Small businesses targeted by Facebook scam: Lessons for your business

SmartCompany, August 15 2016

Small businesses are among the victims of a recent Facebook scam, which attempts to convince Facebook users that their account on the social network will be deactivated unless they verify their account via a third-party link.

Marketing agency The Social Marketer last week alerted business owners to the scam, which takes the form of a fake notification from “Fb Advert Departmen”.

“Overnight a number of Albury businesses have been hit by this scam. I have contacted Facebook and reported them,” the marketing agency said in its post.

The scam features somewhat dubious grammar, stating the user’s account has been disabled due to “you write content (coarse)”.

The notification appears as a wall post, rather than through Facebook’s direct messaging system, and includes a link to a “service department” page. Upon clicking the link, users are prompted to enter their username and password, which then locks them out of their accounts.

Michael McKinnon, cyber security expert at Sense of Security, told SmartCompany he’s seen a “constant uptick” when it comes to these sort of attacks via social media platforms.

“Crooks are wanting to get people’s credentials, and they rely on people reusing one password for multiple websites,” McKinnon says.

Password reuse is a serious issue in cyber security, and even Facebook’s founder Mark Zuckerberg has been found to reuse passwords. McKinnon advises businesses to have a different password for each social media account.

These sorts of scams are known as ‘phishing’ scams, where websites attempt to trick users into logging in to a fake Facebook login page in order to take their passwords.

McKinnon says all Facebook users should enable extra security features on their accounts, but he also recommends some more simple vigilance.

“Fifty percent of people use Facebook on their mobiles, and if you’re using the app, you’re going to be already signed in,” McKinnon says.

“So if something links you to a webpage and asks you to log in again, that should be unusual in itself.”

McKinnon also advises Facebook users to turn on the website’s login approval system, which requires a new login to be approved with a code sent to your email address. Another security feature is two-factor authentication, which requires each login, new or not, to be accompanied by a code sent to your mobile.

Social media expert Catriona Pollard from CP Communications agrees with McKinnon, telling SmartCompany it’s about “being vigilant”.

“Treat all unknown messages with suspicion, don’t just blindly follow links on these sorts of things,” Pollard says.

“People need to adjust their perspective on social media. There are scammers out there, and they’re becoming more sophisticated.”

Pollard also believes social media users need to be more active about privacy as a whole, recommending further vigilance about what is shared on the platforms. She also recommends choosing different passwords for each account.

“Just be careful about what you post online, even things as simple as turning off location services and not putting your birth year in your profiles,” she says.

“It seems like common sense, but we need to be more active about how we use social media from a privacy perspective.”