Using the Facebook app has become an exercise in extreme frustration recently. Not only is every third post an ad, but the same ads keep appearing no matter how many times I block them. One in particular has been polluting my newsfeed for a couple of weeks now. It’s a really offensive ad for a weight loss supplement that combines terrible English, body-shaming, and fat porn to draw your attention. (Yes, fat porn is a thing. No, don’t Google it. I do the research so that you don’t have to.)
There's Something Happening Here
In addition to this deluge of unwanted ads, the Facebook options for hiding ads or blocking an advertiser are regularly broken. The only way to block the advertiser is to click through to their page, report the page, and then block and hide it. In so doing, I noticed an interesting trend. The pages hosting these ads were companies and organizations totally unrelated to the advertised product. A South American restaurant. A design studio in France. A bakery in Duluth. Mostly small businesses. Then I saw a post on one of the pages that said “This account has been hacked and I can’t remediate it. I’m going to start a new page and abandon this one.”
“Okay,” I thought. “This calls for a little investigation. Something weird is going on here.”
A Well-Organized Scam
I started by Googling the advertised product. I got an entire page of articles hyping the effectiveness of this wonderful supplement. I clicked through on a few and saw that each one was a paid placement. Written in quasi-science-speak, these articles gave the product an air of legitimacy.
This isn’t just a random hack, I realized. This is a very well-run scam operation, and someone is making bank, bigtime. As someone who has run both business and non-profit pages on Facebook, this raised immediate concerns.
How It Works
Then I found this article by Mashable that explains how this scam is run. Unfortunately, just implementing two-factor authentication and limiting the number of accounts who have access to your business page isn’t going to fully protect you from this one.
“A scammer will reach out to a digital marketer via Facebook Messenger posing as someone looking to hire a Facebook ad campaign manager. After their pitch, they’ll send over a project proposal with all the details about the company, budget, and what they’re looking to do. This proposal is cover for a .exe file download, disguised as an innocent PDF, which gives the scammer access to the target’s Facebook Business Manager.”
Protect Your Account
A large number of these scammers seem to be located in Vietnam, and they’ve put a number of companies completely out of business. Facebook seems to be struggling to deal with the problem, and they have been slow to respond to help tickets from affected businesses. So how can you protect your business account from this disastrous hack? There are a few things you can do right now to help make your account more secure.
- Ensure all account admins use two-factor authentication on their Facebook accounts.
- Clean up your account members and remove anyone who is no longer active on your account. Keep the number of people on the account as small as possible.
- Ensure your page has at least two admins. That way if one admin account is compromised or locked down, the other admin can step in and clean up the mess.
- Turn on account notifications so that you are quickly seeing account activity and will be aware of something outside of the norm.
- Remain extremely cautious about downloading files from people you don’t know. I receive questionable emails every day on my business email account. Never download images or files if you’re not confident about the sender. And when you do identify something as harmful, be sure to update your email block list to protect your organization.
- And of course, as soon as a hack is detected, immediately report it to Facebook Business Support.
Do you need assistance navigating the waters of social media advertising? We’re here to help, so reach out with your questions and concerns.
