Looking for solutions if you’ve had a Facebook ad account hacked?
I’ve worked at Facebook for many years and help businesses and ad agencies avoid and recover from restricted ad accounts. And today you’ll learn what to do when you have a Facebook ad account hacked, and and ways to prevent getting a Facebook ad account hacked.
Facebook Ad Account Hacked: A New Epidemic
It’s crazy folks, at this point in time, there are thousands of hackers trying to take your ad account for a ride and spend a ton of your hard-earned dollars on junk and spam ads. But haven’t there always been hackers? Sure, but now AI is powering the massive increase in hacking incidents worldwide.
For example, Check Point Research’s 2023 Mid-Year Cyber Security Report found there was an 8% spike in global cyberattacks in the second quarter of the year – the most significant increase in two years – and the analysts blame the surge on the misuse of generative AI tools like ChatGPT.
What this means for you, the business or ad agency running ads on Facebook is that you are more at risk than ever before, and if you’re not careful you can lose your money-making machine, and get ad accounts restricted and business managers disabled, even if it isn’t your fault.
(Missed my guide to navigating Circumventing Systems? Check it out for tips avoiding Facebook ad bans)
Cyber crooks are making almost 1,000 attempts to hack account passwords every single second in new cyberattacks– and they’re more determined that ever, with the number of attacks on the rise. Whether you’re reading Check Point Research’s Report or Microsoft’s Digital Defense Report 2022 – the evidence shows you need to make cybersecurity and preventing getting a Facebook ad account hacked a top priority this year or suffer the consequences.
I’m going to share some tips on what to do when you have a Facebook ad account hacked and how to prevent it, but let me also share, that if you have been on Facebook’s radar for other Facebook ad policy flags, you’re in the right place.
Like my client, Amazon Reality TV Star and Ms. Universe winner Juanita Ingram found out, there are micro flags in ad copy and landing pages that have to be removed first before attempting to appeal or relaunch a brand with Facebook, or recover an unpublished Facebook Business Page.
Want the same white glove treatment navigating Facebook shutdowns?
Click here, to schedule a discovery call.
Facebook Ad Account Hacked: Payments
The first place to look is in your billing to locate any suspicious payments for Facebook ads.
If you suspect you may have been hacked or have a Facebook ad account hacked, you’ll want to check on the billing history to locate unauthorized charges.
The billing section is where you can find the billing information of your ad account. There, you can view your payment history and get receipts for payments you’ve made for your ads.
To learn more about a specific charge, go to the list of transactions in the Billing section. Then, click the Transaction ID of the charge you want to know more about. These steps bring you to your receipt for that charge. Your ads receipt shows the information like how much you paid, when you paid, which payment method was charged and which ads you spent money on.
This is where you want to view the transactions – or Facebook ad charges – to see if your Facebook ad account suddenly started spending a ton of money, which may be a sign that you have a Facebook ad account hacked.
But there’s another way you can see if you have a Facebook ad account hacked and are bleeding money: the payment threshold.
See if you reached your payment threshold or monthly bill date
Once you have your ads receipt, you can review the Billing reason that’s listed on it to find out why you were charged. It lets you know if a charge happened because you reached your payment threshold or monthly bill date.
Remember that it’s normal to be charged for ads multiple times a month or even after you’ve stopped running them. This is because when you create ads on Facebook (like boosting posts from your Page), you don’t pay for them right away. Instead, as they run and people see them, they accrue ad costs that you’re charged for later.
Facebook Ad Account Hacked: Charges
I mention this because just because you see a bunch of charges you weren’t expecting, doesn’t always mean you have a hacked Facebook ad account. It could be larger charges for legit Facebook ads you ran, are just being broken up into smaller more frequent charges depending on your billing threshold. When I was working at Facebook in ads, more than one advertiser didn’t understand how those worked.
There are 2 ways you’re charged for Facebook ads:
1. Whenever your ad costs reach your payment threshold.
2. On your monthly bill date
A payment threshold is an amount that you can spend on ads before Meta aka Facebook charges you for them. Whenever your ad costs reach your payment threshold, Facebook charges you that amount. Your monthly bill date is when Meta charges you each month for ad costs that don’t quite reach your payment threshold.
So, you may be charged multiple times or just once in a given month, depending on how much money you’re spending on ads.
I’d suggest checking this out first, just make sure you are not mistaking multiple charges for genuine ads you ran as being hacked. After doing so, if everything matches up with your normal billing history for Facebook ad marketing, next take a look at your daily budget or lifetime budget to see how frequently your ads are spending money before you assume you have a Facebook ad account hacked.
