Thinking your Facebook business account has been reported because it violated a community guideline and risks suspension or deletion is pure nightmare fuel for communicators. Cyber security threats are on the rise. and it’s becoming more common to receive these types of alerts on personal and professional pages. Before you panic, first pause and investigate a bit further.
In the past week, you’ve probably received an email, text and/or phone call from a person (or robot!) claiming to be someone they aren’t to trick you into directly or indirectly sharing sensitive information. Unfortunately, Facebook has proved to be an ideal playing ground for these bad actors.
Facebook phishing often involves fake security alerts and password reset requests to redirect their targets to a phishing site aimed at stealing credentials and other information. Although it’s a direct violation of Facebook’s guidelines, it’s easy for bad actors to set up fraudulent accounts under the guise of a Facebook authority and use it to trick unsuspecting account administrators into providing sensitive information or clicking harmful links.
In fact, we’ve seen a major uptick in the number of Facebook messages our clients have been receiving in recent months from fraudulent “community standards/support/etc.” accounts accusing their pages of being disabled, violating community guidelines and more. We’ve also noticed the attempts are getting more convincing – something that can even trip up those who exercise cyber security best practices.
Regardless of how savvy Facebook scammers get, there are several things you can do to outsmart them and prevent stress, financial loss and/or other issues for yourself, your clients or your organization. Read on to discover our agency’s process against Facebook scams and phishing/malware attempts, how we decipher legitimate notifications and how we stay smart on cyber security threats to keep our clients and agency safe.
Stop, Look and Think
Stress is a natural response to receiving an alarming alert on Facebook. You may wonder, “Is this my fault?” or “Was my team not careful with the content that was posted?” and it may compel you to try and fix the issue before a client, manager or team member sees it. It’s important to get a second eye before performing any sort of action (plus, transparency is always the best policy!). This is why it’s so important to pause, look a bit deeper into the message and consider what may have warranted this type of message.
At Franco, we provide counsel to clients if they need help determining whether a Facebook message or notification is legit – even if we are not supporting their social media program. We are passionate about supporting everyone’s online safety education.
One way we nurture our own team’s cyber security knowledge is through required monthly KnowBe4 training courses. KnowBe4 is the world’s largest integrated platform for security awareness training combined with simulated phishing attacks.
One of the most powerful things we’ve taken from KnowBe4 is the reminder to stop, look and think.
Pause before panicking, clicking and acting on a Facebook message.
Do you see any weird characters, additional spaces, typos or grammatical errors? Did you receive this message or notification at a strange time of day? Do they continue to message you if you do not respond?
Facebook will never message you when bringing an account-related concern to your attention. However, it can be difficult not to stress a little considering how convincing these messages have become with the help of generative AI…but remember, you are the one with the ability to think critically. Did the message threaten you and express extreme urgency? This is a common tactic used by bad actors to get you to react impulsively.
Legitimizing Threatening Facebook Notifications
If you’re still concerned, there’s an easy way to check if your business Facebook page has actually been reported.
Head to facebook.com on your desktop > go to the icon in the top right > click Help & Support > Support Inbox > Your Alerts. You’ll be able to see if anyone reported the page or if you’re in the clear.
It’s always a good idea to check your email, too. If your page got reported, there’s a good chance you will receive an email alert that corroborates the report details.
While hypervigilance is important on Facebook, it’s useless if your business account is easily compromised because of a weak password or poor security measures.
First, it’s important your administrative privileges are set up properly.
- Ensure there is more than one admin on the account.
- During this step, turn on multi-factor authentication (MFA) as a requirement for additional security.
- When working in Meta Business Manager and/or Ads Manager with an agency partner (who should also be using MFA), provide them with full access to the page so agency employees can effectively do their jobs while the agency securely manages employee access.
- This also ensures agency employees have access to the page and can manage the account, but they CANNOT remove your company’s properties.
We strongly encourage using MFA everywhere applicable. Rather than sending verification codes to your mobile phone or email inbox, we recommend using an app like Microsoft Authenticator as an additional security measure.
Another best practice is password organization through a vault platform, like Keeper. Keeper has several levels of security steps and can generate highly secure passwords for accounts it’s synced to.
Find more tips on how to avoid phishing scams with these resources:
The stress of Facebook scams and other threatening notifications can add unnecessary stress to our jobs as communicators. Subscribe to our Thoughts From the 313 newsletter for more resources and insights to keep you and your team diligent, data-driven and forward-thinking.
Senior Integrated Communications Specialist – Digital Kaiti Horn and Integrated Communications Intern Bria Brown contributed to this post.