Do You Use Facebook at Work? Watch Out for This Threat
Most of us who are active on Facebook have been known to check in from time to time while at work. And we’re not here to say there’s anything wrong with doing so — but it does come with some risk. And there’s an old ugly risk that’s been popping back up recently.
Here’s what you need to know about how cybercriminals are targeting Facebook users — and how businesses like yours are being affected.
Facebook Ads Aren’t Always What They Seem
The trouble comes in the form of Facebook’s on-platform advertising.
Ever since Facebook started selling ads injected straight into users’ news feeds, advertisers have been extremely clever in how they use this capability.
That includes legitimate businesses, which seem to have almost superhuman ability to target you with ads. You’ve probably had the experience of talking about (or even just thinking about) something you might want to buy, then seeing ads for that exact thing show up on social the next day.
It’s uncanny, but highly effective. And the bad guys are paying attention to the principles of how and why this works.
Look closely and you’ll see that Facebook ads aren’t always what they seem. Sometimes they advertise sketchy ecommerce sites or other “businesses” that just seem…off.
Most of us have the intuition to ignore these scammy ads when they’re about gaming or tennis shoes or toys. But what happens when these illegitimate ads are harder to spot?
Targeted Advertising Targeting Your Business?
This kind of targeted advertising is complicated, relying on numerous factors. Users’ age, geographic location, expressed interests, browsing activities, and more all factor into who see what ads. It’s why you’ll probably never see a fishing ad if you aren’t into fishing — but you’ll see them all the time if it’s your top hobby. And it’s why you might get ads for local restaurants or other businesses in a city you’re visiting.
But all of this ability to understand and target users can have a downside. In some cases, bad actors can identify users that are likely to be working in office settings or knowledge economy businesses. And they can then serve up scammy ads that are even more nefarious.
These ads don’t just try to sell you low-quality goods or collect personal information. They’re actually aiming for a bigger prize: your business’s data.
How the Scam Works
This new round of digital threat works by exploiting users’ desire to stay ahead in business. It’s already fairly normal for “work businesses” to advertise to personal accounts on Facebook. If you’re frustrated by your project management software and you turn to Facebook for a break, turns out that’s a great time to serve up a project management software ad.
But some of these business-oriented ads are hawking fake tools, or fake versions of real tools. Lately some of these have dealt with AI-powered tools that promise to supercharge productivity or something similar.
And the catch? Clicking those ads and installing those pieces of software could actually install malware on your work device. This malware could steal your credentials or sensitive data and just generally ruin your day (or week…or year).
How to Stay Safe
The strategies for staying safe from this latest round of phony Facebook ads are similar to the ones we usually share. Don’t click links you aren’t sure about — even on Facebook. If you’re really intrigued by an offer or a new-sounding piece of software, don’t click the ad unless you’re absolutely sure it’s legit.
Instead, try Googling the brand name or the offer. If you can’t find it via Google or another reputable search engine, it’s almost certainly not legit.
Last, never allow software to install on your work computer without vetting it via IT (or your managed IT partner). If you need help with this or anything else IT-related, don’t hesitate to reach out!