top of page

Beware of Facebook Business Account compromises

Do you have a Facebook page or group for your business? Because business pages frequently have a large number of followers, threat actors or cyber criminals are increasingly targeting them. And we don't 'like' that one bit!

Cyber Protect Officers from the East Midlands Special Operations Unit (EMSOU) - whom we work closely with - have issued warnings about the risks of a compromise, whilst also offering protective measures you can take to prevent cyber criminals accessing your page/group.

Shevani Raichura, Cyber Protect Officer at EMSOU, said:

“Taking over pages with large numbers of followers allows criminals to post phishing links, scams and other malicious posts. So, how do these threat actors do it?
It often starts with a phishing email. We have seen reports of an email from an address purporting to be from the Facebook Page-Support Centre asking the user to sign in and resolve an “issue”.
These emails often bypass spam filters and can often be accompanied by an alert on Facebook which makes it look legitimate. The notification on Facebook is often from an unlinked/unrelated page.
This is a typical phishing attack, with the aim being to capture your credentials and take over your account”

The below graphic is typical of what you may see...

So how do you protect your business account from this new phishing attack?

  1. Use two-factor authentication (2FA) on your important accounts such as email. This means that even if an attacker knows your passwords, they still won’t be able to access that account.

  2. Double check that email! Many phishing scams originate overseas and often the spelling, grammar and punctuation are poor. Others will try and create official-looking emails by including logos and graphics. Is the design (and quality) what you'd expect from a large organisation? Is it addressed to you by name, or does it refer to 'valued customer', or 'friend', or 'colleague'? These can be signs that the sender does not actually know you, and therefore could part of a phishing scam.

  3. Check the email address. If the email claims to be from a reputable company, like Microsoft or your bank, but the email is being sent from another email domain like, or it's probably a scam. Also be watchful for very subtle misspellings of the legitimate domain name. Like where the second "o" has been replaced by a zero, or, where the "m" has been replaced by an "r" and a "n". These are common tricks of scammers.

  4. If you suspect that an email message is a scam, don't open any links or attachments that you see. Instead, hover your mouse over the URL to see if the address matches the link that was typed in the message. Be careful not to click it though! In the below example, resting the mouse over the link reveals the real web address in the box with the yellow background. Note that the string of numbers looks nothing like the company's web address.

If you're suspicious that you may have inadvertently fallen for a phishing attack there are a few things you should do.

  1. While it's fresh in your mind, write down as many details of the attack as you can recall. In particular try to note any information such as usernames, account numbers, or passwords you may have shared. You can report this to Action Fraud either online ( or by calling 0300 123 2040.

  2. Immediately change the passwords on those affected accounts, and anywhere else that you might use the same password. While you're changing passwords, you should create unique passwords for each account, using three random words.

  3. Confirm that you have multifactor authentication (also known as two-step verification or two-factor authentication) turned on for every account that allows you to do so

  4. If this attack affects your work or school accounts you should notify IT support as soon as possible. If you shared information about your credit card or bank details, contact those companies to alert them to a possible fraud.



Report all Fraud and Cybercrime to Action Fraud by calling 0300 123 2040 or online. Forward suspicious emails to Report SMS scams by forwarding the original message to 7726 (spells SPAM on the keypad).



The contents of blog posts on this website are provided for general information only and are not intended to replace specific professional advice relevant to your situation. The intention of East Midlands Cyber Resilience Centre (EMCRC) is to encourage cyber resilience by raising issues and disseminating information on the experiences and initiatives of others. Articles on the website cannot by their nature be comprehensive and may not reflect most recent legislation, practice, or application to your circumstances. EMCRC provides affordable services and Trusted Partners if you need specific support. For specific questions please contact us by email.


EMCRC does not accept any responsibility for any loss which may arise from reliance on information or materials published on this blog. EMCRC is not responsible for the content of external internet sites that link to this site or which are linked from it.

bottom of page