Hacks, Scams, Nigerian Princes, and Election Interference: Keeping Your Facebook Secure in the Digital Age
Picture this, you open your campaign’s Facebook page and check your notifications. You’ve received a message from another page bearing the Facebook logo called “Page Violations,” and they’re saying your page is in violation. They’re saying your page will be shut down if you don’t complete the next steps, and they’ve provided a link to do so. What do you do next? It looks legitimate, and you’re panicking. If you said you’d comply, you should read on. Even if you didn’t, hey, you might learn something new.
The security of your campaign is only as strong as its weakest link. Hackers and scammers multiply daily, their tactics advancing and becoming more convincing. Not everything is as apparent as the ‘Nigerian Prince Scam’ we all poke fun at (but even that one is infamous because it works; CNBC even said in 2019 that it still rakes in around $700K a year). Regarding campaign pages, every person with access is a risk point. Account security is a lot more nuanced than it once was.
Every person with access to your campaign page is essential to maintaining security. For a moment, view your Facebook page (like you would if you wanted to post) and access your settings. Follow these steps: Settings > New Pages Experience > Page Access. You should now be looking at a list of names with various access points assigned to them, up to full admin access, which enables complete control of your page. All the people in this list can access your campaign page in some shape or form. As standard practice, these users should be securing their accounts, and you should too.
Meta (Facebook’s parent company) offers guidelines to political candidates and their account managers – these bolster security and help keep your campaign safe from interference. As a bare minimum, I suggest EVERYONE with access to a candidate or campaign page do the following:
- Use a secure password that combines letters, special characters, and numbers. For example, BluePen_32! is more secure than bluepen32 (no, this does not access anything of mine, it just happens to be the object nearest to me right now).
- Set up two-factor authentication – this is offered through Meta on all their platforms and will require users to obtain a code to log in to their page successfully after the password is entered. Find out how here.
- Add password protection anywhere you would access these pages (phone, computer, tablet, etc.). As mentioned before, these should be secure passwords. A lost phone without a passcode is as much of a risk; it is almost always logged into these apps and defeats the purpose of other security measures.
The above list is not all-encompassing, and more can be done, but I suggest the above as a minimum level of security.
So, you’ve done the steps, but that message from the first paragraph hits your inbox, and you’re still trying to figure out what to do next. Breathe. These pages exist to phish and play off fear to access your information. Meta/Facebook will never contact you with this method. These messages are NEVER a risk unless you play into them. Once you receive the notification, check your page quality yourself (not by any links the spam page sent your way) by doing the following: Settings > New Pages Experience > Page Quality. This area will show you any violations against your page and let you handle them from there. If nothing exists in this area, go about your day knowing you have avoided a hacker. If something is there, DO NOT return to the message; instead, follow the steps in “Page Quality” to remedy the situation.
Every cycle, I find myself explaining this to multiple clients. This problem isn’t unique to an office level either; I’ve seen these scams come through campaigns at all levels – municipal, federal, and everything in between. Everyone is susceptible to scams, but knowledge is power, so go on, secure your account, and I beg of you, don’t click any random links saying your page is about to be shut down. Oh, and don’t give money to any Nigerian Prince either.
Be Informed, Learn More:
- https://www.cnn.com/2020/07/31/politics/democrats-facebook-hacking/index.html
- https://www.facebook.com/gpa/resources/basics/security
- https://www.cnbc.com/2019/04/18/nigerian-prince-scams-still-rake-in-over-700000-dollars-a-year.html
- https://www.facebook.com/help/148233965247823
- https://www.facebook.com/gpa/best-practices/candidate
Get on our Schedule: 2023 Texas and National Young Republican Convention
Are you attending the YR Convention in Dallas next week? We’d love to meet with you! We’ll have a few team members in attendance; reach out to them to set something up or email info@ascent-strategic.com.
- Derek Dufresne (Partner): derek@ascent-strategic.com
- Mark Warner (Senior Account Executive): mark@ascent-strategic.com
- Austin Buholtz (Account Executive): austin@ascent-strategic.com
