen Vassarha
And again, Hillary is far from the only business owner to get scammed like this. Verizon recently released an analysis of its data on cyber attacks. It found there were about four, four times as many small businesses that fell victim as large ones.
[03:55]
Darrian Woods
Now, Verizon defines small business as having fewer than 1,000 employees. So it's a pretty big range between that and your neighborhood bar. Verizon also said one reason there are more small business victims is likely due to the fact that there are just more small businesses in general.
[04:12]
Stephen Vassarha
Still, we are talking about thousands of victims, and this comes with serious consequences. MasterCard did its own survey and found nearly half of the small and medium s businesses that they asked also experienced a cyber attack. And nearly 20% of them either filed for bankruptcy or had to close their doors.
[04:32]
Darrian Woods
Small businesses are often targeted because they have worse security, which, you know, makes sense. Owners are often stretched pretty thin. They often have to be their own janitors, their own accountants.
[04:45]
Stephen Vassarha
Michael Daniel is the head of the Cyber Threat alliance. And. And he says expecting those owners to also be their own cybersecurity experts is asking a lot.
[04:54]
NPR Host
People who are running them are often quite busy wearing 17 hats. So they are more vulnerable often.
[05:01]
Darrian Woods
Yeah.
[05:01]
Stephen Vassarha
It's hard to add an 18th hat to be your own cybersecurity expert.
[05:05]
NPR Host
Absolutely. Frankly, we shouldn't expect them to.
[05:08]
Stephen Vassarha
I asked a few cybersecurity experts like Michael, how small businesses can protect themselves.
[05:13]
NPR Host
And.
[05:14]
Stephen Vassarha
And honestly, it's probably what you already heard. Use two factor authentication. Be careful with who you share your password with. Maybe turn on a firewall. Nothing too fancy or even expensive.
[05:24]
Darrian Woods
Yeah, Cybersecurity advice is like the basic of good diet cliches. Eat your veggies. Everything in moderation. Don't reuse Passwords. But just like dieting. These things all sound simple, but in the rush of everyday life, they can be hard to follow.
[05:42]
Stephen Vassarha
Right. And this is what Michael means when he says we shouldn't expect small businesses to have to be their own cybersecurity experts. Instead, Michael says more of that responsibility should be on the tech companies.
[05:55]
NPR Host
We've pushed the cybersecurity burden out to the edge of the network. And that means small businesses, it means individuals, it means your mom. My mom. Right. You know, everybody's grandmother is, like, responsible for their own cybersecurity. And that's kind of crazy when you think about it.
[06:14]
Stephen Vassarha
Putting that responsibility on tech companies means things like Instagram requiring two Factor authentication, not leaving that choice to an elderly shop owner. Or like those warnings when you access your account from a different location, asking if that's really you.
[06:29]
Darrian Woods
Yeah, Two Factor Authentication. I use it, but it is annoying.
[06:33]
Stephen Vassarha
Yeah. And I totally get that. It's probably why these companies aren't actually making that a requirement. But Michael says companies like Meta can be much more assertive about doing these things to protect their users.
[06:45]
NPR Host
I will say that I know people at Meta that work on their security programs and they are actually very concerned about the level of fraud. It's just that we haven't sort of structured the market to really demand that these platforms operate in a certain way that is more secure by default.
[07:03]
Stephen Vassarha
So when we say the market is not structured for this, a good way to understand this is to compare the tech industry to banking. A bank is much more likely to be proactive on fraud that targets its customers, because the bank is also at risk of losing money too. Of course, there are also laws in place that require banks to refund you in certain circumstances when you didn't authorise the payment.
[07:26]
Darrian Woods
On Facebook, these accounts are free. So its parent company, Meta, doesn't have a lot to lose that would push it to be more aggressive here.
[07:35]
Stephen Vassarha
But the rest of us, we still have plenty to lose here. Like last year, more than $16.5 billion in losses were reported to the FBI's Internet Crime Complaint center for All Internet Crime.
[07:48]
Darrian Woods
That same year, 41 state attorneys general demanded Meta take action to protect customer accounts.
[07:54]
Stephen Vassarha
We reached out to Meta, and in an email, spokesperson Erin Logan said the company works hard to keep scammers off its platforms and invests in new tech and solutions to stop them. She added that tackling scams requires everyone to do their share, from governments to banks to law enforcement and other tech companies.
[08:13]
Darrian Woods
Now, when it came to Hilary Hanning's hack. She seemed to catch a break. About three weeks into the whole ordeal, a friend called her and said he managed to get someone from Meta on the phone. She ended up spending four and a half hours talking and following instructions to download things, all under the hope of getting her accounts back.
[08:33]
Hilary Hanning
He's like, Ms. Hanning, this is just a way to verify and work around and whatever. And then, and then you realize that your mother's bank account has been depleted.
[08:45]
Stephen Vassarha
Yes, it was another scammer. Meta does not have a 1-800-number to call. Her friend likely found a fake account with a number pretending to be with Meta customer service.
[08:56]
Darrian Woods
And this new Scammer got about $10,000.
[09:00]
Hilary Hanning
I mean, the guy even like, I had to go pick up my 3 year old in the midst of all this. Cause like I said, I was running errands. Oh, that's okay. I don't want you driving while you're talking to me. So I'm gonna put you on hold and you just let me know when you come back. I mean, like great customer service, you know, you have to laugh at some point.
[09:21]
Darrian Woods
She's keeping her sense of humor in the darkness. Yeah, Hillary covered that by borrowing money, which meant more debt on top of what she already had to keep the bar going.
[09:31]
Hilary Hanning
And then you're just humiliated and you're disappointed in yourself because you fell for it and you put people you love very much in a harder situation than they needed to be in.
[09:48]
Stephen Vassarha
We asked Michael Daniel about this and he said business owners like Hillary should not blame themselves for falling for a scam.
[09:55]
NPR Host
You know, actually I started to try to avoid using that, using that terminology, falling for. It's natural that you would have those feelings. But I don't think that someone should beat themselves up because the entire deck is stacked against you.
[10:10]
Stephen Vassarha
Hillary spent months trying to get her Facebook and Instagram accounts back. After we reached out to Meta, they said they'd look into her case. And within hours, Hillary's accounts were back.
[10:24]
Darrian Woods
This episode was produced by Julia Ritchie with engineering by Neil Rauch. It was fact checked by Sarah Juarez. Cake and Cannon edits the show and the indicator is a production of npr.
[10:35]
Thrive Market Ad
This message comes from Thrive Market. The food industry is a multi billion dollar industry. But not everything on the shelf is made with your health in mind. At Thrive Market, they go beyond the standards, curating the highest quality products for you and your family while focusing on organic first and restricting more than 1,000 harmful ingredients, all shipped to your door. Shop at a grocery store that actually cares for your health. @thrivemarket.com podcast for 30% off your first order, plus a $60 free gift. This message comes from Mint Mobile. Mint Mobile took what's wrong with wireless? And made it right. They offer premium wireless plans for less and all plans include high speed data, unlimited talk and text, and nationwide coverage. See for yourself@mintmobile.com Switch this message comes from Bombas. Nearly 30% of marathoners end their race blistered. Bombas running socks are strategically cushioned to help. Say bye to blisters. Run to bombus.com NPR and use code NPR for 20% off your first purchase.