Not dealing with a Facebook ad account hacked, but still need to recover from a restricted ad account to get your Facebook ads live again?
Want one-on-one professional guidance from someone who worked with the Facebook policy team, so you don’t have to guess anymore? And prevent bans? Schedule a discovery call with me here.
Facebook Ad Account Vs Budget Settings
I’ve heard “My Facebook ads account got hacked” from multiple clients over the past 6 months as the hackapocalypse has been snowballing globally at huge numbers. Typically hackers are from Russia, Vietnam, Malaysia, the Philippines, Bangladesh, and Pakistan.
Now, thanks to spending limits if you have them set, there is no way a hacker can spend ALL of your money in just a few minutes (if you have spending limits set up that is, if not, think about doing this). BUT, often hackers use a daily budget, and let’s say your spending limit is $10,000 a month or something, hackers could blow through that in a day. So how do you stop Facebook from spending all that money FAST?
You have to think even quicker, and pause the BS campaigns the hackers have created. Make sure to screenshot them as well, for Facebook – or if you’re working with someone like me who worked at Meta. We need to see that data to help you.
What may end up happening is after turning off an ad, ad set or Campaign, 2 minutes later, the campaigns may be enabled again, and you get into a “click war” between yourself and the hacker, as the hacker keeps turning on the Campaigns or ads you’ve turned off, that are running spammy ads.
How do you fix this?
You’ll want to immediately navigate to the activity history in one of the ad sets, and find out whose Facebook ad account keeps re-enabling the campaigns:
That will open up the side panel on the right, and from there you can identify both the ad set ID and the “Changed By” field person taking the actions on your ad account. This lets you identify if you’re making the changes or if you are dealing with a Facebook ad account hacked:
If the “Changed By” field has names or people you don’t know – especially names that sound like they are from Pakistan, India, Bangladesh and other countries in that area – then you have definitely confirmed you have to face a Facebook ad account hacked.
Facebook Ad Account Hacked: Changed By
Check for other spenders on your account
By now, if you’ve done your due diligence, you should have a definite answer using the above steps on if you are actually hacked. You’ll see the name of the hacker in the “Changed by” fields in the Account Activity section. I’d suggest also using the Ad Set ID there to search your Campaigns so that everything comes up that’s being hacked into for that account.
You can do this by using the “Search and Filter” field at the Campaign level of Ads Manager, and entering in the Ad Set ID you found on the Account Activity section:
Being hacked isn’t the only issue ad agencies face, many times it’s just silence from Facebook when trying to get clear on what exactly has broken Facebook’s rules and how to get it compliant.
If you need help rewriting ad copy to be compliant with Facebook I offer a prescreen service – book a discovery call here.
Facebook Ad Account Hacked: Reporting
The next logical step is to reach out to the company itself and explain your situation and report what happened.
Reporting a hacked ad account to Facebook
When you attempt to reach Facebook, prepare for another bill: your therapist.
That’s because Meta makes it super hard to reach a real person, and when you do, you have to ask, based on their dumb repetition of every thing you say back in the chat, “How did you discern your ass from a hole in the ground?” #facts
Facebook Ad Account Hacked: Reality of FB Ad Support
Now, there is a specific way you can improve the ability to get a human, based on pre-selection fields, and how you talk to them. But keep in mind, these are barely above sweat shop workers who have never paid any bill using revenue from successful ads.
To speak to someone at Facebook would be very helpful.
I have to break it to you, the solution isn’t going to just be getting ahold of a human at Facebook, due to the level of incompetence you’ll experience. At the same time, depending on how severely you’ve been hacked – like your computer was hacked? Or just your ad account? Or was your website hacked too? Or damn, all 3??! – you MAY be able to get some of the funds spent refunded from Facebook.
How long did Facebook take to reply?
On average it takes a business week, Monday-Friday for Facebook to get back to you if you’ve emailed them. On Facebook Ad Support chat you’ll speaking in real time with someone. You just don’t know if you can trust anything they say, as 99% of what they tell you is literally a random guess, by someone paid as much as a McDonald’s burger flipper. And tbh, sometimes you won’t hear back for a month, or longer, or never.
