Attackers are demanding ransoms for Facebook Accounts
Recently, the North West region has seen a sharp increase in reports from businesses that have been victims of attacks against their company Facebook profile(s). The Attackers are compromising Facebook accounts, changing details and then demanding the victims pay a ransom to regain access.
How are Cyber Attackers getting into your Facebook business account?
The Attackers use varying tactics to gain access to the business account initially, this could be through a Phishing attack against an employee, finding a leaked password on the internet, or guessing the password if it is weak.
Once inside, they change the email address and password of the account so that the business no longer has access and the Attacker has complete control.
MoneyWeek recently also posted on this topic saying that a growing number of businesses have had ad accounts hacked, and found themselves with a large bill run up by their attackers. This scam sees the hackers access the business’s settings, enabling them to change spending limits and other controls. It can be difficult to put a stop to this fraud, even after the business has spotted the problem.
What is the impact of a cyber attack on your business via Facebook?
From here the Attacker will set up recurring advertisement payments using the bank details - those of the victim - associated with the account. While this is high risk and can be very costly to the business, the Attacker uses the payments as a lure for further extortion by demanding the victim pay a ransom to regain access to their Facebook account.
If the victim refuses to pay the ransom, it has been reported that the Attacker will then post extreme and/or indecent content on the business's account. This forces Facebook to close the account, however, this does not stop the advertisement charges so the business still suffers financial losses.
The combination of the financial losses and the disastrous reputational damage from the content the Attacker posts mean this is a very high-risk threat.
Eight ways to secure your Facebook account
If you suspect your account may be targeted, or think your password could be accessed, reset it and use 3 random words. Read more here
Enable multi-factor authentication (MFA) on your account, either through SMS or using an authenticator application.
Facebook advises businesses to ensure the phone numbers and email addresses on the account are updated, this can allow you to recover your account more quickly.
Review which payment methods are linked to your account. Do they need to be there? Are you no longer running adverts? If not, remove those card details.
Review who in your business needs access to the account. Ensure that only the most relevant employees have advertising access - fewer people with access mean the attackers have fewer people to target with social engineering or phishing Attacks.
If you think an admin account has been used to compromise your business, you can remove its access privileges on your settings page.
Regularly conduct Security Awareness Training for all employees within your business.
Facebook itself will never send small businesses direct messages; instead, it will send an email. Businesses should not respond to a message sent by an account claiming to be Facebook – it is likely to be a scam!
How can the NWCRC help you?
The first step of these attacks is commonly a Phishing Attack to try and steal login credentials (username & password) from a business employee - Security Awareness Training has been proven as one of the best ways to combat this.
This is where we come in, our highly trained consultants can conduct Security Awareness Training sessions for your business. Click here to contact us and learn more.
We can also offer your business a Cyber Health Check that will provide your business with a summary of any Cyber Risks and an action plan which will help protect you against the latest cyber threats.