The biggest difference is that your customer found the website on FB, voluntarily followed the link, and voluntarily entered the card info. Therefore, your customer was fully aware and did, in fact, authorize the purchase of the tools.
Now, had that authorization been used to purchase iTunes gift cards, McDonald's, and a weekend spa in Switzerland - then she is tricked into entering the card information for unauthorized purchases. She authorized the payment for tools (or charity seems to be the most likely culprit around here), not the purchases described above.
1 step further - if the $139.90 purchase for the "tools" is present along with the gift cards, McDonald's, and spa - those 3 are unauthorized, the $139.90 is STILL an authorized purchase.
I reject your reality and replace it with my own.