Podcast Summary: "Could Meta do more to protect us from cyber scams?"

The Indicator from Planet Money
Host: Darrian Woods
Guest: Stephen Vassarha (Gulf States Newsroom)
Release Date: July 10, 2025

Introduction: The Hidden Threat to Small Businesses

In the July 10, 2025 episode of The Indicator from Planet Money, host Darrian Woods delves into a pressing yet often overlooked issue: the vulnerability of small businesses to cyber scams. Partnering once again with Stephen Vassarha from the Gulf States Newsroom, the episode unpacks the intricate challenges faced by small business owners in the digital age and questions the responsibility of tech giants like Meta (formerly Facebook) in safeguarding these enterprises.

A Personal Tale: Hilary Hanning and the Little House Bar

The episode centers around Hilary Hanning, the owner of The Little House, a quaint neighborhood bar in New Orleans renowned for its unique ambiance—complete with taxidermied alligators and chicken feet—and its sophisticated selection of boutique wines and creative cocktails.

Hilary Hanning (04:45):
"You look around, we've got taxidermy and all kinds of stuff, but it's like encompassed with this very bougie-esque, really cool boutique wine selection and fun cocktails and stuff. It's struggling to death, but we're having fun now."

Despite the charm and dedication, Hilary's bar faces significant challenges, not just from the usual business hurdles but from a darker underbelly of cybercrime that threatens its very existence.

The Incident: How a Social Media Scam Unraveled

In November of the previous year, as Hilary prepared for a fundraiser benefitting a winery in North Carolina devastated by Hurricane Helene, she received a fraudulent message purportedly from Facebook's support team regarding "fraudulent activity" on her account.

Hilary Hanning (03:03):
"Yeah, if you don't think this is correct, you can appeal it, whatever. So, of course, in that knee-jerk moment, I hit appeal and it all, it all started to fall apart."

This seemingly innocuous action set off a cascade of malicious activities. Soon after, Hilary began receiving perplexing inquiries from friends about bizarre products—golf carts, televisions, and fake truck sales—linked to her Facebook page. Unbeknownst to her, her social media accounts had been hijacked, allowing scammers to attempt defrauding others using her established online presence.

Stephen Vassarha (03:21):
"Golf carts, televisions, a truck that they were trying to fake sell like. And I'm just like, in Atlanta traffic. I swear I almost died, like, 20 times."

The Broader Picture: Cybercrime's Impact on Small Businesses

Hilary’s experience is far from isolated. The episode highlights a Verizon analysis revealing that small businesses are targeted by cybercriminals four times more frequently than large corporations. Defining small businesses as those with fewer than 1,000 employees, Verizon attributes this increased vulnerability to the sheer number of small enterprises and their typically weaker security infrastructures.

Darrian Woods (04:31):
"Small businesses are often targeted because they have worse security, which, you know, makes sense. Owners are often stretched pretty thin. They often have to be their own janitors, their own accountants."

Furthermore, a MasterCard survey cited in the episode found that nearly half of the small and medium-sized businesses surveyed had experienced a cyber attack, with 20% of them forced to file for bankruptcy or close their doors as a direct consequence.

Why Small Businesses Are Prime Targets

The discussion underscores that small business owners, like Hilary, juggle multiple roles—often acting as janitors, accountants, and now, digital marketers. This multifaceted responsibility leaves little room for them to specialize in or prioritize cybersecurity.

Michael Daniel, head of the Cyber Threat Alliance, emphasizes:

Stephen Vassarha (04:44):
"It's hard to add an 18th hat to be your own cybersecurity expert."

This sentiment is echoed by Darrian Woods, who points out the unrealistic expectation placed upon business owners to also serve as cybersecurity specialists.

Expert Recommendations: Simple Yet Overlooked Security Measures

When queried about protective measures, cybersecurity experts advocate for foundational practices that, while straightforward, are often neglected in the daily hustle:

• Two-Factor Authentication: Adds an extra layer of security beyond just passwords.
• Password Management: Ensuring passwords are strong and not reused across platforms.
• Firewalls: Basic barriers that protect against unauthorized access.

