It appears there have been reports of hackers targeting small businesses in Henderson, Kentucky, specifically by hijacking their social media accounts, particularly Facebook. This seems to have been an issue around late 2024.

A prominent case involved Pem Pfisterer Clark, a local businesswoman in Henderson, whose personal and multiple business Facebook pages were taken over by hackers. The hackers then used her compromised accounts to post about cryptocurrency scams, luring her followers into potential financial loss. Clark reported being locked out of her accounts after clicking on a suspicious link. Despite her efforts to regain control and contacting Facebook, she faced significant challenges and was unable to recover the original pages. This incident severely impacted her livelihood and caused concern among her friends and clients who were being targeted by the scammers.

Local law enforcement in Henderson noted that these types of attacks often originate overseas, making it difficult for local authorities to intervene effectively.

How these social media hijackings typically occur:

These incidents are often a result of "social engineering" attacks, such as:

Phishing: The most common method. Victims receive deceptive emails, messages, or pop-ups that appear legitimate (e.g., from Facebook support, a known contact, or a fake prize notification) containing malicious links. Clicking these links can lead to credential harvesting (stealing login info) or malware installation.
Malware: Malicious software (viruses, spyware, keyloggers) unknowingly downloaded onto a device can capture login credentials.
Weak Passwords: Using easily guessable or reused passwords across multiple platforms makes accounts vulnerable to brute-force attacks or credential stuffing (using stolen credentials from other breaches).
Third-Party App Permissions: Granting excessive permissions to seemingly innocuous third-party apps can create backdoors for hackers.
Protecting Your Small Business from Social Media Hijacking (Prevention is Key):

Strong, Unique Passwords:

Use complex passwords (mix of uppercase, lowercase, numbers, symbols) for all social media accounts.
Never reuse passwords across different platforms.
Consider a reputable password manager to securely store and generate strong passwords.
Change passwords regularly.
Enable Multi-Factor Authentication (MFA) / Two-Factor Authentication (2FA):

This is the single most important step. Even if hackers get your password, they can't log in without the second factor (e.g., a code sent to your phone, a fingerprint, or an authenticator app).
Enable MFA on all your social media accounts and email associated with those accounts.
Be Wary of Phishing and Suspicious Links:

Verify the Sender: Always double-check the sender's email address or profile. Look for subtle misspellings or unusual domains.
Hover Before You Click: Before clicking a link, hover your mouse over it to see the actual URL. If it looks suspicious, don't click.
Don't Share Credentials: No legitimate organization or social media platform will ask for your password via email or direct message.
Be Suspicious of Urgent Requests: Messages demanding immediate action or promising unrealistic rewards are often scams.
Regularly Review Account Activity and Connected Apps:

Check your social media security settings for "login activity" or "devices logged in" and remove any unfamiliar sessions.
Audit third-party apps connected to your accounts and revoke access for any you don't recognize or no longer use.
Educate Employees:

Employees are often the weakest link. Train all staff who manage social media or have access to company accounts on cybersecurity best practices, phishing recognition, and password hygiene.
Establish clear social media policies.
Keep Software Updated:

Ensure your operating system, web browsers, and antivirus software are always up-to-date. Software updates often include crucial security patches.
Implement Antivirus/Anti-Malware Software:

Use reputable security software on all devices used for business and conduct regular scans.
What to Do if Your Social Media Account is Hacked:

Act Immediately: Time is of the essence to minimize damage.
Change Your Password (if possible): If you can still log in on another device, change your password immediately to a strong, unique one.
Log Out of All Sessions: Force a logout from all devices connected to the account.
Enable MFA: If it wasn't enabled, set it up immediately.
Remove Suspicious Posts/Content: Delete any unauthorized posts or messages the hacker made.
Notify Your Followers/Audience: If you can't access the hacked account, use other channels (your website, email list, other social media) to warn your audience about the hack and instruct them not to interact with the compromised account.
Contact the Social Media Platform's Support:
Go directly to the platform's official help center for hacked accounts (e.g., Facebook Help Center for Hacked Accounts).
Follow their specific account recovery process, which usually involves identity verification. Be prepared to provide proof of ownership.
Check for Other Compromised Accounts: If one account is compromised, assume others might be too, especially if you reused passwords.
Report to Authorities (if financial loss occurred): If you or your customers suffered financial loss, report it to local law enforcement and relevant cybercrime agencies (e.g., the FBI's Internet Crime Complaint Center - IC3 in the US).
Document Everything: Keep records of all communications, suspicious activity, and steps taken for recovery.
The incidents in Henderson serve as a stark reminder that small businesses are attractive targets for cybercriminals. Proactive security measures are crucial to protect your online presence and reputation.