Running targeted ad campaigns on Facebook can be a great way to drive customers to your business. But while the social media giant’s enormous reach means it has become an important part of many business’s customer recruitment strategies, Facebook also attracts unsavoury users. A growing number of businesses have had their ad accounts hacked, and found themselves with a whacking bill run up by their attackers.
The story is depressingly familiar. Businesses that have set up legitimate advertising campaigns on Facebook – the cost of which depends on the number of views each advert gets – suddenly notice a jump in what they are being charged. Sometimes, the bill goes over the maximum spending limit they have set on their accounts; it may run into tens of thousands of pounds.
The explanation is that their account has been hacked. Fraudsters are using the business’s account to run ads of their own. They may also have access to the business’s settings, enabling them to change spending limits and other controls. This can also make it difficult to put a stop to the fraud, even after the business has spotted the problem.
Subscribe to MoneyWeek
Subscribe to MoneyWeek today and get your first six magazine issues absolutely FREE
Sign up to Money Morning
Don't miss the latest investment and personal finances news, market analysis, plus money-saving tips with our free twice-daily newsletter
Don't miss the latest investment and personal finances news, market analysis, plus money-saving tips with our free twice-daily newsletter
A costly problem
Facebook won’t say how frequently this happens, but the number of small businesses reporting problems appears to be growing. And while the social media giant doesn’t necessarily demand payment when ad spending is run up by fraudsters, it won’t guarantee all losses are refunded. Besides, the true cost of fraud for a business dependent on its Facebook advertising activities may go way beyond the bill run up by the fraudster. It may be impossible to continue running genuine campaigns while trying to fix the issue.
As with most online fraud, there is no single vulnerability that enables fraudsters to attack Facebook ad accounts. Your business could be targeted in many different ways. Certainly, phishing attempts remain rampant – where fraudsters send out emails purporting to be from Facebook in order to send you to a fake website aimed at stealing your login credentials. If you use the same login details for multiple sites, the problem may also lie with a breach of security elsewhere.
However fraudsters are also becoming more creative. One common scam sees fraudsters posing as customers so they can send over documents to make an order. The document includes malware that installs on your computer and compromises your security.
The more people in the business with access to the ad account, the greater the risk of a compromise. Each user with admin rights to the account becomes a potential target for fraudsters. It therefore makes sense only to grant such rights to those who genuinely need them – and to delete privileges as soon as they are no longer required.
Facebook says some basic cyber-hygiene will offer a good level of protection. It urges ad account users to set up two-factor authentication. This requires users to provide both a unique code and a password to log into the account, and sends out an alert each time someone tries to log in from an unrecognised device. Small business owners can also enable “login request”, asking them to approve or deny request for access following these alerts.
Facebook also advises businesses to keep the phone number and email address linked to their device updated. This can allow customers to recover their account more quickly. It is possible to report questionable content and accounts by tapping the three dots above posts, or by reporting an account directly from its profile.
In addition, Facebook says it never sends small businesses direct messages; instead, it uses email. Therefore businesses should never respond to a message sent by an account claiming to be Facebook – it is likely to be a scam.
Securing your Facebook account
However, despite taking careful precautions businesses do run into problems. One difficulty is that getting support from Facebook can be difficult. The company is heavily dependent on user guides and help pages on its websites, and so finding a way to speak to someone at Facebook either by email or on the phone is not straightforward.
Some simple steps will help. If you know which admin account is being used to compromise your business, you can remove its access privileges via your settings pages. You can also use these pages to secure your account, even if passwords have been changed. Facebook’s Help services also give you a means through which to report a problem and to request support. This may be necessary to avoid being stung for charges or to get a refund if you’ve already paid out for ads that weren’t yours.
-
Trouble brews in B&M as bargain shops take a hitOpinion Once a stock market darling, B&M's share price has slumped. What has gone wrong for bargain shops?
-
US and China reach a ceasefire in their trade war after talks in LondonThe US and China's trading relationship – the most important one in the global economy – is back on track. Will the truce last?
-
The best business bank accountsAdvice A crucial element of running any business is ensuring you select the right bank account. We’ve rounded up the best business bank accounts to help you make the right decision.
-
Six mistakes to avoid when starting a businessAdvice Around 60% of new businesses fail within three years, says David Prosser. Here, he outlines six key pitfalls to avoid when starting a business.
-
Energy bill help for small businessesAdvice It's not just households struggling with soaring energy bills. Small business are too. But, says David Prosser, there are several ways to help mitigate the impact.
-
How your business can help its staff through the cost-of-living crisisAdvice There are several ways companies can alleviate the cost-of-living crisis for their employees, says David Prosser. Here are a few to consider.
-
Why switching your business account can get you a better dealAnalysis Two-thirds of firms have not switched business accounts in the last six years but shopping around for a better deal could pay off now that there is more competition in the market, says David Prosser.
-
Will the Recovery Loan Scheme rescue struggling small businesses?Advice The government is going ahead with a two-year expansion of the Recovery Loan Scheme, which it hopes will help firms still getting back on their feet after Covid-19.
-
How to prevent your businesses becoming embroiled in a trademark disputeAnalysis Thorough research could save you the headache of a trademark dispute, says David Prosser.
-
Flexible working: don't rush your staff back the officeAdvice The government is urging people to get back to the office. But there are good reasons for many small businesses to embrace flexible working.
