How to Protect Your Facebook Page from Hackers: The Facebook interview Scam

Angela Prosper
November 10, 2024

In today’s digital landscape, social media platforms like Facebook are not just networking tools—they’re essential business assets for small business owners, influencers, and creators. But with great utility comes great responsibility, especially when it comes to security. Recently, a new scam has emerged targeting social media creators, influencers, and business owners through deceptive podcast interview offers. Here’s how you can protect your Facebook account and avoid falling victim to this scam.

The Dreaded Facebook Page Takeover

Recently, I had quite the adventure helping a client recover her account after she became a victim of a Facebook interview scam. Talk about a “worst nightmare” scenario! She thought she was just setting up her Facebook for an interview, and boom—hacked!

You might have seen Dollar Tree Dinners chatting about this scam on her TikTok or Facebook, or maybe you’ve even been a victim yourself and are looking for solutions, and if you have, my heart goes out to you.  This kind of scam is not only frustrating and time-consuming, but it can also do serious damage to your online brand and reputation.

Check out the videos below where my client shares her horror story and the huge sigh of relief we both felt when we got her account back. Thanks to some quick thinking and a few slip-ups from the hackers (which I won’t share here to keep their vulnerabilities under wraps), we managed to reclaim her account in just 24 hours!

Unfortunately this is not the typical outcome—just a quick Google search will show you just how many creators are still battling to get back into their accounts.

It’s tough watching your loyal followers get fooled by a fake version of you while you’re stuck on the sidelines, but this is happening more and more often these days. We had been working on her Facebook account for a year at that point and had built it to over 150k followers, so it was an extremely stressful recovery, and every minute felt like hours.

@dollartreedinners

Replying to @Christy My Dollar Tree Dinners Facebook account got hacked and here is what happened so that hopefully it doesnt happen to anyone else

♬ original sound – Dollar Tree Dinners
@dollartreedinners

Replying to @Crinny I got my Facebook page back! And i wanted to thank Angela and @Suzanne SC at @rainydayprosper for helping me get through this.

♬ original sound – Dollar Tree Dinners

How does this Facebook interview scam work?

Since the incident, I’ve been perplexed about how the hackers gained access by having my client send an admin request to HERSELF and how such an intelligent woman could be misled. Others who experienced this hack also struggled to understand it, but much of it stems from the social engineering tactics the hacker employed to gain trust, as well as the vetting process through a trusted lead, which clearly failed to investigate this individual further before introducing them to my client. Trust-based social engineering is probably the most evil tactic they use because it, among other things, uses someone you have already vetted to gain access to you. In fact, according to Proofpoint.com, 74% of data breaches rely on exploiting the human element and 95% of cybersecurity issues can be traced to human error.

After some digging—and an inability to stop thinking about it until I unraveled the mystery—I finally pieced together what happened. Hopefully, these tips and insights will help if you ever find yourself in this situation.

Facebook wall decor

Here’s how the Facebook interview Scam works (I think):

A representative for a celebrity writer, podcaster, or popular show reaches out to the influencer, either directly or through their talent agency, to request a Facebook Live interview. To ensure everything runs smoothly, they want to have a video chat before the interview date to confirm that the influencer’s account is set up for live events and they are in a hurry to get this done asap. So far, it feels legit (sort of), and if the influencer wants to do some digging, they will see the writer is a real person, and the email looks right, so their guard goes down.

During the pre-interview call with their victim, they build trust by asking standard questions and speaking in their victim’s native language; they may even be charming with a “trustworthy” voice, but they never turn on their camera, so you can only hear them and don’t see them (red flag). 

Once trust is established, they direct the victim to share their screen to review the admin area of their Facebook account. They may notice it lacks certain features and suggest adding another admin account with a different email address to complete the setup properly for Facebook Live. Again – this feels safe because the hacker tells their victim that they can use their OWN email to do this! No need to give the representative (aka the hacker) access.

This is where it all goes wrong. 

During the video call, the hacker instructs the victim to add a new email as an admin to their Facebook Business Manager account. The hacker watches closely as the victim confirms the admin access via their personal email on the shared video call, which generates a unique URL sent to the victim’s email that can be seen by the hacker. They may even ask that you forward that email to them.

