We’ve all heard the horror stories – businesses who spend thousands of dollars building a Facebook following, getting ads working well, finally seeing the results of all that effort and then – one day, they wake up and it’s all gone. A hacker has broken into their account or Facebook has restricted or deleted their page and they are suddenly without one of their main income streams.

Sometimes they get it back, sometimes they don’t – their followers may need to be rebuilt along with their brand reputation. Worst case, the loss is so significant that the business has to shut their doors.

If you have a business that relies on Facebook for leads and sales, then you’re probably already aware that this it’s a very real potential nightmare that you hope will never happen to your business.

But hope is not a great strategy. There is a much better way to protect your business.

So how do you protect your Facebook pages from hackers? And what do you need to do if the worst happens and someone malicious gains access to our account?

Prevention Is Better Than Cure

The ideal way to deal with this threat is to simply prevent it from happening at all – and there are a number of ways you can do this. But most importantly, it’s important to ensure you have the highest security settings enabled on your Facebook and Instagram accounts. The following information will help you achieve that.

Facebook Security Checkup

Take a look at the Security and Privacy settings on Facebook regularly and make sure everything is in your preferred settings.

You can use Facebook’s Security Checkup to review and add more security to your account.

Have A Strong, Unique Password

Making sure you have a long, cryptic, unique and private password for every important account is a good first step. Avoid using anything that’s personally identifiable. An unguessable, unique password is your best first line of defence here. For extra security, change your password every six months. And please don’t share your login credentials with anyone, for any reason.

You should also make use of a reputable password management tool, rather than your memory or a non-secure way of logging into your account. 

You can make use of password managers like Google’s native Password Manager or use a third party tool such as LastPass.

Use 2-Factor Authentication

To increase the security of your account make sure you turn on 2FA (Two Factor Authentication). This allows Facebook to verify it’s actually you logging in. This is achieved by asking you to type in a number from the authenticator app on your phone, or by sending you a text message, depending on how you set it up. You can also make sure Facebook notifies you when someone tries to log into your account, so you can cut them off and let Facebook know straight away it’s not you trying to get in.

Here’s more information on:

How to enable two-factor authentication on Facebook:

  1. Go to “Settings” in the top right corner of Facebook and click on “Security and Login”
  2. Click on Two Factor Authentication

Always Have a Backup

In addition to having 2FA turned on, you can also download backup codes, just in case you switch phones or can’t get into your authenticator app. This will provide a list of single use codes that will allow you access to your account in the case that your 2FA is not accessible. The codes look like this: 

NOTE: These are not our codes 🙂

Remember, anyone with access to these codes has access to your account so be very careful where you store these.

How to download your Facebook Backup Codes

  1. Go to “Settings” in the top right corner of Facebook and click on “Security and Login”
  2. Tap Use two-factor authentication
  3. Enter your password and tap Continue
  4. Tap Recovery Codes, then tap Show Codes

Go into Settings > Security & Login > 2 Factor Authentication (Edit) … and once you’re in there you’ll see something similar to the screenshot above where you can download your 10 backup codes. 

If ever you switch to a new phone and phone number and use an authenticator app for 2 factor authentication (2FA), you will not longer have access to either of my 2FA methods. But if you have access to your backup codes (saved in a secret special place), then you’re safe. Your backup codes will allow you to regain access into your 2FA settings on Facebook to be able to set up the authenticator app from scratch on your new device. One thing to note is that once you’ve used a backup code, it expires permanently.

If all of this sounds over your head, don’t stress on it. Just do this ONE thing – go download your backup codes. ALWAYS have 2FA turned on.

Check Logged in Sessions

You should be periodically checking your Logged In Sessions to ensure there is no suspicious locations and to remove any that you no longer need. This is especially vital if you ever used a public or shared computer to access your Facebook account.

Get Meta Verified

You also consider getting your personal account Meta Verified to get access to “account support for most common issues”. This support is meant to be in relation to your profile, but I have heard of one person who used this support to get their ads account that had previously been hacked reinstated via this channel. Now this is only one case, so by all means, it does not guarantee this will work for you. But you can always try and you can cancel your subscription at any time.

Here’s some more info on:

Once you provide the required information, it usually takes a couple of days to get verified.

