This short blog is a bit of a PSA.
To put it bluntly, hacking attempts on Facebook business pages are going through the roof.
Some of my clients are receiving upwards of 20 messages a day, all of which are attempts to 'hijack' or 'phish' a login to either your Facebook account or take admin access to your Facebook page.
This can be disastrous for your business, as Facebook (well Meta now) has basically zero actual support and zero concern for the plight of individuals and businesses using the platform ... Meta just doesn't care in the slightest.
The typical hack/scam/phish attempt looks something like this.
You will receive a message to your Facebook business page that is usually some version/iteration of the following message.
The exact wording, the specific name of the profile sending the message, and the content of the message will vary but the theme is always the same - your Facebook page is in violation of Meta's terms and conditions, and if you don't follow the link in the message you are going to face some kind of negative consequence (e.g. banning from Facebook, or legal action).
It's fairly common for the spammer/hacker to be messaging from a profile that is made to look like some legitimate component of the Meta ecosystem, e.g. the page might be called 'Meta Business Support' or something like that. However, on closer inspection you'll see things like poor spelling and grammar in the message, 'funny looking' logos, weird characters in the profile title and so on. It also seems that whoever is doing this is moving on to just using any random profile name - like the example above - in order to try to hijack login details ... spray and pray, all day.
Another iteration of the scam to look out for is fake customers making complaints about non-existent orders. E.g. somebody will message your page saying "I bought your product and it arrived looking like this, click the link to see how disappointed I am".
Click that link, and you're in for a right headache.
These messages are effective (I know of several businesses that have been affected, often where an employee who has admin access to the business page thinks they are doing the right thing by following the link in the message ... only to find themselves very quickly off the 'employee of the month' shortlist)
I'm working on a new blog post about what you should do if you fall victim to one of these hacks, but in the short term the key thing to bear in mind is that you should not, under ANY circumstances click on any link in any of these messages, no matter how convincing it seems or how worried you are you've broken a rule.
At the end of the day, if you break a Meta/Facebook term or community guideline you'll know about it. Why? Because Facebook will restrict your account or stop you from commenting/posting/advertising with NO warning. They won't give you the courtesy of a warning via your Facebook page inbox, you'll just get some message flash up on-screen/in-app (don't ask me how I know).
Much like your bank (provided they have a modicum of security capability) will never ask you for your password, Meta will never communicate important issues with you via the inbox system of your business page in such a manner.
Therefore, do not click on any unfamiliar link sent to your Facebook business page - no matter how worried it makes you that you've broken some term of service.
In fact, I'd go so far as to say you shouldn't click on Facebook page inbox links AT ALL. Even if you know (because it's a friend, family member or customer you recognise) who is sending the message my advice is to contact them via an alternative channel, e.g. reply to their FB message via email or if you must click a supplied link, copy it first and then open another browser that isn't logged in to your Facebook account (e.g. if you use Chrome normally, open Safari and paste in there) and do not under any circumstance log in to anything if prompted to do so.