With Facebook and Meta serving as crucial platforms for businesses, especially those running ads, securing your account is essential. Recent scams and hacks have brought to light various vulnerabilities, especially within business accounts. This guide covers crucial steps to safeguard your account, from setting up two-factor authentication to managing access for collaborators.
Keeping Your Facebook and Meta Accounts Secure
1. Enable Two-Factor Authentication (2FA) for Extra Security
Two-Factor Authentication (2FA) is a highly effective way to protect your Facebook and Meta accounts. When enabled, logging in requires not only your password but also a unique code sent to your phone or generated by an authentication app. This dual-layer security greatly reduces the chance of unauthorised access, even if someone knows your password.
How to Set Up 2FA on Facebook:
Navigate to Settings & Privacy in the Facebook app or website.
Go to Security and Login and locate the Two-Factor Authentication section.
Choose your preferred method: a text message code, an authentication app, or security key.
Follow the prompts to complete the setup.
Why 2FA Is Essential:For accounts running ads and handling financial data, 2FA adds an additional layer of security, making it much harder for hackers to gain access.
2. Carefully Manage Access for Collaborators on Business Accounts
When running a business account, it's essential to securely manage who has access to prevent unauthorised use. Always use Meta Business Suite and Ads Manager to assign roles and permissions, adding only trusted collaborators. Role-specific access can limit potential damage in the event of a security breach.
How to Onboard Collaborators Securely:
Within Meta Business Suite, go to Settings > People.
Assign roles based on necessity, from Admin (highest access) to Employee (limited access).
Regularly review the user list and remove any collaborators who no longer need access.
Setting Ownership and Account Access:Ensure the primary ownership of your business page is linked to the correct personal Facebook account, ideally that of the business owner or another senior team member. Only the main owner should have full Admin access, while collaborators should be granted the minimum level of access necessary for their role.
3. Beware of Scammers Impersonating Meta Support
A new tactic scammers are using is impersonating Meta Support via direct messages (DMs). They often claim that you've violated a policy or that your page will be deleted, then include a link for you to "fix the issue." These messages may look official, but Meta will never contact you through DMs about account issues.
How to Handle Suspicious Messages:
Don’t Click on Any Links in DMs: Ignore any message claiming to be Meta Support, regardless of how legitimate it appears.
Go to Your Support Inbox for Authentic Updates: If there’s an issue with your page, Meta will notify you through the Support Inbox in Meta Business Suite, not through DMs.
Accessing Your Support Inbox:
Open Meta Business Suite.
In the left-hand menu, select Notifications and then navigate to Support Inbox.
Here, you’ll see any legitimate messages from Meta regarding your account.
Meta typically sends notifications about account issues via the email associated with your personal account. However, if any email includes links, avoid clicking them directly. Instead, log in to Meta Business Suite or Ads Manager separately and check your Support Inbox for verification.
4. Avoid Using Third-Party Apps for Account Administration
Stick to Meta’s official platforms—Meta Business Suite and Ads Manager—for managing your accounts. Third-party apps can expose your account information to security risks. A recent scam involving an app called TestFlight has lured users into downloading malware disguised as an account management tool.
How to Avoid TestFlight Scams and Similar Risks:
Use Only Meta’s Platforms: Manage all settings and ad campaigns through Meta Business Suite and Ads Manager. Avoid linking accounts to any app not officially endorsed by Meta.
Do Not Download Unauthorised Apps or Tools: Especially those promoted via email or message.
Be Cautious of Fake Emails: Scammers often send emails designed to look like Meta. Always double-check the sender’s address and avoid clicking any unexpected links.
5. Stay Aware of Hacks and Phishing Scams
Scams targeting businesses on Facebook often involve phishing emails or messages claiming urgent issues with your account. Hackers use these tactics to gain access to business pages and even run unauthorised ads.
How to Spot and Avoid Scams:
Never Click Links in Emails or DMs: Meta rarely asks for verification via email links, and never through DMs. If you receive any notification about a policy violation or threat of deletion, go directly to Meta Business Suite or Ads Manager and check the Support Inbox.
Limit Admin Access: Restrict the number of Admin roles on your account to reduce the risk of attacks targeting multiple users.
Regularly Review Access and Passwords: Ensuring all admins use strong passwords and updating these regularly can help prevent unauthorised access.
Protecting your Facebook and Meta accounts requires vigilance, particularly if you run ads. By setting up 2FA, carefully managing collaborator access, avoiding third-party apps, and staying aware of recent scams, you can secure your account and focus on reaching your audience without worry.
Following these steps will give you peace of mind, knowing your business’s digital assets are safeguarded against cyber threats.