Phishing attempts are part of our everyday lives. We’re mainly familiar with them in the form of suspicious text messages or emails telling us we’ve inherited a pile of cash and only need to follow their instructions to claim it.
Phishing isn’t limited to emails and texts, but also includes attempts to hack your ad accounts. How do they do it? Data pirates use multiple methods to access your Gmail or Facebook accounts and other identifiers that give them access to your ad accounts. Once a connection is made, an automated script changes all the destination pages for your ads and redirects traffic to their own digital property. Once accomplished, they can benefit from your media investments to generate maximum traffic to their own websites.
We’ve seen a significant increase in this type of fraud in recent years. Here’s how to protect your accounts so you can limit direct financial losses as far as possible.
The answer to this question might seem obvious, but since we’re still noticing a few blind spots far too often, now would be a good time to review what’s at stake. An unsecure email address may represent a potential hacking risk that affects all your media activities, in addition to reducing the possibility of receiving a reimbursement from the platform if a hack occurs. Furthermore, we regularly see increases in phishing emails. So this means you need to be even more vigilant.
Never send connection information by email. In the case of Facebook, for example, fraudulent emails may look like:
If you can’t be sure of the provenance or validity of an email, we highly recommend you immediately get it verified by a member of your media team, a Facebook representative or even take a look at help pages like this one. This also applies to Google, TikTok and any other media platform.
You could start by asking for help from your media team, or follow the steps below.
Determine one or several contacts tasked with managing access and security for your ad accounts. Their role will be to ensure your passwords are secure and accessible only to select people internally, and they will be able to grant access as needed to specific people (administrators, employees, an agency, etc.). Furthermore, we also highly recommend managing employee access on your own side, to avoid having an agency or third party grant individual access to your employees.
Verify the access levels currently in place for your ad accounts. Depending on the platform, go to the settings section and find the access and security section. It’s also highly recommended to have at least two administrators per ad account and at least two payment methods. This way, if something happens, you’ll always have a second chance.
Go to Business Settings > Users > People
Go to Tools and Parameters > Access and Security > Users
Other than giving you an opportunity to stretch your legs a bit when you get up to get your phone so you can enter the code texted to you when connecting to the Business Center on Facebook, two-factor authentication allows you to pretty much guarantee the security of your accounts. That’s why this step is, in our opinion, the most important one of all.
To verify whether two-factor authentication is activated by default on your account, visit Company Information > Company Options. Activate two-factor authentication for everyone.
Visit Tools and Parameters > Access and Security > Security. Activate two-factor authentication by default.
Ad platforms are now asking companies to confirm their identities. If you haven’t already, we recommend doing so.
Visit Business Info > Business Information > Business Verification. If your company’s information hasn’t been verified, follow the instructions for doing so. If the button “Start verification” doesn’t display, it’s because your business does not need to perform the verification. To see what types of businesses require verification, click here.
Usually Google sends an email to ask advertisers to verify their identities. You can ensure this step has been performed in the section Payment > Advertiser Verification. If the advertiser identity hasn’t yet been verified, you’ll see a window like the one below. Click on Verify an Advertiser and follow the instructions.
We hope this article has helped you protect your ad accounts with a little effort. While it might seem like a chore, verifying the security of your accounts is essential. If necessary, our team is available to help. Don’t hesitate to get in touch with an Adviso expert.