You’ve likely heard the story before: maybe your colleague logged into Facebook and noticed an odd post or message they appeared to send but didn’t write. Or, worse yet, their password and access info changed out of nowhere.
Moments later, you’ll hear them lament that their account has been “hacked.” And, unfortunately, it can happen to anyone.
Given the vast amount of information we’ve all grown accustomed to posting, sharing or uploading online, it can be easy to feel lost in the fray of it all. More scammers, “phishers” (more on this later) and phonies continue to peruse the internet for as much info as they can rake in, which can be an unsettling thought.
Here’s the good news: many ways exist to prevent or even outright stop this activity.
Knowing the Signs
In most cases, unwanted account access comes from attempts to solicit link clicks that take the user to an unsafe site. This practice is known as “phishing,” and it is surprisingly effective in leading unsuspecting browsers into a trap.
Take the above screenshot on an actual medical practice’s Facebook page, for instance. Though it appears to be an alarming notice of an official account suspension notice, several red flags reveal this post for what it is: a phishing attempt.
Here’s where it gets suspicious:
- This notice came as a Facebook message from another page (lazily named “Your Facebook Page Has Been Disabled”). Facebook and Meta do not send account closure or suspension notices this way. If there is an issue with your account, Meta will contact you via email from an official Facebook.com address.
- The message contains a series of typos, missing periods and blatantly incorrect grammar.
- The weblink this message shares is not secure (indicative by “https://”, where as this link begins with “http://”). This is deliberate, as any form data entered on an insecure site such as phone numbers, credit cards or other data can be compromised.
- The link is not a Facebook or Meta domain (“community-page-review…” is between “facebook” and “.com” in the above URL). Scammers will often add a reputable company’s name to the link, but if the domain (the part before the .com, .org, .net, etc.) does not match what you usually see from this company then be cautious and don’t click.
Here is another strange example, this one in the form of an email that is much harder to decipher:
Though this does not have nearly as many structural red flags as the Facebook message (one being as to how they’re “deeply concerned to inform you”), there’s one specific outlier: the official looking Facebook link is a redirect to an unofficial private message account.
Another dead giveaway in this one is the sender email—the domain (everything after the ‘@’) has nothing to do with Facebook or Meta:
Unfortunately, even knowing most or all the signs of a scam might not be enough to keep intruders out. Thankfully, there are even more ways to keep your social media accounts safe and secure.
Stop Phishing at the Source
The best way to keep your account secure is through two-factor authentication. This is where you add a trusted email or phone number to a social media account that only you or your organization partners can access. Each time you or someone else in your organization logs in, a code will be sent or texted to the provided phone number or email address.
It’s always best to start with prevention, as some of these steps are the best way to ensure that only you, your colleagues and other approved business partners can access your social media accounts – even if someone, somewhere, wound up clicking a weblink, opening an email or downloading an email attachment they shouldn’t have.
Any suspect emails, instant messages or social media page posts should be reported as spam and deleted immediately, when possible. You should also never forward such an email to someone else if you wish to inform people. It is wiser to take a screenshot and censor out any potentially corrupted links.
Always Keep Your IT in the Loop
Though we can help answer some questions you might have about the status of your social accounts and any potential policy violations, your IT support should always be your first point of contact if you or anyone else clicked a suspicious link. Your IT team can instruct you on the next best steps, such as two-factor authentication, to help keep any future scammers out.
We get it – sometimes, it’s easy for other tasks or distractions to build up, and messing around with a series of social media settings just isn’t at the top of the list. You can take comfort in knowing that Fuel follows best practices guidelines in helping to manage your social accounts and the content posted online.