COLUMBUS (WCMH) — A Columbus church leader says he believes his Facebook page was hacked by the same person who subsequently stole more than $3,000 from the church’s bank account.

Reverend Joe Mauriello is the senior minister at The Church of the Guiding Light, on Morse Road.

Mauriello told NBC4 that he used his personal Facebook account to manage the church’s Facebook page, as well as the page for the nearby Guiding Light Flea Market.

In doing so, he said he used the church’s debit card to purchase Facebook advertisements. 

Recently, he said, he tried logging into his account and noticed someone had changed his password.

“I tried to reset my password — all the things I usually do,” he said. “I couldn’t get anything to happen.”

Shortly thereafter, Mauriello said the church’s treasurer noticed someone had used the church’s debit card, which was saved on his Facebook account. The treasurer spotted 17 charges through Facebook, totaling $3,129.43.

“We’re a tiny church,” explained Mauriello. “If we get 20 people on a Sunday we’re thrilled, so to to lose that kind of money — that’s a huge loss.”

According to Mauriello, church leaders disputed the charges with their bank and by Monday morning, the funds had been returned.

A Facebook spokesperson confirmed the pages Mauriello operated were compromised and later disabled. He told NBC4 the company would work with Mauriello to securely restore them.

Columbus police are investigating this incident, but they said no suspects have been identified.

Sgt. James Fuqua sent the following tips, in an email to NBC4, so members of the public can protect themselves online and on social media.

Sgt. James Fuqua with the Columbus Division of Police sent the following tips, in an email to NBC4, so members of the public can protect themselves online and on social media.

Encrypt your data:

Keep your browser secure. To guard your online transactions, use encryption software that scrambles information you send over the internet. A “lock” icon on the status bar of your internet browser means your information will be safe when it’s transmitted. Look for the lock before you send personal or financial information online. There are tons of software options out there to keep your information safe.

Keep your passwords private:

Use strong passwords with your laptop, credit, bank, and other accounts. Be creative: think of a special phrase and use the first letter of each word as your password. Substitute numbers for some words or letters. For example, “I want to see the Pacific Ocean” could become 1W2CtPo.

Don’t overshare on social media:

If you post too much information about yourself, an identity thief can find information about your life, use it to answer ‘challenge’ questions on your accounts, and get access to your money and personal information. Consider limiting access to your networking page to a small group of people. Never post your full name, Social Security number, address, phone number, or account numbers in publicly accessible sites.

Be wise about wifi:

Before you send personal information over your laptop or smartphone on a public wireless network in a coffee shop, library, airport, hotel, or other public place, see if your information will be protected. If you use an encrypted website, it protects only the information you send to and from that site. If you use a secure wireless network, all the information you send on that network is protected.

According to Facebook:

One of the best ways people can protect their Facebook account is to turn on two-factor authentication, which means you’ll enter a special login code in addition to your password when you access Facebook from a phone or browser that we don’t recognize. That way, even if a scammer gets hold off your password, they won’t be able to use it alone to access your account.

We have more account security tips available here:

To help protect a Page, we encourage people to review the different Page roles and the permissions they have. We recommend regularly reviewing who has admin access to your Page in settings. When you add your Page to a Business Manager, we recommend taking a moment to understand the permissions you allow. These steps can help protect your business accounts from being accessed by unauthorized people.