In an era where digital landscapes evolve at a rapid pace, the security of online assets is non-negotiable. This cautionary tale narrates our first-hand encounter with a hacker who exploited Meta Business Manager, emphasizing the significance of robust cybersecurity measures. As we navigate through the aftermath of the breach, this journey unfolds valuable lessons and insights that every business, marketer, and startup should heed. Join us as we unravel the complexities of the attack and delve into the layers of security that can safeguard your digital fortress.
In the fast-paced digital age, the security of your online assets, especially on platforms like Meta Business Manager, is paramount. Businesses often overlook the significance of robust cybersecurity measures until they find themselves facing a hacking incident.
Our journey into the world of cybersecurity began unexpectedly on August 14, when our business manager fell victim to a hacker using the domain email ending in @pretreer.com. Little did we know, this was the start of a challenging ordeal that would test our resilience and prompt a reevaluation of our security protocols. Let's dive deeper into this story full of experiences, adrenaline and most valuable lessons that forever changed the face of cyber security.
In a digital drama that unfolded on August 14, our business manager faced a relentless assault from a hacker sporting the domain email @pretreer.com. The stakes rose dramatically on August 16 when a deactivated campaign suddenly resurrected, incurring a hefty 6,000 euros for fraudulent advertising. A mysterious twist emerged as two identical names surfaced in our account settings—one, wielding full control with the @pretreer.com domain, and our admins demoted to partial access.
Quick to react, we sought refuge with Meta Support. In subsequent weeks, our case confirmed the malicious intrusion, leading to the expulsion of the malevolent actor by early September. With the fraudulent charges nullified, our focus shifted to the refund process.
September 6 brought a pivotal moment as Artem added a new card, fortunately unlinked to the advertising account. The plot thickened with Meta's warning of suspicious activity, unveiling a recurring intrusion by the scammer posing as "Meta Support." Meta's promise of immediate action, coupled with unexpected requests on the personal page of our key admin, heightened the suspense.
Drama peaked on September 11 when the scammer ousted responsible admin from our business manager, wielding full control. Faced with a communication blackout from Meta Support and assertions doubting the account's compromise, we took matters into our own hands. Initiating another case, we elevated support to Meta Support Pro, confirming the account's compromise. In early October, victory arrived—reimbursement for fraudulent charges, the exit of the scammer (@pretreer.com), but control transferred to the enigmatic Sompal Singh.
Recent revelations from Meta Support Pro painted a picture of intrigue—the primary scammer distributed invitations with full control access. Despite removals, the scam team's persistence poses an ongoing cybersecurity challenge. The Internal Team, our digital heroes, now grapples to rectify this persistent issue, unveiling the complex nature of our digital adventure. The saga continues in the ever-evolving realm of cybersecurity challenges we navigate.
The financial toll was substantial, but the emotional toll was equally profound. The breach not only jeopardized our business but also eroded the trust we had in the security of Meta Business Manager.
This unfortunate incident taught us invaluable lessons about the vulnerabilities that businesses face in the digital landscape. It emphasized the need for proactive security measures to mitigate the risks associated with online platforms.
In times of crisis, understanding the support available is crucial. Meta offers a multi-tiered support system, including the Internal Team, Meta Payments Support, Meta Pro Team, and Meta Support Pro.
For businesses navigating a hacking incident, prompt communication with the support team is essential. This link takes you directly to Meta's support, where you can open a case. You can also reach Meta support with Business Manager and Business Suite or by completing Meta Forms. More detailed instructions on how to do this can be found in this great article , which really helped us out on the first day of the incident.
First of all, we would like to note the speed of Meta Support team's response, in all cases after creating the ticket they contacted us in Live Chat within 5-10 minutes. We would also like to thank Meta for the opportunity to call a support representative. It is much easier and faster to tell about the situation than to describe the whole chronology of events. But if you are not a phone supporter, you can always stay in Live Chat, which is also great.
We also want to share our observations about support levels. Our experience has shown that different levels of support meet specific needs. While Meta Pro Team provides initial assistance, Meta Support Pro allows for a deeper understanding of complex problems, which ensures a more effective solution. And the Internal Team is the strength and power that remains behind the scenes, but continues to work tirelessly to solve the issue at the technical level. Also, if you have money issues, it is better to contact Meta Payments Support.
