Has your Meta ad account been hacked? Your money already has been expended, or do you fear potential financial losses? This guide offers a brief yet comprehensive overview of the initial steps necessary for recovery and strategies to mitigate the risk of future breaches.
What happened?
Have you received an email notifying you of unfamiliar charges on your payment method associated with your advertising account? Alternatively, have you logged in to discover a newly added administrator while finding yourself removed from the admin role?
This situation poses a problem because this newly appointed administrator possesses the capability to generate new advertising accounts, establish new campaigns, and create additional pages. Furthermore, they have unrestricted access to all your payment methods, ultimately gaining control over all the features within your Business Manager account.
Why is someone hacking your ad account?
Hacking into your advertising account presents an attractive opportunity for hackers to execute numerous advertisements, often promoting affiliate offers or other ventures that yield payouts upon generating sales. By exploiting your payment method, they secure free traffic to run these campaigns. Typically, hackers aim to maximize expenditure swiftly, altering daily budgets and limits to achieve their goals within the shortest timeframe possible.
What should you do if you’ve just been hacked?
1 – Contact Meta immediately
Get in touch with Meta immediately via business.facebook.com/help to report the hacking incident on your advertising account. Meta will initiate a support ticket on your behalf. However, it’s important to note that Meta doesn’t offer dedicated personal contacts for small agencies or freelancers. Consequently, it might take several days to receive a response to your request, and potentially weeks to months before regaining access to your account. Despite this, notifying Meta remains a critical initial action.
2 – Disconnect all linked partners or ask your partners for a disconnect
Subsequently, it’s essential to sever connections with all partners you’ve engaged with or granted access to through the Business Manager. This precaution is warranted as campaign managers frequently possess access to the Business Managers of partners. Consequently, if a hacker gains entry to your Business Manager, they could potentially access not only your own account but also those of your partners, thereby compromising all associated payment methods and assets.
If you’re unable to disconnect your partners, promptly reach out to them and request that they disconnect you from their Business Manager. This proactive communication is essential to safeguarding your account and preventing any unauthorized access or potential security risks.
3 – Block all your credit cards
A crucial measure is to block all stored payment methods, particularly credit cards. Depending on the credit card issuer, it may also be feasible to block specific payment transactions to a particular provider. Nevertheless, opting to initially block the credit card entirely ensures a safer course of action.
4 – Deletion of all payment methods
It’s not only essential to block the credit card, but also imperative to delete all stored payment options. This action is vital in preventing hackers from further expenditure on campaigns.
5 – Take screenshots of your account balances
For the subsequent reimbursement process with Meta, it’s crucial that they can distinguish between your legitimate expenses and those incurred by the hackers. Therefore, endeavor to capture screenshots of all campaign account balances as well as conspicuous campaigns and basically anything that helps you prove that the campaign was set up by a hacker. This documentation will serve as evidence to demonstrate that unusually high expenses were initiated by the hackers. Meta has established procedures for reimbursing such expenses, ensuring that you’re not held liable for the actions of hackers.
How can you prevent your Meta ad account from being hacked in the future?
Here are several steps to assist you in reducing the risk of your Meta ad account being hacked in the future. However, it’s crucial to understand that even with these measures in place, there’s no guarantee that such incidents won’t recur. Unfortunately, in today’s landscape, hackers frequently find ways to bypass security measures.
1 – Two-factor authentication
It’s crucial to enable two-factor authentication (2FA) for your personal Meta ad account. Within your Business Manager settings, navigate to the “Security” section, where you’ll find an option to require two-factor authentication for anyone associated with your Business Manager. Ensure that this option is always activated, as it mandates 2FA for all individuals with access to your Business Manager. This additional layer of security helps safeguard your account against unauthorized access and potential security breaches.
While 2FA is undoubtedly a crucial security measure, recent cases highlight the concerning trend of hackers finding ways to circumvent this safeguard more and more often.
2 – Set up security alerts
You have the option to receive notifications whenever your Meta account is accessed from a new device. These notifications, known as login alerts, can be found in the “Security” menu. Enabling this feature enhances your account security by providing real-time updates regarding any unauthorized attempts to access your Meta account from unfamiliar devices.
3 – Set limits for accounts
You have the capability to adjust the billing threshold and spending limit within your ad account, which can potentially mitigate the impact of a fraudulent ad. Even if hackers have tampered with these settings, the system should alert you to any modifications. This notification itself serves as a valuable alert, prompting you to investigate your account for any suspicious activity.
4 – Strong passwords
In today’s digital world, it’s crucial to use strong and unique passwords. Luckily, there are many trusted password management providers available, offering helpful solutions to boost security and simplify the management of passwords.
5 – Check who has access
You should review the individuals who have access to your Business Manager. It’s common for agencies that have collaborated with former employees to retain access to the Business Manager. Alternatively, an account might be compromised if the Meta profile of a former employee, who still had access to the Business Manager, is hacked. Ensure that individuals who no longer require access to the Business Manager are promptly removed from the account.
6 – Keep track of linked devices and apps
Within your personal Meta page, navigate to the “Security” section to review recent login activity, manage devices with account access, and monitor the apps you’ve authorized over time. It’s crucial to keep track of these details as losing access to your Meta account can also occur through compromised apps. Stay vigilant in monitoring and managing your account security settings to mitigate potential risks.
7 – Train your team
If you collaborate within a team, it’s essential to educate everyone about potential phishing scams and instill proper cybersecurity principles. Sharing insights from this post can also contribute significantly to enhancing the team’s awareness and preparedness against online threats.
adnomaly: The ultimate solution for protection against unwanted spending and hacker attacks in advertising
adnomaly is a software that helps you protect your campaigns from unnecessary spend and maximize your ROI in social, search and programmatic environments.
adnomaly helps you meet media standards, identify performance outliers and ultimately minimize errors.
In the event of a hacker gaining unauthorized access to your Meta ad account and initiating new campaigns or altering budgets, adnomaly software operates in real time to detect and promptly block any abnormal campaign activities. Simultaneously, it provides immediate notifications to alert you of the detected irregularities, allowing for swift action to address the security breach and mitigate potential damages.
adnomaly effectively prevents your primary concern: financial losses incurred due to hackers.
You want to secure your meta ad accounts, prevent extraordinary expenses and boost your campaigns at the same time?
Book a demo and discover the full potential of adnomaly: https://adnomaly.de/demo/
