Beware of scams on your business’s Facebook account

Fraudsters could hack into your business’s Facebook account and use your money to advertise their products online.

Running targeted ad campaigns on Facebook can be a great way to drive customers to your business. But while the social media giant’s enormous reach means it has become an important part of many business’s customer recruitment strategies, Facebook also attracts unsavoury users. A growing number of businesses have had their ad accounts hacked, and found themselves with a whacking bill run up by their attackers.

The story is depressingly familiar. Businesses that have set up legitimate advertising campaigns on Facebook – the cost of which depends on the number of views each advert gets – suddenly notice a jump in what they are being charged. Sometimes, the bill goes over the maximum spending limit they have set on their accounts; it may run into tens of thousands of pounds.

The explanation is that their account has been hacked. Fraudsters are using the business’s account to run ads of their own. They may also have access to the business’s settings, enabling them to change spending limits and other controls. This can also make it difficult to put a stop to the fraud, even after the business has spotted the problem.

A costly problem

Facebook won’t say how frequently this happens, but the number of small businesses reporting problems appears to be growing. And while the social media giant doesn’t necessarily demand payment when ad spending is run up by fraudsters, it won’t guarantee all losses are refunded. Besides, the true cost of fraud for a business dependent on its Facebook advertising activities may go way beyond the bill run up by the fraudster. It may be impossible to continue running genuine campaigns while trying to fix the issue.

As with most online fraud, there is no single vulnerability that enables fraudsters to attack Facebook ad accounts. Your business could be targeted in many different ways. Certainly, phishing attempts remain rampant – where fraudsters send out emails purporting to be from Facebook in order to send you to a fake website aimed at stealing your login credentials. If you use the same login details for multiple sites, the problem may also lie with a breach of security elsewhere.

However fraudsters are also becoming more creative. One common scam sees fraudsters posing as customers so they can send over documents to make an order. The document includes malware that installs on your computer and compromises your security.

The more people in the business with access to the ad account, the greater the risk of a compromise. Each user with admin rights to the account becomes a potential target for fraudsters. It therefore makes sense only to grant such rights to those who genuinely need them – and to delete privileges as soon as they are no longer required.

Facebook says some basic cyber-hygiene will offer a good level of protection. It urges ad account users to set up two-factor authentication. This requires users to provide both a unique code and a password to log into the account, and sends out an alert each time someone tries to log in from an unrecognised device. Small business owners can also enable “login request”, asking them to approve or deny request for access following these alerts.

Facebook also advises businesses to keep the phone number and email address linked to their device updated. This can allow customers to recover their account more quickly. It is possible to report questionable content and accounts by tapping the three dots above posts, or by reporting an account directly from its profile.

In addition, Facebook says it never sends small businesses direct messages; instead, it uses email. Therefore businesses should never respond to a message sent by an account claiming to be Facebook – it is likely to be a scam.

Securing your Facebook account

However, despite taking careful precautions businesses do run into problems. One difficulty is that getting support from Facebook can be difficult. The company is heavily dependent on user guides and help pages on its websites, and so finding a way to speak to someone at Facebook either by email or on the phone is not straightforward.

Some simple steps will help. If you know which admin account is being used to compromise your business, you can remove its access privileges via your settings pages. You can also use these pages to secure your account, even if passwords have been changed. Facebook’s Help services also give you a means through which to report a problem and to request support. This may be necessary to avoid being stung for charges or to get a refund if you’ve already paid out for ads that weren’t yours.

Recommended

The best one-year fixed savings accounts - February 2023
Savings

The best one-year fixed savings accounts - February 2023

Earn almost 5% on one-year fixed savings accounts.
3 Feb 2023
Best regular savings accounts – February 2023
Savings

Best regular savings accounts – February 2023

Looking to stash small amounts away each month? You can now earn as much as 7% on regular saving accounts. We list the ones worth looking at.
3 Feb 2023
Which supermarket is the cheapest?
Personal finance

Which supermarket is the cheapest?

With food inflation hitting almost 17%, we look at which is the cheapest supermarket, plus the Competitions and Market Authority’s plan to introduce u…
3 Feb 2023
After slumping 42% last year, what's next for Scottish Mortgage?
Investment trusts

After slumping 42% last year, what's next for Scottish Mortgage?

After a spectacular couple of decades, the Scottish Mortgage Investment Trust fell by 42% last year. We take a look at the trust's performance and dis…
3 Feb 2023

Most Popular

Best savings accounts – February 2023
Savings

Best savings accounts – February 2023

Interest rates on cash savings are making a comeback. We look at the best savings accounts on the market now
3 Feb 2023
When will interest rates go up?
UK Economy

When will interest rates go up?

Interest rates are now at 4%, and they could rise further in the months ahead.
3 Feb 2023
NS&I brings back one-year fixed bonds with highest rates since 2010
Personal finance

NS&I brings back one-year fixed bonds with highest rates since 2010

NS&I’s one-year fixed bonds are back on sale after being pulled off the market in 2019 - but is the rate any good?
1 Feb 2023