The Great New Facebook Ads Scam ($2000 lost in 2 days)

This is serious.

Unauthorised spend in owner’s account

One fine day, I get a message of panic from a client who had a ‘new’ campaign spend $2000+ in a matter of 2 days…

…For a website (a .tk domain), that he had never heard of and clearly had nothing to do with his business!

Use of a .tk domain (saving costs)

Since, he & myself were the only people with access, he reached out asking why there are such ads running.

This was the first time I had seen something like this. We have a practice of putting a limit on the campaign to avoid overspending, so I was not sure what went wrong

The client’s first thought was that I was hacked into. However, I have always kept 2-Factor Authentication on my Facebook and whenever somebody logs in, I get a notification for approval. (This is standard even if you don’t have 2FA enabled)

Standard 2FA Authentication on Facebook

But by the time, I was made aware of that ,the hackers had already spent some $2000 on a random e-commerce sites (possibly of replicas)

The theme of products being advertised were common in the 2nd instance as well:

How to know if it’s really them & not you or your staff

Now, Facebook has this thing called, “Campaign History”. It’s basically a history of all the activities performed on your ads by Facebook & people having roles on the account.

I asked the client to check that.

And what we saw is the reason I am writing this piece today!

Actual screenshot from client

It showed that ‘he’ had created those ads & running them.

It was obvious, that his account was ‘hacked’ and someone had understood the power of Facebook advertising to make themselves some $$$

I immediately asked him to change his password and implement 2FA.

He admitted to having an ‘easy’ password for a long time (we all are guilty to this)

And from what I understand, Facebook does not refund you on any amount you spend. Either they will charge your attached payment method or they will cancel the account upon non-payment.

So, it’s important that we take care of ourselves

Even 2FA’s not 100% safe but it’s very secure.

Here’s how to enable 2FA on your Facebook for protecting your personal account and funds in your ad account & other ad accounts assigned to you

<a href=""></a>