While this is a legitimate Facebook link, it can be exploited. For instance, if my client forwarded that email to someone else, that person could fill out the form and gain access immediately since Facebook Business Manager accounts don’t require the EMAIL to be linked to a personal page. The link only works once, though, so it is not intended to be shared or forwarded to anyone else but is easily compromised if seen in a video chat or forwarded.

While my client accessed the email with the invite link, the hackers captured that unique URL and quickly added themselves as admins before she could (I think this is how it happened, but I can’t be sure). Although the link is tied to the email it was sent to, the hackers didn’t need access to that email—they just needed that special invite link.

Once inside, they swiftly added another user with an email they controlled and removed my client’s admin privileges, all while she believed the account was being set up for the Live Event. 

What a complicated scam!

How did we get the account back?

Fortunately, she reached out to me right after the call because she suddenly found herself locked out of her account and had no clue why. As she explained what was going on, my heart sank. While we talked through her situation, we actually saw the account getting changed in real-time.

It was devastating, but during our call, we realized she had been hacked. We quickly reported both of our personal accounts as compromised using Facebook’s hacked form: Facebook’s Hacked Account page. But that was just the beginning.

One confusing thing about Facebook is how personal accounts connect to business accounts. The hackers quickly booted us from the business admin accounts, leaving us unable to use the support links within Facebook Business Manager. We had to rely on our personal accounts to get the Facebook page and business account back.

Another hassle with Facebook is the difference between the mobile app and the desktop version, which leads to mixed results and a frustrating maze of support pages that often lead to dead ends. 

My first move was to submit a support ticket as quickly as I could. Timing is everything here; if the hackers keep control of the account for over 24 hours, it gets tougher to prove it was hacked, and finding support chat options isn’t easy. I hit a bunch of dead ends and error pages on the desktop version simply because of the lagging in credential changes the hackers implemented, so I switched to the phone app.

Using my personal account again, I finally got to the support page. Depending on where you are and what type of account you have, this might look different for you, but here’s the direct link, and this link may not work if you lose access to your business page entirely:

https://www.facebook.com/business-support-home/.

Once you’re on that page, click the “Still need help?” tab, and you’ll see a “Contact support” button.

From there, you’ll pick from a list of options. If you see “Hacked Assets,” go with that or choose something that fits your situation. 

You’ll then need to type out your specific issue—be as detailed as you can! This is super important. Be ready to share key info like your Business Manager ID, Page ID, a link to the hacked page, your role there, and any other details that prove you own it.

If you make it this far, you’ll get added to a chat to go over the details again with tech support. 

What really helped us was knowing the details of these business accounts, so keep a document with that info handy; it could be the difference between saving your account or losing it for good. 

Another lifesaver was having multiple people on the account with admin roles, which makes it trickier for hackers to take over without raising red flags. Lastly, we already had security settings like two-factor authentication in place for the personal accounts, plus we made sure our admins had their security settings set up in order to access the business admin areas.

orange People You May Know neon signage

Red Flags to Look Out For:

It’s super important to spot the red flags that could signal a scam, especially when someone might be eyeing your social media accounts. Here’s a handy checklist of things to watch out for.

Email Requests from Unknown Senders

Be wary of emails from Gmail accounts claiming to represent celebrities or popular figures, even if they come through a vetted route like a friend or a talent agency. Legitimate agents often use official email domains but even these can be spoofed. If it sounds too good to be true, it probably is, but this doesn’t mean you need to say no to every opportunity; just be aware of what you share and don’t share in these interactions.

Urgency and Pressure

Scammers often rush you, creating a sense of urgency to bypass your rational thinking. Using Social Engeneering scemes.

Video Calls

If they insist on a video call for account setup, that’s a red flag. Especially if they request screen sharing but do not show their face. Be careful who you share your screen with.

Invisible Participants

Genuine representatives will appear on video calls. If they’re mysteriously absent, be cautious.

Requests to Navigate Admin Areas

Never allow anyone to guide you through sensitive areas of your Facebook Business dashboard unless they are a paid support staff or tech support from Facebook. In most cases, you do not need to show anyone the admin areas of your Facebook pages if you understand how to use these areas.

Links and Attachments

Be suspicious of unexpected links or attachments, especially those claiming to offer downloads, meeting links, or special offers. These can lead to phishing sites or install malware on your device.

