⛔️ Important warning ⛔️
We’ve had two attempts to hack our clients just in the last week! Thought I’d share a story as a warning that these scammers are out there and share some advice on how to keep them out of your account.
Our team members on our Business Manager have to have 2FA on. So we’re covered on our end, however, the hack attempts have been directly on our client’s accounts.
Both started in a similar way.
In one case, a message from a Facebook page posing as ‘Facebook Page Violation’ with an official Facebook logo, reached out to let page admins know there was a violation on the page for using copyrighted content.
Our client flagged this with us immediately and when we investigated we spotted the scam.
As you can see in the screenshot above, the scammers included a link to appeal the copyright infringement, clicking on that link took you to a Facebook Login page where the hackers would then capture login details to gain access to the account.
The other client who was targeted, unfortunately, got tricked, and we only caught it once a traffic ad went live in the account that we didn’t create.
The damage this can cause can be catastrophic.
Whilst the hackers had access we had ongoing monitoring on the account, making sure we were removing ads as they set up multiple traffic campaigns. Some with budgets as high as $50,000/day in order to farm clicks charging traffic back to the card on file.
Luckily due to our processes and systems, we were able to catch this early and minimize the damage. Reporting it to Facebook for an official investigation.
I encourage everyone reading this blog to to add 2FA to your Facebook accounts ASAP.
Also, ensure you use the ‘log out of all sessions’ to boot anyone out who may have access to your account forcing them to pass the 2FA barrier to regain access.
Stay safe out there!