Facebook Ad Account Hacks

The ways hacks occur.

  1. Not having 2 Factor Authentication (2FA) turned on for both your personal account and the Facebook Business Manager account. This must be turned on and used by EVERYONE who is connected to anywhere in that business manager account. It also must be turned on for anyone connected to anyone who is connected to your account. The biggest vulnerability here is contractors that are working with dubious clients and don’t have secure systems and professional methods in place.
  2. Not using a secure enough password
  3. Opening a file sent to you via messenger or email on your computer, tablet or phone

4. Using chrome extensions that are not recognised

5. Not having notifications and email settings at the highest level possible in the business manager notifications settings

6. Ignoring notifications and emails that are sent saying someone has accessed your account.

7. Having too many people with access to the critical functions of your Facebook business manager. The settings of employee (under people) and partial access (ad account and pages) are there for a good reason.

Some of the more technical ways hacks are occurring:

  • 2FA bypass exploits such as spoofing the number or adding a trojan to your phone which can open the google authenticator app.
  • SIM card cloning
  • RATSs
  • Highjack of the browser session
  • Fake chrome extensions that look like a tool for Facebook
  • Talk to your mobile carrier, posing as you.
  • Buy a cheap phone from the sales rep and get a new phone number.
  • Ask the sales rep to migrate over all your account-related information to the new number.
  • Breaking into your email account associated with FB
  • Most likely thing way you can be hacked is by another admin getting hacked and the hacker invited a disposable email into your bm to make his own admin account and boot everyone else out. To get around this, secure your email accounts and set your colleague permissions to employee and try to completely lock up your own accounts
  • In the cyber world, the weakest link in any business system is the person operating it, so never trust anyone is fully secure!

How to know if you have been hacked?

  1. You may see invites in the business manager that are still pending
  2. People will appear in the people, partners, ad accounts and pages section in the business manager
  3. You won’t be able to access your ad accounts in ads manager
  4. Weird costs will show up on you bank account
  5. Emails will be received that are invoices.

When you have 2FA set up.
If possible use an authenticator app on your phone rather than getting an SMS.
Be cautious about who you provide access to.
Use all the security settings possible.

Would you like a complementary, zero obligation marketing audit?