Darrian Woods (05:24):
"Cybersecurity advice is like the basics of good diet cliches. Eat your veggies. Everything in moderation. Don't reuse passwords."

However, as Stephen Vassarha notes, implementing these measures can be cumbersome amidst the demands of running a business.

Shifting the Responsibility: Should Tech Giants Step In?

Michael Daniel argues that the onus should not solely be on small business owners to fortify their cybersecurity. Instead, he posits that major tech companies like Meta bear a significant responsibility in preemptively safeguarding their users.

Michael Daniel (05:13):
"We shouldn't expect [small businesses] to have to be their own cybersecurity experts. Instead, more of that responsibility should be on the tech companies."

Diving deeper, the conversation contrasts the proactive stance of the banking sector—where institutions are mandated to protect customers and absorb financial losses from fraud—with the current environment where social media platforms offer free services with minimal default security measures.

Stephen Vassarha (07:02):
"When we say the market is not structured for this, a good way to understand this is to compare the tech industry to banking. A bank is much more likely to be proactive on fraud that targets its customers."

In essence, while banks are legally and financially incentivized to prevent fraud, social media platforms like Facebook (Meta) lack similar pressures, often leaving users to fend for themselves.

Meta's Response: Investing in Security Yet Falling Short

In response to rising cyber threats, Meta acknowledges their ongoing efforts to combat scams but admits that the current market structure doesn't prioritize default security measures.

Erin Logan, Meta spokesperson, states:

Darrian Woods (07:54):
"Meta does not have a lot to lose that would push it to be more aggressive here."

Despite claims of investment in new technologies and solutions to prevent scams, Meta also emphasizes the need for a collective effort involving governments, banks, law enforcement, and other tech companies to effectively address the issue.

Case Resolution: Hilary's Struggle and Partial Recovery

Hilary’s ordeal took a further toll when a friend introduced her to what appeared to be a Meta representative. Believing she was seeking assistance, Hilary spent hours interacting with the scammer, inadvertently compromising her mother's bank account and resulting in a loss of approximately $10,000.

Hilary Hanning (08:44):
"He's like, Ms. Hanning, this is just a way to verify and work around and whatever... you realize that your mother's bank account has been depleted."

This incident underscores the sophistication of cyber scammers who exploit trust and urgency to manipulate victims. Ultimately, after months of grappling with the aftermath and reaching out to Meta, Hilary’s accounts were restored within hours, but the financial and emotional damage lingered.

Hilary Hanning (09:47):
"And then you're just humiliated and you're disappointed in yourself because you fell for it and you put people you love very much in a harder situation than they needed to be in."

Michael Daniel advises business owners not to internalize the blame for such scams, highlighting that the systemic issues make it difficult for individuals to avoid falling victim.

Stephen Vassarha (09:54):
"You know, actually, I started to try to avoid using that, using that terminology, falling for. It's natural that you would have those feelings. But I don't think that someone should beat themselves up because the entire deck is stacked against you."

Conclusion: The Imperative for Structural Change

The episode concludes by reiterating the urgent need for structural changes in how cybersecurity is managed for small businesses. Entrusting tech giants like Meta with greater responsibility could alleviate the burden on individual business owners, fostering a more secure digital environment.

Erin Logan (07:54):
"Tackling scams requires everyone to do their share, from governments to banks to law enforcement and other tech companies."

As cyber threats continue to evolve, the conversation between Darrian Woods and Stephen Vassarha highlights a pivotal moment for policy, corporate responsibility, and the survival of small businesses in an increasingly interconnected world.

Key Takeaways:

• Small businesses are disproportionately targeted by cybercriminals due to their typically weaker security measures.
• Foundational cybersecurity practices are essential but often neglected amidst daily operational demands.
• Tech giants like Meta have a significant role to play in safeguarding their users and should adopt more proactive security measures.
• Structural changes in the cybersecurity landscape are necessary to protect small businesses effectively, preventing financial losses and operational disruptions.

Produced by Julia Ritchie with engineering by Neil Rauch. Fact-checked by Sarah Juarez. Edited by Cake and Cannon. © 2025 NPR.