Protecting your Facebook Business Manager

In addition to the security measures mentioned earlier, there are a few steps you can take to make sure your Business Manager is protected. 

Be Selective with Your Page Admins

Not everyone needs to have full admin control, as it is this level that allows admins to be added and/or removed from the page. If the personal account of one of your Page Admins gets hacked, then you’re opening the door for your Page to get taken over by the hacker. Selecting the right admin roles will help you manage your Facebook Page without risking passwords or financial information. It is best practice to restrict Admin level to the business owner and another trusted party.

Should you need to upgrade anyone to an Admin at any point in time so that they can perform specific action, remember to remove them as soon as possible once they have completed what they needed to do.

Check your Extensions

Chrome extensions are helpful for many, but they can also be used to hack. Use them sparingly.

Review any Business Integrations

Regularly review any apps and services that you’ve used Facebook to log into (or better still, don’t do that). Remove any you no longer need or use (or better still, set up another way to log into those accounts). 

Check for Malicious Apps

Click on the ‘Apps and Websites’ section of the ‘Security and Login Section ‘in your Facebook settings. Make sure to go through all of the apps in there periodically to ensure that you remove any apps you didn’t add yourself or no longer use. 

Be Scam Proof

Facebook will never EVER email or message you asking for your password or asking you to click on a link to “secure your account”. On the other hand, scammers send emails, often full of dire threats, to try and get you to put your details into their hands. 

Sometimes they make fake Facebook Pages to try and look like Facebook/Meta themselves. Other times they will ask that you download a file in order to access information. If you get these messages, ignore them and – do not ever click on links in them. 

If you’re ever unsure whether an email is legitimate, go to your ‘Facebook Security and Login’ settings to view all official emails sent to you. On Instagram, you can identify suspicious emails, by visiting the ‘Settings’ tab and viewing the official Instagram emails sent within the last 14 days.

Also be wary of people pretending to be friends or family on Facebook – always verify a message through an alternate verified means of communication (e.g. text message) before sharing any information. 

What do I do if my personal Facebook page is hacked? 

Firstly, take a couple of deep breaths. There’s a few steps you can take to minimise the damage and get to the bottom of what’s happened. The first thing you’ll want to do is…

Confirm You’ve Been Hacked

If you see any suspicious activity in your account like new friend requests, new messages or posts you didn’t write appearing on your wall your account may have been compromised. Click Settings and Privacy > Settings and a new menu will pop up. Choose the Security and Login option and then Where You’re Logged In. If there is a login from a device or place you don’t recognise, then you could have a hacker on your hands.

Alert your contacts

If your account has been compromised, many hackers will reach out to your contacts either by posting on your wall or through private messages. Be sure to reach out to tell any contacts not to trust any links or apps that the intruder may have sent them. 

Change your password

Many intruders will change your password to lock you out of your account, but if they have not, you can change it easily. Click Security and Login again, then scroll down to Login and then click Change Password.

If you can’t access the account, as the intruder has changed the password, you can reset it by clicking the Forgot Your Password link underneath the Facebook login. You will need to provide information to identify yourself, such as the email address you used to register with Facebook, the phone number associated with your account, your Facebook username, or your name and the name of one of your Facebook friends. 

Report a compromised account

You should report any suspicious content, spam or impersonations on Facebook by using the ‘Report’ link next to the content itself. Meta will then review the report and take appropriate action. To see instructions for reporting all types of content, go to ‘Reporting a Problem with Facebook’ in the Facebook Help Centre.

Report your hacked account

If you think your account has been hacked, there are actions you can take to secure it. Visit ‘Help with a Hacked Account’ in the Facebook Help Centre. As part of this process Facebook will require you to provide:

  • ID – here’s the details of the typs of ID Facebook accepts
  • A signed statement including:
    • Your relationship to the Business and authority to request access to the Business’s Facebook account
    • Your Business Manager ID
    • An explanation of your request – you should state that a hacker gained unauthorised access to your account and then removed you from your own business page (if that is the case)
    • The dollar amount of the last three invoices on your ad account – you should find through your emails or accounting software
    • The last 4 digits on your credit card and expiry date used on the ad account

Check for Any Unauthorised Payments

Whilst hackers can’t get access to your credit card details, they can spend your money on ads.

