***Story updated at 3:25 pm on 11-30-18 with news that Facebook has restored & memorialized Steve McDougall’s account***

It’s quite a surprise to get a message from someone you love who has passed away.

But that surprise may turn to disgust when you find out it’s really a scammer — and they’ve taken over your loved one’s account to get your money.

Watch here:

Messages from the Past

Linda Lyness of Vancouver, Washington, passed away in 2016.

Her friends and family keep her memory alive with loving messages on Facebook.

But over Black Friday weekend, her account came back to life with posts about deep discounts on Ray-Ban sunglasses.

Someone had taken over, not only posting pictures of a counterfeit Ray-Ban website, but also tagging her friends to spread the scam even further.

Scammers posted ads for fake Ray-Ban sunglasses on the account of Linda Lyness, who passed away in 2016. Image: Facebook

Surprise Message

McDougall’s brother Steve died in 2014.

Not long ago, McDougall, who lives in Portland, Oregon, received an e-mail from Facebook saying, “Steve McDougall tagged you in a photo.” 

“This was pretty jarring and disturbing, even four years after his passing,” he told Archer News.

The family did not have Steve’s account password, and soon, his account disappeared entirely.

“It was definitely upsetting for me and my surviving siblings, and it’s pretty infuriating that it happened thanks to some lowlife spammer,” McDougall said.

Pat McDougall (left) & his late brother Steve (right). Image courtesy: Pat McDougall

Who’s Behind It?

Some people blame the real Ray-Ban company.

“How about stop hacking everyone’s profile for your sh—y glasses?” wrote Jax on the real company’s Facebook page.

But security researchers say it is scammers at work.

The troublemakers caused problems in the Czech Republic and other countries a few years back.

Security company ESET investigated and found that the shady sites try to lure you into using your credit card, but use terrible security, so your card number can be stolen quickly and easily.

You may end up with fake charges on your account and no sunglasses at all, according to researchers.

ESET investigated fake Ray-Ban ads plaguing Facebook in 2016. Image: ESET

Tracking Down Victims

Archer News contacted Lyness’ family to alert them to the hack and provide information on how to solve the problem.

We also tracked down another victim who is very much alive.

Colleen Miles of McMinnville, Oregon, set up two Facebook pages, one under her married name, and another under her maiden name, Collie Stull, so friends from the past could find her.

She rarely uses her second page, but noticed something unusual over the holiday weekend.

“I saw some ad thing,“ she told Archer News. “I couldn’t even look it because I had company. I’ve just been so busy.”

That ad thing was the hack, we told her.

The scammers posted fake Ray-Ban ads on her profile twice, tagging more than 40 friends each time.

“Oh, my gosh!” she said. “How creepy. That is awful.”

Colleen Miles lost access to her “Collie Stull” Facebook account when Ray-Ban scammers took over. Image: Facebook

“This Makes Me Mad!”

She tried to log in and delete the posts, but could not.

“They must have taken it over. I can’t even delete these pictures. I don’t have any control of it,” she said. “Oh, man, this makes me mad!”

We helped her report the hack to Facebook and get control over the account again.

She also warned her friends on Facebook about the hack.

“I’m so glad you told me,” she said.

Scammers posted fake Ray-Ban ads on Colleen Miles’ Facebook account. Image: Facebook

How They Hack You

Some scammers can get into your account or your friends’ accounts by guessing your password.

If you use the same password for several accounts, you’re at higher risk.

Attackers can take your password from a data breach and try it on all of your accounts until they get in.

“Account takeovers are very frequently due to weak or reused passwords on accounts and whether you’re alive or dead, the human propensity to have set them up predictable credentials poses a risk,” security expert Troy Hunt told Archer News.

Come up with longer, stronger passwords and store them in a password manager or write them down.

And don’t use the same password twice.

The Ray-Ban scammers also sent out ads in March 2018. Image: Facebook

Tricking You Out of Your Password

Security researcher Lukas Stefanko of ESET says scammers can also use malware or send you phishing messages — like fake password reset e-mails that look like they’re from Facebook — to get your password.

If you friend one of their fake Facebook accounts, they may send you a malicious file or link in Facebook messenger, he said.

“(The) potential victim needs to open the file or click the link, so the malicious activity can be performed,” he explained. “Most of the time, (the) attacker uses social engineering techniques to persuade victim into clicking.”

Once the scammer is in, they can change your password and take over your account.

