Rarely do business owners - and even agencies - reflect much on Facebook security. Instead, we are more concerned about reach, conversions, followers, and recommendations. But it all does not matter if the page is stolen, admins are thrown away, and there is no control over ads and even the bank account...
"I was finally travelling after the lockdown. First flight in 5 months, airport buzz, favourite window seat on a plane, hundreds of plans upon arrival and dozens of people to see. The work process was settled, everything - even possible emergencies - covered, people were in place to handle things while I was away. Sounds perfect!
As soon as my plane landed and I got access to the internet, the email strikes me: "You are being deleted from the admins on the following Facebook pages..."
"What?! Is it my client's way to tell me they are no longer interested in my services?", - after years of work with different people and certain cultures, I would expect almost anything.
But this time, my client's Facebook account was hacked, all the admins deleted as well as the ability to access the Fb business manager that owns corporate pages. The client needed us more than ever!
We quickly established that one of the employees' personal accounts that had an admin right to the corporate page was hacked first and the rest followed.
My admin rights were reinstated through the pages themselves so we could keep our work by publishing content, but a long journey of finding out what happened and how to bring our BM back was only beginning.
The ads manager was luckily blocked immediately due to unusual activity. Still, the most interesting things happened later when the related bank account started losing money to Facebook, and that was not being seen anywhere in the disabled ads manager.
Everything was frozen, but the money kept leaking away.
The first thing to do was close the associated bank account, as we all know how "quick and efficient" Facebook support can be. However, the question of how to bring stolen money back was open.
We did locate the advert that was created for the Indonesian company with over £900 spend per day, but that was frozen immediately along with the ads account, so we still could not track where the stolen money was going.
The bank, though, showed all the money being sent to Facebook and, even though we thought that could have been a scam, Fb did confirm that it looked like their "withdrawals" and there was "some sort of mistake".
At this point, the bank stepped into the case and took it to Facebook. It looked like it was over.
But a few months later, refunded money was retaken. Why? Facebook did not respond to the bank's communications. The client summoned us again to help.
Unfortunately, any known contacts on Facebook were not able to assist, and the only way to get in touch with them was a chat that is not even available to all the users. After weeks of unfruitful communication, we finally received an email confirming the resolution of the case.
A few days later, the money was back. But Facebook did not admit to the leak or any other cock-up from their side, thus leaving us guessing what had happened and where the money was going if not Facebook.
Why this story matters:
All this could have been avoided had everyone who had access to the accounts had 2-factor authentication and a proper password that is being changed from time to time.
If you are a business owner or a marketing executive, don't wait until something unpleasant happens. Make sure or ask someone you trust to make sure social media pages in which you invest time and money are protected as well as your bank accounts. Not to mention precious audience and community that, in some cases, can be more valuable than money.
In Modenova/London, we take security very carefully. One of the first steps we take when starting SMM or targeted advertising for the clients is checking:
1. that everyone who has access to the account is authorised;
2. whether all people who have access to the account have 2-factor authentication on Facebook (we also send video tutorials on how to do that).
Then we arrange regular accounts checks, making sure there are no dodgy partners/developers/assets connected to the account. Of course, we are running all these through our client and responsible company representative.
Let us know if you need any help checking how secure your account is!
Comments