If there has been any suspicious ad account activity on the credit cards attached to your ad account then you should report this activity as soon as possible to your credit card provider, explaining that your ad account has been hacked. Even if ad spend has not occurred, you may wish to put a hold on those cards until this matter has been resolved as a precautionary measure.

What do I do if my Facebook Business Account is hacked?

Again, firstly keep your cool. Panic won’t help, but it is important to act quickly to minimise potential damage. 

If you’re unlucky enough to have already been the target of a hacker – don’t lose hope. There are things you can do to get your account back, and sometimes Facebook/Meta can even restore lost data if the hacker went on a deletion spree as well. 

Even if the hacker gained access to your account and spent a bunch of money on ads, Facebook will usually refund it. 

Report your hacked account

If you think your account has been hacked, there are actions you can take to secure it. Visit ‘Help with a Hacked Account’ in the Facebook Help Centre.

Facebook used to have live chat support for business accounts, but due to restructuring in the organisation, this is often not available.  The best thing to do is to keep contacting them and use the Help Centre to make complaints.

As part of this process Facebook will require you to provide:

  • ID – here’s the details of the typs of ID Facebook accepts
  • A signed statement including:
    • Your relationship to the Business and authority to request access to the Business’s Facebook account
    • Your Business Manager ID
    • An explanation of your request – you should state that a hacker gained unauthorised access to your account and then removed you from your own business page (if that is the case)
    • The dollar amount of the last three invoices on your ad account – you should find through your emails or accounting software
    • The last 4 digits on your credit card and expiry date used on the ad account

Facebook should be able to restore a business account if it is associated with your personal account. But unfortunately it can take some time, so it could be a couple of days before you get a response and (hate to be the barer of bad news) possibly several months before you get your assets returned.

However, Facebook ALWAYS replies in cases of fraud, so be patient, and everything will hopefully work out. 

Check for Any Unauthorised Payments

Whilst hackers can’t get access to your credit card details, they can spend your money on ads.

If there has been any suspicious ad account activity on the credit cards attached to your ad account then you should report this activity as soon as possible to your credit card provider, explaining that your ad account has been hacked. Even if ad spend has not occurred, you may wish to put a hold on those cards until this matter has been resolved as a precautionary measure.

Make some noise

If this fails, it may be time to take some other measures.

The Noisy Wheel Gets The Oil – How To Get Meta’s Attention

Some businesses have had success getting their accounts restored after getting the attention of the media – so use all your contacts to see if you can kick up a fuss.

Call In The Cavalry

There are also third-party agencies that claim to work as ‘approved’ Facebook agents and quickly resolve these issues. Many people on the internet have given them positive feedback, but it’s hit and miss. Try this only at your own risk since we are unable to verify these claims.

Take It Up the Chain

Another solution that may resolve things in your favour is to contact the Australian Small Business and Family Enterprise Ombudsman. They may be able to get in contact with Meta/Facebook on your behalf.

The Ultimate Solution

It’s impossible to entirely control what happens on Facebook – even if you keep the hackers out, an algorithm change can see all your efforts go down the drain. The truth you need to keep in mind is that ultimately, your Facebook page belongs to Meta, not you.

No business can afford to have “all their eggs in one basket” with Facebook (or any other social media channel). Making sure you have another way to contact, communicate with and sell to your clients and prospects is absolutely essential. For most businesses, a healthy email list is your best defence. Using social media and other marketing efforts to funnel prospects onto an email list is your smartest insurance against the inherent risks of social media.

With the right measures in place, you can ensure that if your Facebook page disappeared tomorrow, it would be an annoyance, not a business-destroying catastrophe. If you want some professional assistance on how to make your business more secure and sustainable, get in touch.

Do you want to achieve great Digital Marketing results FOR YOUR BUSINESS?

We have several options to help. You can learn how to do it yourself in the Click Engage Convert Academy, be coached one-on-one by our experts or just get the team at Impactive8 to do it for you. 

TEACH ME

Learn how to DIY in the Click Engage Convert Academy where you will receive training & mentoring with a dedicated community of business owners and expert support

Coach me

Access your own coach to guide you on your digital marketing journey. We can work with you side-by-side as you develop and implement your digital marketing strategy

Do it for me

Outsource your digital marketing to the Impactiv8 team of experts who can help with your Facebook Ads, Google Ads, Email Marketing and Website Optimisation