When they take over the accounts of people who have passed on, they often get more time to spread their spam posts.

There may be no one in charge of the account, or family and friends may not know how to access it.

Some Facebook users reported a Ray-Ban ad hack in 2016. Image: Facebook

What to Do

If scammers hit the account of a loved one who has died, you can take action.

You can contact Facebook through this link and click on the question “How do I ask a question about a deceased person’s account on Facebook?”

You can then make a special request for the account.

Facebook can memorialize the account and offer extra protections, according to the social media platform.

The account will then say “remembering” in front of the person’s name.

Friends & family can memorialize an account after your death, like this account for NASCAR driver Ricky Hendrick. Image: Facebook

If you are able to add a new password to the account, make it a good one, said Hunt.

“For friends and family of the deceased, gaining access to the account is the first step — platform providers are used to dealing with requests of this nature — followed by putting a strong, unique password on the account,” Hunt said.

“It’s probably not one they’ll be logging into frequently, so use something like a pass phrase and write it down somewhere safe,” he added.

You can also plan ahead for your own future online.

Facebook allows you to choose a Legacy Contact to manage your account after your death, and you can have your account deleted or memorialized.

Help for the Living

If you think your account or a friend’s account has been hacked, you can report it to Facebook.

If you don’t want to spread the scam, watch out for phishing e-mails and messages, and take care when it comes to how you connect with your Facebook account.

“They should be careful what Facebook app they connect with their Facebook profile and what permissions does it use,” advised Stefanko.

For example, can the app post on your account without your permission? 

If so, you’re opening up a possible security hole. 

“This also applies to browser extensions that could trick user in to installing them and gaining access to social media profiles,” added Stefanko. 

You can also change your account so that you can review tags before they go on your timeline.

“They should properly set up their Facebook privacy settings such as ‘don’t allow to be tagged in post or photo without manual verification.’ This way, (the) risk of spreading this scam among user friends is lower,” he explained.

You can choose to review posts you’re tagged in before they appear on your timeline by going to Timeline and Tagging settings.

Fighting the Scam

Stull was finally able to delete her hacked profile.

Archer News is helping the Lyness and McDougall families get access to their accounts.

***UPDATE at 3:25 pm on 11-30-18***

Facebook has restored Steve McDougall’s account and deleted the Ray-Ban scam posts. His account is now memorialized.

Meanwhile, Ray-Ban says it’s trying to keep the scammers at bay.

“Third parties are using the trademarked Ray-Ban logo and images to promote counterfeit products online,” the company wrote to an unhappy sister whose deceased brother’s account posted fake Ray-Ban ads. “We are working aggressively with all relevant authorities to put a stop to this activity.”

The real Ray-Ban company says it is trying to stop the fake Ray-Ban ad scammers. Image: StockSnap

Feeding the Scammers

The Ray-Ban scam has been popping up on Facebook for years — and is still going, most likely because it works.  

“It’s really hard for me to believe that anyone has ever purchased a pair of sunglasses after seeing that low-quality, brain-dead Ray-Bans image,” McDougall said.

But people do, even if they know the sunglasses are fakes, even when the shady sellers charge a shipping price that is twice as much as the glasses themselves. 

They feed the scammers money, and encourage more scams like these.

Unfortunately, this holiday season, you may get a message from a loved one who has passed — an unpleasant reminder that scammers do not respect the living or the dead. 

“I had to look at your name twice, Michelle. I’m so sad now. For a split second, I thought you were still here,” wrote Annie on her late friend’s account after Ray-Ban scammers hacked it in September. “This sucks.”

Scammers have posted fake Ray-Ban ads on the late Michelle Filipo’s account since September 8. Image: Facebook

Facebook Help

“We work to educate our community through reporting flows and the Help Center,” a spokesperson said to Archer News by e-mail. “To keep their Facebook accounts and Pages secure, we encourage people to not accept suspicious requests and to report suspicious messages using the easy-to-find links across our service.”

—If you see a post or message that tries to trick you into sharing personal information like your password, you can report it. Here’s how. 

—If your account is sending spam, you can reset your password. 

—If someone is repeatedly posting something you think is spam, consider unfriending, blocking, or reporting that person.

—If you think someone posting spam has had their account hacked, advise them to visit facebook.com/hacked to see how to fix it.

—More security-related advice and tools available on Facebook’s Privacy Basics site

—More information on phishing in Facebook’s Help Center

Main image: Angle sculpture. Image credit: Cocoparisienne