Understanding the motives behind cyberattacks is a complex but crucial task for fortifying digital defenses. Drawing from our experience, we believe this incident was a deliberate and well-organized fraudulent scheme with the primary aim of profiting at the expense of unsuspecting consumers. The ad launched from our account directed users to a suspicious website offering goods at an 80-90% discount. It is our certainty that none of the users who made purchases received their goods.
Afterwards, we discovered that many Business Managers were hacked on the same day, all originating from the same domain email, @pretreer.com.
The breach of our Business Manager was not a typical cyberattack; it was a sophisticated and highly skilled operation. We have contemplated extensively on how it might have transpired and, piece by piece, formulated several hypotheses:
Initially, we considered the possibility that the attackers used programs to gather cached data where all accesses are stored. However, this theory was contradicted by the fact that no team member with full access clicked on suspicious links, and despite multiple password changes, the scammers retained complete control of the account.
Subsequently, we observed new details that later coalesced into a plausible theory. A colleague who experienced the hacker attack noted a slowdown in her computer, suggesting the potential presence of hidden malware. This was later confirmed by antivirus tool checks. Additionally, her personal page displayed suspicious IP addresses on the day of the hack.
This led us to theorize that hackers might use malware to remotely access the victim's computer. This could explain how they retained access despite password changes and resumed the attack when a new payment method was added. An intriguing observation supporting our theory is that once our colleague changed her laptop, the attackers removed her altogether from the Business Manager. Changing the password from a new, uncompromised device seemed to thwart their control.
However, these are speculative theories not fully confirmed; even Meta Support cannot definitively explain how the account was compromised.
As technology advances, attackers' methods become more cunning and sophisticated. It emphasizes the need for those working in the digital space to treat cybersecurity with utmost seriousness and actively apply it in practice.
Before delving into the specifics of securing your Meta Business Manager, it's crucial to emphasize the overarching importance of adhering to internet security principles. Whether you're an individual, a marketer, or a business owner, safeguarding your data is paramount. Meta recommends a combination of general security basics and specific practices for Business Manager security to ensure comprehensive protection.
Create robust, unique passwords and regularly update them. A strong password is your first line of defense against unauthorized access.
But how to create a really strong password? Just use these simple tips:
Exercise caution when clicking on links or using third-party applications. Verify their legitimacy to prevent falling victim to phishing attempts.
Regularly clear your browser's cache to remove stored information that could be exploited by potential hackers.
Do not share access or login confirmation codes with unverified individuals. Limit access to trusted team members only.
Utilize security checkup tools provided by Meta to review and enhance the security of your account.
Educate your team members about internet security practices. A well-informed team is an essential component of your overall security strategy.
Regularly review and manage the list of people with access to your Business Manager. Ensure that only authorized individuals have control over your business assets.
People with full control can download information on people's permissions and business history. This aids in auditing and identifying any unauthorized activity.
Manage a list of trusted email domains to enhance security. Only invite individuals from trusted domains to your Business Manager, adding an extra layer of protection.
Make two-factor authentication mandatory for all individuals in your Business Manager. This additional layer of security ensures only authorized access.
If eligible, go through the business verification process. This helps establish your business as a legal entity, providing access to additional features and products.
Always have two active individuals with full control to manage important permissions and respond to suspicious activity promptly.
Control who can create and edit ads linking to your domain. Restrict ad link editing permissions to trusted employees and partners.
Have two active people with full control to secure credit lines. This ensures that requests to share a credit line are approved by multiple individuals, preventing unauthorized access.
In addition to Business Manager security, Meta provides comprehensive tips on how to keep your Facebook Account and Business Page secure. Furthermore, ensure your business remains resilient by exploring Meta's advice on keeping your business running from home. Familiarize yourself with these resources to fortify your defenses against potential cyber threats from any direction.
Remember, your commitment to internet security is not just a precaution; it's a proactive stance against evolving cyber threats. Stay vigilant, stay secure.
Our journey through the Meta Business Manager hacking incident has been an odyssey, underscoring the critical need for robust security practices. This extensive narrative aims to serve as a comprehensive guide, shedding light on the intricacies of our experience. By sharing this cautionary tale, we hope to empower fellow marketers, businesses, and startups to prioritize online safety and remain vigilant against the ever-evolving landscape of cyber threats. In the dynamic world of digital marketing, safeguarding your assets is not merely a best practice; it's an imperative for the longevity and resilience of your business.