How Facebook responded to my hacked ad account
Surveying clients I’ve worked with, who came to me after being hacked, on average, if Facebook DOES reply, about 60% of the time, sometimes 70% depending on Facebook’s backlog, you’ll get a refund. But you need to continue checking your ad account for any outstanding balances, as one hand at Facebook doesn’t know what the other does.
I remember working in ads at Facebook and an engineer wrote a piece of code that accidentally shut Facebook down. We literally sat in the dark – because the AC also wasn’t working and it was summertime – and did nothing for hours until ENG fixed the error.
I say that to say this: often Facebook ad support agents will tell you ONE thing and DO another, or not do ANYTHING, being outsourced without benefits. And most are poorly trained. So CHECK your outstanding balance and keep emailing them until it goes away.
Facebook Ad Account Hacked: Next Steps
Before even contacting Facebook Ad Support on chat or email, you have something you need to do first for the ad account and Pages and Business Managers.
Facebook Ad Account Hacked: Take Immediate Action
After locating in the activity history the name of the hacker, go into your Ad Account roles, and remove them. Go into your Facebook Business Manager, under the Business Settings People tab and remove the hacker(s). Go to your Facebook Business Page settings and remove the hackers there too if you see them there.
Facebook Ad Account Hacked: Do’s
Report the Incident
While Facebook ad support may be as pleasant as a Greek Tragedy, they CAN help, marginally, but if you never contact them, or are never successful reaching a person, and ONLY use email, instead of chat as well, then your chances are even slimmer. So make sure to cover all ways to contact Facebook, through email, chat and not leaving their comments unreplied to.
It’s for your records, legally as well, depending on the amount of money lost, you may have legal options to contest their lack of action – but if you never tried to report the incident then you are @#$%&!ed. At the very least report it and document, and screenshot your conversations with Facebook.
Facebook Ad Account Hacked: Protection
Let’s talk about a few ways to protect yourself once you have been hacked.
Facebook Ad Account Hacked: Steps to Protect Yourself
The first thing I would do if I were in your shoes – and I got hacked a few years ago – is change your email passwords that are associated with your Facebook profile that created the Facebook Business Manager and Facebook Business Page.
Next up – audit who is on your Facebook Business Page and Facebook Business Manager, and remove anyone you don’t know ASAP. Contact your bank, remove the credit cards associated with your ad accounts.
Now – you don’t want to BLOCK the charges from Facebook, even if they are from spammers. This will piss Meta off. Instead, simply remove your credit or debit cards from the Facebook Business Manager, and if you can’t, then cancel them.
But don’t fill out a dispute charges form, because if your bank kicks back either a Facebook preauth charge, or an actual ad charge – versus trying to charge a canceled card – then Facebook will assume you are trying to run ads for free and not pay for them, and come after you with a vengeance, ignoring that you are hacked.
Your options will depend on your bank, I’ve found Federal Credit Unions are usually the easiest to sync with Facebook.
Tired of reading and just want a solution to get your ads live and spending money again, to bring in revenue? Schedule a no-cost discovery call here
Note: These discovery calls are for businesses or ad agencies only, not for non-advertisers who just use Facebook for recreation
Facebook Ad Account Hacked: Figure Out Whose Account Was Hacked
May seem redundant, but if you HAVEN’T figured out WHICH ad account was hacked, you are at a much greater risk, because you could be quarantining the wrong account and if you’re not quick, you could end up with a stolen identity issue you’d need to report to local authorities, not just a Facebook ad account issue.
Facebook Ad Account Hacked: Delete the Hacked Account
As fast as possible, you want to restrict access for the hacked account. Do that by going to your business settings, clicking on “People,” and clicking the trash can next to your ad account to remove their access:
This should be enough to help put out the fire of having a hacker in your ad account, at least, it should buy you some time to continue securing your ad accounts.
Securing Your Account
After you’ve identified which ad account was hacked, changed your email password, removed the hackers as best you can from your Facebook Business Manager, Facebook Business Page, and from any role on ad accounts in the Facebook Business Manager settings for ad accounts, and chatted in to Facebook ad support and have a live email correspondence, only then would I suggest using the self-reporting tools to report your Facebook ad account as hacked.
If you, in a panic, read some bullshit online and rush to use the link: www.facebook.com/hacked
Guess what genius move you just did? You removed access from yourself to actually chat into Facebook ad support. If not right away within a short period of time, Facebook, seeing the self-snitching you did on your own ad account, will revoke access to all support links.
Because…if you’ve been hacked, then the hackers have control of your accounts – and why would Facebook allow hackers to chat into their support lines?
