Over the last three months, we have seen a huge increase in the number of phishing scams on Facebook. We know of one school and one local business that have fallen foul to these scammers and want to ensure you keep your pages safe from potential attacks.

The phishing attack claim to be from the Facebook Support Team or similar, stating that your page has violated the law (usually copyright) or Meta's guidelines. They threaten to permanently delete your page if you do not take immediate action. However, this action involves clicking a link, which can have serious consequences.

It is important to note that these messages are not from Facebook and are a phishing scam. By clicking on the link, you are giving the scammers access to your personal account, as well as your school page and any other page or group you are an admin of. Once they have access, they will often post spam content in an attempt to sell products such as trainers (they call them “sneakers”) or other items.
The scammers will change your password, email address and phone number, making it nearly impossible to regain access to the page. The recent breaches we know of happened because admins on the pages didn't have two-factor authentication set up or the knowledge that scams like this exist.
As school leaders, it is crucial to protect both your personal and professional accounts from these scams. Here are some tips on how you can stay safe and keep your school pages secure:
1. Be cautious of unsolicited messages: The first red flag to look out for is an unsolicited message claiming to be from the Facebook Support Team. Facebook will never contact you directly about a page violation or ask you to click on a link to resolve an issue. If you receive such a message, do not click on any links and report it to Facebook immediately. If you're still unsure, please don't hesitate to get in touch and we can give you some free advice on how to stay safe.
2. Enable two-factor authentication: Two-factor authentication (sometimes called multi-factor authentication or 2FA/MFA) adds an extra layer of security to your account. This means that even if someone has your password, they will need a unique code to access your account. Enable this feature on your personal Facebook account, or any other account, that is linked to a school page to prevent unauthorised access. We prefer to use MFA apps such as Authy or Microsoft Authenticator - these don't rely on your phone number and make it even harder for your data to be shared. It is essential that any member of staff who has admin access to your pages, has two-factor authentication set up. There can be no exceptions.
3. Educate your staff: As a school leader, it is your responsibility to educate your staff about online safety and security. Make sure they are aware of these scams and know how to spot them. Encourage them to report any suspicious messages or activity on the school pages. Ensure your staff are trained well enough to know the risks and how to prevent breaches.
4. Regularly check your pages: It is essential to monitor your school pages regularly for any unusual activity. If you notice any suspicious posts or changes on the page, remove them immediately and change your password. You can also check the "Page Roles" section to see if there are any unfamiliar admins listed.

It is crucial to be vigilant and cautious when it comes to online scams. As school leaders, you have a responsibility to protect your personal and professional accounts, as well as your students and staff. By following these tips, you can stay safe from Facebook spam and protect your school pages from being compromised.
If you have fallen victim to this scam or have any concerns about the security of your school pages, please do not hesitate to get in touch. Our team is here to support and guide you in keeping your online presence safe.
Let's work together to protect our school communities from these malicious attacks.
As always, if you have any questions or would like a chat about how to keep your pages safe from attack, please don't hesitate to get in touch: ☎️ 01249 588 228 / 📧 info@mitchelldigitalmedia.co.uk. Someone in the MDM office will be happy to talk you through what you need to do.
Stay safe and stay vigilant.
Comments