Almost since its birth, Facebook has been an important tool for small businesses. It’s a low-cost way to sell your services, interact with customers and build a community around your business.
However, wherever small businesses gather in any number, so too do cybercriminals, like predators at a Savanna watering hole. Facebook for Business is no different. Over the past few years, the social media app’s messaging service has become a regular launchpad for phishing campaigns. And, unfortunately, the problem is only getting worse, with social media account takeovers increasing by over 1,000% in the past year
However, this doesn’t mean you need to avoid the app altogether (as we said, it’s a useful tool). With the right knowledge, you can get back to communicating confidently. So, here’s everything you need to know about Facebook Messenger scams – what they look like, the consequences of a breach, and how to combat them.
What does a Facebook Messenger phishing scam look like?
Like most phishing attacks, Facebook Messenger scams typically rely on social engineering. But, there are a few different approaches out there.
Complete cyber confidence doesn't have to break the bank. Download our guide to protecting your business on a budget to find out more.
The classic Facebook scam
First of all, there is what we call the ‘classic’ Facebook messenger scam. This is a well-worn approach but don’t let that fool you. ‘Well worn’ doesn’t mean ineffective even if it lacks sophistication. A surprising number of businesses still get caught out by this tactic.
Scammers will usually pretend to be potential potential customers or partners and try to trick you into giving them sensitive information. It could be a prospective ‘partner’ who just needs some financial data before they can commit or it could be a customer who’s seemingly desperate for you to check out their website (don’t click the link!).
The Facebook support team scam
Recently, we’ve seen a far more insidious scam on the platform. Scammers have begun posing as Facebook support or security teams.
This scam typically starts with a message claiming your business page is at risk of being banned or disabled due to violations. The message will seem urgent and official, often using Facebook branding and logos. There will be a link provided to supposedly "verify your account" or appeal violations. Unsurprisingly, this link doesn’t unlock your account or clear your business’s name, it’ll usually lead straight to a bogus site that’ll infect your device with malware.
Another potential avenue for this kind of scam is to claim your business needs to ‘top up’ the funds paid for ant on-site advertising you might be running. Once again, this will lead you to a spoofed Facebook page where you’ll be requested to enter sensitive financial details. If you’re unfortunate, like us, you might have received a flood of these messages in recent months, they usually look something like this:
What are the consequences of a successful scam?
The consequences of falling prey to one of these scams vary, depending on what the cybercriminals managed to persuade the victim to do. However, some of the most common outcomes include:
- Losing control of your business’s social media page to hackers who then use it to post malicious content or launch further scams
- Financial loss, either through the initial scam or a subsequent ransomware attack
- Compromised sensitive personal or proprietary data
- Reputational damage from all of the above
All in all, being hit with a successful Facebook Messenger scam is something your business desperately needs to avoid. Let’s look at how…
How can you avoid falling victim?
Although the method of attack might be new, Facebook Messenger scams are still a form of phishing. This means that many of the principles that can be used to combat other types of phishing scams can be applied here.
1. Keep Facebook's policies in mind
Remember that Facebook will never message you proactively about account issues. Any unexpected warnings about your page being banned are very likely scams.
2. Check the URL
Verify that any links come from an official facebook.com or facebookmail.com domain. If you’re unsure, you can hover over links to preview the URL before clicking.
3. Look for errors
Watch for poor grammar, spelling errors, and other typos. Scammers are rarely gifted writers and you’ll often find telltale slip-ups in their messages.
4. Verify who the sender is
Check out who a potential partner or customer is claiming to be before you engage with them or share any information over Messenger. A quick search of their name on LinkedIn and a check of the company website or its Facebook Business page should be enough to raise any red flags. And, if in doubt, don’t engage.
5. Use MFA
Turn on multi-factor authentication (MFA) for your Facebook and Facebook Business accounts. This will make it much harder for a cybercriminal to gain access to your account even if they do steal your login credentials.
6. Don't trust unusual requests
Don’t trust any request for your login credentials, password, or MFA code that comes through Messenger. Facebook will never ask for that information through chat.
7. Prioritise privacy
Keep your Facebook Business page set to the highest privacy and security settings. This alone should help keep you off most scammers' radar.
8. Report anything fishy
Finally, report any suspicious activity to Facebook. Any examples you can provide are crucial to improving the platform's security and rooting out malicious users.
As with all phishing attempts, Facebook Messenger for Business scams aren’t particularly sophisticated and can be avoided with a little vigilance. Follow the steps laid out above and you’ll be able to do business using Facebook safely and securely.
Want to know more about the threats facing small businesses and how to guard against them? Check out our guide to protecting your business on a budget.