For many small businesses, Instagram and Facebook are vital channels for marketing, customer service, and brand building. But as social platforms grow in importance, so too does the risk of losing access to them. Increasingly, businesses are being targeted by scams – often involving impersonation, phishing, or misuse of Meta’s own verification systems.
Here are five important things every business should be aware of:
Business account hacks are common
It’s not just large corporations being targeted. Independent businesses – from wedding dress designers to local trades – are frequently caught out. A recent BBC article reported that when Catherine Deane’s Instagram account was hacked, she described the experience as “devastating.” Her business had invested heavily in growing and maintaining its Instagram following, only to lose control after an employee responded to a convincing verification scam. Unfortunately, her case isn’t unique. Thousands of business pages are hijacked every day, according to cybersecurity experts, often via lookalike messages that promise benefits like a blue tick, or that accounts need to verify details to keep running.
Recovery from Meta can be a long, frustrating process
What makes the situation worse is the difficulty many businesses face when trying to recover hacked accounts. Meta’s support infrastructure has been heavily criticised for its lack of transparency and responsiveness. In Ms Deane’s case, it took four months and constant pressure on a personal contact within the company to get the account reinstated. Many others aren’t so lucky and may never regain access. Some even report their cases being marked as “closed” while they are still locked out.
Scammers use sophisticated techniques to take over accounts
Scammers often impersonate Meta support, sending messages that appear to be legitimate – complete with logos and branding. These messages frequently warn of supposed copyright infringements or violations of terms, followed by requests to "verify" your account. The link then leads to a fake Meta login page designed to harvest credentials. Once inside, hackers often target personal Facebook accounts that have admin access to business pages, locking out the real owners and even disabling their personal accounts through malicious posts.
Accounts can be disabled even if they’re not hacked
Not all issues are the result of scams. Some businesses have reported being locked out of their Facebook or Instagram pages without having been hacked at all. One franchisee’s account was wrongly flagged as a duplicate simply because another franchise location was granted verification. In another example, a mobile bank’s page disappeared overnight, and despite repeated support requests, Meta staff were unable to restore access. In both scenarios, the absence of a clear appeals process or real-time support left the businesses powerless.
Meta’s security measures are not keeping pace
While Meta has introduced tools like two-factor authentication and Security Check-Up, cybersecurity experts argue that the measures in place are not enough. As scammers increasingly harness AI to make phishing messages even more convincing, the risk is growing. Businesses that rely on Meta’s platforms are being urged to stay vigilant, question any unexpected requests for credentials, and take additional precautions – such as regularly updating passwords and ensuring multiple trusted admins are in place.
By taking proactive steps and being cautious with messages that seem even slightly unusual, businesses can reduce the risk of falling victim to a scam. But until Meta improves its support systems and recovery procedures, companies should treat their social media access as a business-critical asset – and protect it accordingly.
Here at BBI Brandboost as part of our social media service, we keep an eye out for any scams that could affect the performance of an account. If you would like some expert help managing your social media accounts please get in touch.