This is serious.
One fine day, I get a message of panic from a client who had a ‘new’ campaign spend $2000+ in a matter of 2 days…
…For a website (a .tk domain), that he had never heard of and clearly had nothing to do with his business!
Since, he & myself were the only people with access, he reached out asking why there are such ads running.
This was the first time I had seen something like this. We have a practice of putting a limit on the campaign to avoid overspending, so I was not sure what went wrong
The client’s first thought was that I was hacked into. However, I have always kept 2-Factor Authentication on my Facebook and whenever somebody logs in, I get a notification for approval. (This is standard even if you don’t have 2FA enabled)
But by the time, I was made aware of that ,the hackers had already spent some $2000 on a random e-commerce sites (possibly of replicas)
The theme of products being advertised were common in the 2nd instance as well:
How to know if it’s really them & not you or your staff
Now, Facebook has this thing called, “Campaign History”. It’s basically a history of all the activities performed on your ads by Facebook & people having roles on the account.
I asked the client to check that.
And what we saw is the reason I am writing this piece today!
It showed that ‘he’ had created those ads & running them.
It was obvious, that his account was ‘hacked’ and someone had understood the power of Facebook advertising to make themselves some $$$
I immediately asked him to change his password and implement 2FA.
He admitted to having an ‘easy’ password for a long time (we all are guilty to this)
And from what I understand, Facebook does not refund you on any amount you spend. Either they will charge your attached payment method or they will cancel the account upon non-payment.
So, it’s important that we take care of ourselves
Even 2FA’s not 100% safe but it’s very secure.
Here’s how to enable 2FA on your Facebook for protecting your personal account and funds in your ad account & other ad accounts assigned to you