Safety First - Protect your Meta Business Manager from Phishing Scams
Phishing scams are becoming more and more common online. While some phishing scams are easy to detect like the classic prince or millionaire that needs help moving their money and will pay you for your assistance, others are more sophisticated and harder to detect. As phishing scams are becoming more common it is more important than ever for organizations and employees to be aware of what to look out for to identify scam messages and how you can protect your accounts from scammers.
Currently common phishing scams in 2023
If you have a Business on Meta you have surely encountered several fraudulent scam messages from people claiming to represent different organizations and even Meta themselves. There have also been several scam ads circulating claiming to be Meta or Meta associates with messages that there is a new adsmanager that is, ironically, more secure. Worth noting is that Meta does not approve of URLs in ad copy and any ads manager updates will always be shown in your ads manager. Unfortunately, some scammers have even managed to get the verified blue tick on their profiles, making it even harder for businesses and people to separate scams from legitimate businesses. Meta says they have identified and removed all of the impostor accounts that were verified under its old system, however not under the new Meta verified program. We therefore recommend to always check twice if the message and messenger looks suspicious in other ways.
Another common phishing scam circulating on Meta is regarding copyright infringement, often threatening legal action or account suspension. Legitimate businesses will follow Metas process of IP and copyright claims, or contact your business through lawyers. If your ads or content has been IP or copyright claimed you will see this in your business support home page and it is also here you take appropriate action.
Some key points to look out for to identify if a message is a phishing scam:
- Where did you receive the message?
Meta will never contact you through messenger, unless you have initiated a help support case through the chat. Meta will primarily contact you in your business manager or ads manager. If the message was received through email, look at the sender if the mail seems to be from Meta or not. - Does the message appear in your ads or business manager?
If your ad account or business manager are at risk for shutting down, you will receive a message, notification or warning in the affected manager or in business support home. - Does the message highlight urgency?
Many phishing scams try to create an urgency to make you act before you think. If the message claims a 24 hour deadline or immediate or permanent shut down, it is most likely a scam. - Does the message encourage you to press a link?
Phishing scams rely on you pressing links or giving certain information to be successful. If the message contains links, hover with the mouse over the link to see if the link is an actual Meta related page.
If you are unsure if a message is legit or a phishing scam, we recommend you to screenshot the message and start a help support case in Business Settings to verify if Meta has in fact reached out to you or if they have received a third party IP or copyright claim. It is also important that all employees with access to Facebook and Instagram accounts are aware of phishing scams circulating as each individual can be targeted regardless of their permissions in the account. So inform your employees of the risk of scamming and encourage them to contact your business admins (full control users) if they receive any messages from Meta or other organizations regarding your brands page or ad account.
Protect your Meta Business Account
Additionally to keeping these four questions in mind and being skeptical of messages, a key part of avoiding phishing scams and their negative effects is to protect your account before it happens.
- Use Strong, Unique Passwords
Team Training: Ensure that all team members who have access to the Business Manager are trained to create strong and unique passwords.
Password Managers: Consider using a password manager to manage and store complex passwords securely. - Enable Two-Factor Authentication (2FA)
Mandatory 2FA: Make it mandatory for all users with access to the Business Manager to enable 2FA. This is done in the Security Center in your Business Settings.
Educate Team Members: Educate team members on the importance of 2FA and guide them on how to set it up correctly. - Keep Your Email Account Secure
Secure Associated Email Accounts: Ensure that the email accounts associated with your Business Manager are secure, as these can be potential gateways for hackers.
Regular Updates: Regularly update the recovery options for your email accounts to prevent unauthorized access. - Regularly Review Account Activity and Settings
Full Control Users: Keep users with full control to a minimum, but at least 2. If a full control user is hacked the hackers have access to modifying all employees' access in the account.
User Access: Review and update user access levels to ensure that only the necessary individuals have access to sensitive business information.
Activity Log: Frequently monitor the activity log to spot any unusual activities promptly. - Extra Security Measures
Recovery: Set up trusted contacts who can help you recover your account in case it gets hacked. Make sure you have at least two business admins (full control) in case of one being compromised. - Legal & Compliance
Privacy Policy: Ensure that your business complies with Facebook's terms of service and privacy policy to prevent any complications or breaches.
IP and Copyright: Ensure that you have the rights to the content you use or use materials from sites that provide music and content that are free of copyright and allowed in advertising.
Staying aware of how hackers communicate, the risk of phishing scams and how to avoid them is key to avoiding unnecessary disruptions and negative impact on your Meta advertising. We recommend you to educate all your employees and colleagues about phishing scams and establish security measures and guidelines. It is wise to always think twice in regards of messages and mail, once again, safety first!