Beware! Hard-Learned Lessons About Protecting your Facebook Business Page

Posted by David Chism | Wed, Mar 23, 2022

 Beware! Hard-Learned Lessons About  Protecting your Facebook Business Page

I start­ed my mar­ket­ing man­age­ment busi­ness in April of 2009. Since that time, I’ve seen more than my share of poten­tial­ly harm­ful emails, includ­ing hack­ing and phish­ing attempts. I love and use tech­nol­o­gy every day, so it comes with the ter­ri­to­ry (unfor­tu­nate­ly). The good news is that I’d man­aged to avoid all of them… until Feb­ru­ary of this year.

It start­ed with a fake email from Facebook

A long-time client reached out to me one day with a ques­tion about an email she had received from Face­book.” It warned her that her page vio­lat­ed some of their terms, and it would be shut down soon if the prob­lems weren’t corrected.

The URL looked legit, begin­ning with face​book​.com. I’m always cau­tious, and even right-clicked the URL first to get a bet­ter look at the des­ti­na­tion before clicking.

Next, a fake Face­book login

The login page looked legit too, and sim­ply asked me to con­firm my cre­den­tials and access. Once I did, it opened the door to my per­son­al account, my busi­ness account, and a num­ber of con­nect­ed client accounts as well. 

As of right now, I’m still deal­ing with the long-term impact. Com­pro­mised accounts, cred­it cards, and lost pho­tos of my own, plus being per­ma­nent­ly locked out of my pri­vate Face­book and Insta­gram profiles. 

I keep ask­ing myself what I’ve learned from all of this, and what good I can glean that might help oth­ers. I’d like to pass the take­aways on to you.

6 Tips for pro­tect­ing your small busi­ness’ Face­book account

 Beware! Hard-Learned Lessons About  Protecting your Facebook Business Page

1. Be sus­pi­cious of any emails ask­ing for login information

Nev­er send­ing pass­words or cre­den­tials through an email is a no-brain­er. But even URLs sent through email need to be care­ful­ly ver­i­fied. Like I men­tioned above, right click and check the URL path to see where they lead before blindy click­ing.

2. When in doubt, ask support

If you’ve received an email warn­ing you of an issue, a secu­ri­ty breach, or some oth­er prob­lem that needs to be addressed, go direct­ly to the provider’s sup­port with ques­tions. There’s often a chat option on their web­site, and you can share the details of the email and ask if this is legit­i­mate or not. It might take a few extra min­utes, but it’s SO worthwhile. 

3. Use a Face­book Busi­ness Man­ag­er account

Face­book Busi­ness Man­ag­er is a suite designed to help busi­ness own­ers and man­agers man­age their page and ad account. It’s very easy to set up, requir­ing your email and busi­ness info. You then con­nect your Face­book page to the Busi­ness Man­ag­er account, then either add or cre­ate your ads account. 

From there, you can add peo­ple to the Busi­ness Man­ag­er and choose exact­ly what lev­el of per­mis­sion and access each per­son has. This way nobody has to con­nect their per­son­al Face­book account to the busi­ness or ads account. It’s an extra lay­er of secu­ri­ty — a buffer, if you will. Plus, it makes it very easy to man­age peo­ple with­in your organization. 

4. Enable 2‑factor authen­ti­ca­tion right on your Busi­ness Man­ag­er account

In your secu­ri­ty set­tings, you can tog­gle on 2‑factor authen­ti­ca­tion. This means that some­one who access­es your Busi­ness Man­ag­er will need to ver­i­fy their iden­ti­ty by either receiv­ing a text mes­sage with a code, or by enter­ing a ran­dom­ly-gen­er­at­ed pass­word from the Google Authen­ti­ca­tor app. Sounds con­fus­ing, but it’s all very straight­for­ward and sim­ple. The ben­e­fit here is that even if some­one access­es the Busi­ness Man­ag­er some­how, they’ll need to ver­i­fy them­selves before they can do any­thing else. 

5. Set a spend lim­it on your Face­book ad account

I’ve observed illic­it ads being run with out­ra­geous bud­gets (like $20,000/day in some cas­es!). As a side note, these are often spam-relat­ed ads that are intend­ed to reach as many peo­ple as they can before get­ting flagged and shut down. Based on your nor­mal ad bud­get, you may want to set a spend lim­it that needs to be reset before any addi­tion­al ad spend is charged. That way you’re pro­tect­ed against a huge amount of mon­ey being spent before you catch the activity. 

6. Have a back-up Admin­is­tra­tor of your Face­book Busi­ness Man­ag­er account

If you set up the man­ag­er account, you’ll be the pri­ma­ry admin. It’s rec­om­mend­ed (and you’ll see a prompt from Face­book about this) that you add a back­up admin­is­tra­tor. That way if some­thing hap­pens to your account for any rea­son, or you sim­ply can’t access Face­book, some­one else can step in and assume respon­si­bil­i­ty. If you’re the only one, you can get your­self in a bind. 

Stay vig­i­lant! Secu­ri­ty threats aren’t going any­where

I’ve seen a major spike in phish­ing and hack­ing activ­i­ty on social media. One of the areas I’ve seen this almost dai­ly is on the Google Busi­ness Pro­file. This is the plat­form where cus­tomers can leave reviews and mes­sage a busi­ness (think Google Maps). If your com­pa­ny has turned on the mes­sag­ing plat­form, you’ll inevitably encounter fake users. These peo­ple will ask dumb ques­tions like, Do you offer exte­ri­or paint­ing ser­vices and accept cred­it cards?” or I’d like you to go ahead and paint my inte­ri­or and I’ll send you a check for $4,500…”

My advice is to mark these as spam and block them right away. 

We live in a dig­i­tal world, and that means there will be huge poten­tial for growth and fresh oppor­tu­ni­ties, but also attacks. We have to be extra care­ful, and make sure our teams are aware and edu­cat­ed as well. 

About David Chism

David Chism started his business out of a passion for helping small contracting businesses grow, be more profitable and become better known to their target clients. One lifelong hobby of David is using techie gadgets. So this blog is a place where he writes about technology, marketing ideas, just for fun (humor), personal thoughts on small business and more.


Subscribe to the Blog

Please provide a short summary of why you are reaching out today.