Beware of scams on your business’s Facebook account
Fraudsters could hack into your business’s Facebook account and use your money to advertise their products online.
Running targeted ad campaigns on Facebook can be a great way to drive customers to your business. But while the social media giant’s enormous reach means it has become an important part of many business’s customer recruitment strategies, Facebook also attracts unsavoury users. A growing number of businesses have had their ad accounts hacked, and found themselves with a whacking bill run up by their attackers.
The story is depressingly familiar. Businesses that have set up legitimate advertising campaigns on Facebook – the cost of which depends on the number of views each advert gets – suddenly notice a jump in what they are being charged. Sometimes, the bill goes over the maximum spending limit they have set on their accounts; it may run into tens of thousands of pounds.
The explanation is that their account has been hacked. Fraudsters are using the business’s account to run ads of their own. They may also have access to the business’s settings, enabling them to change spending limits and other controls. This can also make it difficult to put a stop to the fraud, even after the business has spotted the problem.
Subscribe to MoneyWeek
Subscribe to MoneyWeek today and get your first six magazine issues absolutely FREE
Sign up to Money Morning
Don't miss the latest investment and personal finances news, market analysis, plus money-saving tips with our free twice-daily newsletter
Don't miss the latest investment and personal finances news, market analysis, plus money-saving tips with our free twice-daily newsletter
A costly problem
Facebook won’t say how frequently this happens, but the number of small businesses reporting problems appears to be growing. And while the social media giant doesn’t necessarily demand payment when ad spending is run up by fraudsters, it won’t guarantee all losses are refunded. Besides, the true cost of fraud for a business dependent on its Facebook advertising activities may go way beyond the bill run up by the fraudster. It may be impossible to continue running genuine campaigns while trying to fix the issue.
As with most online fraud, there is no single vulnerability that enables fraudsters to attack Facebook ad accounts. Your business could be targeted in many different ways. Certainly, phishing attempts remain rampant – where fraudsters send out emails purporting to be from Facebook in order to send you to a fake website aimed at stealing your login credentials. If you use the same login details for multiple sites, the problem may also lie with a breach of security elsewhere.
However fraudsters are also becoming more creative. One common scam sees fraudsters posing as customers so they can send over documents to make an order. The document includes malware that installs on your computer and compromises your security.
The more people in the business with access to the ad account, the greater the risk of a compromise. Each user with admin rights to the account becomes a potential target for fraudsters. It therefore makes sense only to grant such rights to those who genuinely need them – and to delete privileges as soon as they are no longer required.
Facebook says some basic cyber-hygiene will offer a good level of protection. It urges ad account users to set up two-factor authentication. This requires users to provide both a unique code and a password to log into the account, and sends out an alert each time someone tries to log in from an unrecognised device. Small business owners can also enable “login request”, asking them to approve or deny request for access following these alerts.
Facebook also advises businesses to keep the phone number and email address linked to their device updated. This can allow customers to recover their account more quickly. It is possible to report questionable content and accounts by tapping the three dots above posts, or by reporting an account directly from its profile.
In addition, Facebook says it never sends small businesses direct messages; instead, it uses email. Therefore businesses should never respond to a message sent by an account claiming to be Facebook – it is likely to be a scam.
Securing your Facebook account
However, despite taking careful precautions businesses do run into problems. One difficulty is that getting support from Facebook can be difficult. The company is heavily dependent on user guides and help pages on its websites, and so finding a way to speak to someone at Facebook either by email or on the phone is not straightforward.
Some simple steps will help. If you know which admin account is being used to compromise your business, you can remove its access privileges via your settings pages. You can also use these pages to secure your account, even if passwords have been changed. Facebook’s Help services also give you a means through which to report a problem and to request support. This may be necessary to avoid being stung for charges or to get a refund if you’ve already paid out for ads that weren’t yours.
Sign up to Money Morning
Our team, led by award winning editors, is dedicated to delivering you the top news, analysis, and guides to help you manage your money, grow your investments and build wealth.
David Prosser is a regular MoneyWeek columnist, writing on small business and entrepreneurship, as well as pensions and other forms of tax-efficient savings and investments. David has been a financial journalist for almost 30 years, specialising initially in personal finance, and then in broader business coverage. He has worked for national newspaper groups including The Financial Times, The Guardian and Observer, Express Newspapers and, most recently, The Independent, where he served for more than three years as business editor.
-
Investing in a dangerous world: key takeaways from the MoneyWeek Summit
If you couldn’t get a ticket to MoneyWeek’s summit, here’s an overview of what you missed
By MoneyWeek Published
-
Autumn in Crete, the Greek island of culture
MoneyWeek Travel Katie Monk reviews the InterContinental Crete, Grecotel LUXME White Palace and the adults-only Asterion Suites & Spa
By Katie Monk Published
-
The best business bank accounts
Advice A crucial element of running any business is ensuring you select the right bank account. We’ve rounded up the best business bank accounts to help you make the right decision.
By John Fitzsimons Last updated
-
Six mistakes to avoid when starting a business
Advice Around 60% of new businesses fail within three years, says David Prosser. Here, he outlines six key pitfalls to avoid when starting a business.
By David Prosser Published
-
Energy bill help for small businesses
Advice It's not just households struggling with soaring energy bills. Small business are too. But, says David Prosser, there are several ways to help mitigate the impact.
By David Prosser Published
-
How your business can help its staff through the cost-of-living crisis
Advice There are several ways companies can alleviate the cost-of-living crisis for their employees, says David Prosser. Here are a few to consider.
By David Prosser Published
-
Why switching your business account can get you a better deal
Analysis Two-thirds of firms have not switched business accounts in the last six years but shopping around for a better deal could pay off now that there is more competition in the market, says David Prosser.
By David Prosser Published
-
Will the Recovery Loan Scheme rescue struggling small businesses?
Advice The government is going ahead with a two-year expansion of the Recovery Loan Scheme, which it hopes will help firms still getting back on their feet after Covid-19.
By David Prosser Published
-
How to prevent your businesses becoming embroiled in a trademark dispute
Analysis Thorough research could save you the headache of a trademark dispute, says David Prosser.
By David Prosser Published
-
Flexible working: don't rush your staff back the office
Advice The government is urging people to get back to the office. But there are good reasons for many small businesses to embrace flexible working.
By David Prosser Published