Grammar and Spelling Errors

Professional communications will rarely contain typos and grammatical errors. If an email or message is riddled with mistakes, it might be a scam attempt.

Requests for Personal Information

Legitimate companies will never ask for this sensitive information through email or messages.

Lack of Contact Information

Real businesses provide their contact details which are usually branded. If you’re unable to verify who you’re dealing with due to missing or vague contact information, consider it a red flag.

Proper Vetting

Even if the contact comes through a legitimate source, make sure to protect your most personal details and look out for the red flags above.

How to Secure Your Facebook Account

Taking proactive security measures is key to keeping your digital presence safe. Cyber threats are always changing, so it’s important to stay informed and alert about potential risks. By putting your account’s safety first, you can greatly lower the chances of unauthorized access or data breaches.

Just remember, staying one step ahead with the right precautions can save you from the hassle and stress of dealing with compromised accounts. Here is a checklist of ways to secure your Facebook Account:

Enable Two-Factor Authentication

Activate 2FA to add an extra layer of security for your personal account as well as your business admin areas. This requires anyone trying to log in to enter a code sent to your phone or email. 2FA can be set up in your Security Settings via your personal account.

Never share your personal Facebook account credentials with anyone

If you need additional people to help manage your social media presence, consider establishing a Facebook Business Manager account. This allows you to add multiple managers with tailored access levels, ensuring security and control over your account.

Monitor Activity on Your Account

Check your login history, look out for suspicious activity, and log out of all active sessions if needed.

Use Unique and Strong Passwords

Avoid using the same password across different accounts. Invest in a password manager to keep track of complex passwords.

Regularly Update Privacy Settings

Routinely check your Facebook privacy settings to limit access to your information and control who can find you.

Educate yourself on Social Engineering

Learn why these tactics work so well on even the smartest victims.

Be Skeptical of All Requests

Even if the request seems legitimate, verify the source before proceeding and understand what you should and should not share. It’s always better to be safe than sorry.

Complete all business and personal details in your Facebook account

Many people overlook this step, but it’s crucial. If you don’t provide Facebook with accurate information about yourself, you may struggle to recover your business accounts if they ever get compromised. Transparency on Facebook is essential, especially when monetizing content or managing a business. Find more tips on the Meta Safety Center Page.

Understand the ins and outs of your Facebook/Meta Business Manager Dashboard

Facebook provides a wealth of resources and tutorials to help you become more familiar and confident with using its tools. Whether you’re just starting with Facebook Business Suite or looking to master advanced features, Facebook’s learning paths and guides cater to every skill level. These resources offer step-by-step instructions, video tutorials, and best practices for enhancing your online presence and ensuring the security of your accounts. With these tools at your disposal, you can manage your business seamlessly and protect your digital assets effectively. To explore these tutorials and enhance your understanding, visit the Facebook Business Help Center.

The Takeaway

The digital world is filled with opportunities—and risks. By staying informed and vigilant, you can continue to reap the benefits of social media while keeping your accounts safe. Remember, never share your screen with strangers or allow anyone to access your admin account.

Despite how professional the approach may seem, always verify the identity and intentions of those reaching out to you. Sometimes working with a small team offers you more perks and quicker support. If you are looking for someone you can trust to help you secure your social media channels and set you up for success, consider reaching out for a free consultation here!

Quick Links and Resources

  1. Keep your Facebook account secure
  2. How two-factor authentication works on Facebook
  3. Facebook Privacy Basics – A helpful resource to understand Facebook’s privacy settings more clearly.
  4. FTC’s Online Scams Advisory – The Federal Trade Commission offers advice on avoiding internet scams, including those on social media platforms.
  5. Facebook Reporting and Managing Abuse – Instructions on reporting suspicious activity and managing potential abuse on your account.
  6. Facebook Business Help Center – Official resources to support your Facebook Business accounts with various security tips and guidance.
  7. StaySafeOnline’s Social Media Cyber Risk Guidance – Provides general advice on the best practices for social media security.
  8. Cybersecurity & Infrastructure Security Agency (CISA) – Protecting Against Social Engineering – A guide to understanding and guarding against social engineering threats.
Angela Prosper

Angela Prosper

Angela Prosper is a writer, website designer and business coach for small businesses through Rainy Day Prosper.

0 Comments

Submit a Comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Pin It on Pinterest

Share This