Hacking and phishing attacks are serious threats in any form, but did you know that one of the number one places phishers will target is Facebook? With 2.6 billion users storing their usernames, passwords, personal data, and even financial information on the platform, Facebook has become a hotspot for cybercriminals, and brands are a top target. Businesses who fall victim to these scams can face financial losses, identity theft, damage to brand reputation, and loss of business.
By knowing how to spot phishing attempts, you and your employees can help protect your business and your brand’s social media integrity. But, in order to recognize a phishing attempt, you first have to start with an understanding of what phishing is. Read on to learn how exactly to spot phishing and hacking attempts on Facebook, how to protect your business’s Facebook account, and how to secure your account for the future.
Securing Your Facebook Business Account: Hacking vs. Phishing
Hacking and phishing attempts are similar in that both are methods of obtaining unauthorized access to your private data. Hackers tend to obtain access by force by manipulating code to bypass login details, while phishing–a specialized kind of hack–is a more “social” approach. Phishing occurs when “bad actors,” (i.e., people who want to steal your data) will employ several deceitful techniques which are designed to trick you into “voluntarily” giving over your credentials yourself.
Phishers will try to manipulate you by sending confusing messages that appear to be from official sources or directly from Facebook. These masquerading messages are often dressed up to appear official by using logos, typography, and language like that found on the site. They may even be signed by someone appearing or claiming to represent Facebook Admins or similar senior-sounding positions of authority. Phishing attempts are continually evolving and becoming more convincing, but luckily there are several tell-tale signs that can help you distinguish a legitimate source from a phish.
Securing Your Facebook Business Account Against Phishing: How to Identify a Phishing Attempt
By being aware of how phishing scams work and knowing what to look out for, you can avoid letting your business become a victim of a phishing attempt.
As previously mentioned, phishing attacks are normally communicated within an email message (though they could just as easily be included within a Messenger Chat or direct message), and can often be identified by some of the following characteristics:
Usual Spelling and Grammar
Phishing attacks are often (though not always) from non-English origin sources, so it is not uncommon for words or grammar to appear incorrect. A social media company, such as Facebook, would always have communications checked for such basic mistakes before they are sent to a customer.
Similarly, if language is oddly worded or the message itself feels off, trust your instincts and be wary, especially if that message is requesting personal or sensitive information.
Inclusion of Suspicious Links or URLs
Any attempt to get you to visit another website, even if that website looks like “Facebook.com” should be an immediate warning sign. Entering your credentials into a website called “facebook-secure.com,” for example, is likely to be a phishing attempt. If a link looks suspicious, try hovering over the link with your cursor–this will reveal the full web address and reveal if it’s actually leading to where it says it is.
Questionable Email Addresses
When checking emails and messages, always check the address of origin. Phishers will often email from accounts meant to look official in an attempt to mislead you. For example, an email from ‘email@example.com” could easily be misread. Don’t fall for it! Like URL links, email addresses can appear genuine at first glance, but hovering over them with your cursor can reveal a different, fraudulent address.
The Unknown or Unusual
Phishing attempts are designed to catch us off guard, and the best way to do that is to confuse or trick us, so any technical questions or confusing explanations contained within a message may cause us to inadvertently get curious and click a link or reply to a message. Facebook will never send emails asking you for your username or password, nor will they ever send you an attachment or new password out-of-the-blue or without cause. You should also be wary of responding to messages or requests from people you do not know, such as people wanting to be your friend or those claiming to be someone else, as these can also be attempts to deceive you.
While these are some of the most common signs, phishing techniques are constantly developing, so it’s far better to always proceed with caution when confronted with the unknown rather than make a mistake and pay the price for it later.
Securing Your Facebook Business Account Against Phishing: Prevention Tips
Knowing the signs of phishing to look out for is a good first step, but being able to secure your business account is vital in protecting your security. See below for our recommendations for stopping a phishing attempt before it happens.
Use Multi-Factor Authentication
Securing your accounts may seem complicated at first, but there are plenty of help pages on Facebook that you can use to configure your account and keep it secure. The primary technique is to enable and use “Multi-Factor Authentication” (also called “MFA” and sometimes referred to as “Two-Factor Authentication” or “2FA”) wherever possible on all your social media accounts, both business and personal. Below is an example of what it looks like to have two-factor authentication turned on in Facebook.
Multi-Factor Authentication works by setting up two or more authentication methods to prove who you are. These two factors are generally something you know (like a password), and something you have (like access to a phone for SMS or app authentication, or biometric information such as a fingerprint). This multi-factor approach verifies and confirms that you are who you say you are.
To turn on Multi-Factor Authentication on Facebook, go to “Settings” and then “Security/Login.” Then it will prompt you to set up Multi-Factor Authentication. Facebook provides you the option to add your cell phone number for SMS verification or set up an authentication app such as “Google Authenticator” or “Microsoft Authenticator,” which can both be installed on your smartphone. See below for options for backing up your codes for safekeeping.
Once you have these mechanisms set up, the next time you next sign into Facebook you should also be prompted to ‘Verify’ your login attempt or enter a code sent through SMS message. Once you are able to verify through one of these methods, you will be able to log in as normal.
Keep Everyone On the Same Page
While Multi-Factor Authentication is a great way to verify your account, you need to ensure that each employee who has access to your business’s Facebook pages has their own named account and has MFA configured as well. To avoid the use of shared user accounts and shared passwords, each person should be set up with their own unique and complex passwords.
Encourage your employees to use unique passwords to further avoid your account being compromised. To help make this easier, we recommend the use of a password manager tool such as LastPass, Keeper Security, or even the new password managers built into the Google Chrome or Microsoft Edge browsers. Each of these tools has the ability to generate complex passwords (random letters, numbers, and characters) and “remember” them for you so you no longer need to memorize countless passwords.
Finally, training your employees in how to spot phishing techniques and respond to them is incredibly important in ensuring the security of your business. And if you do fall victim to a phishing attempt, make sure everyone knows the steps necessary for reporting security breaches and changing passwords to minimize any possible or future damage.
Your Facebook pages are the portals your customers use to access your business, which means they are extremely important to how your customer perceives you. Protecting these pages and avoiding unauthorized access is a key part of your business’s success and security. It is vital that you and your employees understand the techniques and methods these phishing attacks employ and remain vigilant against any hacking attempts that come your way. The tools and techniques are available to you, but it’s up to you to ensure they are used and implemented!
For those wanting to know more about navigating the world of digital marketing and branding for your business, did you know that SND Agency is a full-scale digital and social media marketing agency? We have experience in marketing our clients’ brands and channels and growing their businesses using the same strategies we shared above, and we have years of expertise behind us. Don’t hesitate to contact us today!