Protecting Your Business From Phishing on Facebook

It’s Not Just You… 

I have a confession. A few weeks ago, I logged into our business’s Facebook account and saw a message that looked like this: 

Our team had just published an ad on Meta using a quote and image from the movie Legally Blonde, so I assumed that’s why we got this message. I was concerned about our page being shut down (because Facebook is notorious for a lack of customer service and getting pages back online quickly), so I clicked the link.

I started filling out the form until I had a gut feeling that something was off. I called my business partner, Eric, and he said yeah that’s 100% a scam. I couldn’t believe I had fallen for it! I felt pretty embarrassed as a marketing professional who should know better, but the stress of having our ad account shut down scared me. That’s the strategy of these scammers: using fear, urgency, or curiosity to persuade someone into taking action without questioning the legitimacy of the request.

Luckily, I didn’t go any further. But not everyone has an Eric. We’ve had several clients report phishing attacks to us, frustrated that their accounts get hacked, shut down and that they lose money. We hope that by sharing more information about how to identify and avoid these scams, you’ll save yourself a big headache.  

What Are Phishing Scams?

Around 62% of Facebook users encounter scams every week, according to cybersecurity firm Lookout. Phishing scams, in particular, are attempts by cybercriminals to trick individuals into divulging personal information such as usernames, passwords, credit card numbers, or other sensitive data. The goal of these scams are to manipulate recipients into providing their confidential information, which can then be used for identity theft, financial fraud, or other malicious purposes.

What can happen if you are a victim of one of these scams is that the scammer hacks into your account, gets ahold of your Meta Ads Account, and starts running advertisements using your credit card. Eventually, Facebook will flag those ads for suspicious activity, and they will shut down YOUR account. Then, you have to go through the hassle of contacting Facebook to get back online. In the meantime, you could be missing out on important messages and the opportunity to advertise.

How To Identify Phishing Scams

Phishing scams typically involve fraudulent emails, text messages, or websites that impersonate legitimate organizations or individuals, often using convincing logos, graphics, and language to appear authentic. In the case of Facebook, you’ll see images, links and text like this in your Messenger inbox:

The number one way to identify a phishing scam on Facebook is its mere existence in your inbox! Facebook will NEVER contact you through Facebook Messenger, so anyone who claims to represent Facebook’s interests through that channel is lying. 

The second way to identify a scam is the URL being used. Sometimes the URL is an obvious tip-off, like “fanpagehelpcase.com”, but other times the scammer will use the “facebook.com” or “support.meta” somewhere in the URL to make it look legitimate. Those ones are a bit harder to spot, but again, if it’s in your Messenger inbox, it is not Meta. 

What To Do If You’ve Been a Victim of Phishing

If you accidentally entered your username or password into a strange link, someone else might be able to log in to your account. Here is what you should do:

1. Click “move to spam” in the top right corner of the message, and delete the message. 
2. If you are still able to log in to your account, secure your account by resetting your password and logging out of any devices you don’t own.
3. If you can’t get into your account and your username or password don’t work, visit the Instagram Help Center or the Facebook Help Center for more help.

How To Protect Yourself and Your Business

Take these few steps to protect yourself and your business on Facebook.

• Enable two-factor authentication to add an extra layer of security to your account. This helps prevent unauthorized access, even if your password is compromised. 
• Exercise caution when sharing personal or sensitive information online, including in private messages or public posts. Avoid clicking on links or attachments in messages from unknown senders, as these could be phishing attempts.
• Inform your team about these security measures and encourage them to follow the same precautions to safeguard company accounts and data.

Conclusion

Safeguarding your Facebook account and personal data is paramount in today’s digital landscape. By implementing two-factor authentication, exercising caution online, and educating yourself and your team about phishing scams, you can mitigate the risk of falling victim to fraudulent activities. Stay informed, stay vigilant, and prioritize security to protect yourself and your business from potential threats!

Want help with protecting yourself against Phishing Scams?