As common sense as that seems in hindsight, when your blood pressure is up, and some @#$%hole is spending your money like they won the dang lottery, you are desperate for a solution – but you about to shoot yourself in the foot. I just hope you found my blog before clicking that link.
Final tips on securing your facebook ads account
Here are the 3 most common ways you get hacked:
Facebook Ad Account Hacked: Pop ups
1. Pop ups
Yes, you may be surfing porn and click on a pop up, or you may have clicked a Google Search result link when looking up something and it went to an unsecured site that uses only Http instead of Https – or it has an expired security certificate.
Or, it is a fake website with a small misspelling that LOOKS similar to a legit site, but actually is a misspelled version of the same website URL.
Facebook Ad Account Hacked: Fake Emails
2. Fake emails pretending to be Meta
While this has been going on since Nigerian Princes first started email scams (I was one of the first people to get these emails and had to talk to the FBI about it), recently, the @#$%&!ing spammers have been in OVERDRIVE on the fake-from-Meta emails:
Ok, so, first of all ANYONE can edit the “send from” name on an email domain. Wendy’s fast food chain could make their “send from” name be “Burger King”@Wendys.com. Just because it SAYS “Meta Business Support” DOESN’T MEAN IT IS!!! C’mon guys! You see that junky-ass “no-reply-inbox-73v26” crap THEN the “@mindz-agency” domain?
It is soooooo obviously a spammer! Now, I will admit, these hackers were clever by using what LOOKS like a legit Facebook link. Most likely it’s like a bitly disguised site, or a PICTURE of a legit FB link URL, but the actual file is a JPG, JPEG, PNG that is HYPERLINKED on the BACKEND just like I can hyperlink you to…NBA stats here. EXCEPT – they are hyperlinking it to an image like this:
See? This is how they trick you – looks like one URL but goes to another site
I linked the above JPG image of NBA Season Leader stats to my Ad Guides page on my site. But if you see that image in an email, you think it’s an actual hyperlink, when REALLY it’s just an IMAGE of a LEGIT link, you may end up clicking on a hyperlinked image to a site that will steal your info.
Now the above link IS safe because I just linked it to my blog which you’re already reading. Just want to give you a precise example of HOW these @#$%&!ers do it.
The only legit emails actually FROM Facebook are “@facebook.com,” or “@meta.com” or even “@Facebookmail.com” – you’ll see the last one for Facebook Group update emails, like from:”[email protected].”
Now, knowing this, take a look again at the first screenshot of that fake email – can you see how easy it is to identify this as a hacker email? That scammy email address is obv NOT from Facebook / Meta. So, protect yourself and check the server after the @ sign from any email that feels off, and appears to be sent from Facebook. DO NOT CLICK ON ANY LINKS BEFORE CHECKING THE EMAIL ADDRESS!!!! Whew! I hope that helps. Now, for the last and most recent spam hack attempts:
Facebook Ad Account Hacked: Fake FB Messages
3. Fake Facebook Messages To Facebook Business Pages Inbox
This shit is annoying af, I’m not going to lie. I have over 17 Facebook Business Pages, and these fools hit me up ON THE DAILY! I’m trying to run a business here, and these hackers come at me nonstop. I just feel like Michael Scott…
Let me show you an example of one of these hacker messages on Facebook Business Page inboxes, and what they look like, pretending to be Meta:
Let me destroy this for you right now:
It is CLEARLY A HACKER: First, notice the URL preview below the image of “Meta AI.” It says “update-poliiicy-me.ta-now,” are you really going to take that shit seriously?? The URL itself below that IS SELLING TICKETS!! “support-ticketsconfirm” is not an actual website, and actual websites are WHAT IS BEHIND THE SERVER IN EMAIL ADDRESS @ SIGNS.
You have NEVER gotten an email from Meta or Facebook with an @support-ticketsconfirm email. But hey, if you didn’t look before you clicked…welp..I mean…you look before crossing the street right? This is the same for crossing the internet highways.
I’m more pissed off AT these hackers than anything else. It’s frustrating how much they inundate everyone with fake messages. Sigh. Ok. Continuing on to destroy this hacker message:
Facebook ALREADY changed it’s parent company (like Alphabet over Google) in 2021, so, this shit, sent in 2023, saying:
“Copyright © 2023”
is TWO YEARS OUT OF DATE!!!
RED FLAG RED FLAG 🚩 🚩 🚩
If Facebook was REALLY sending you a message, this is what their signature looks like which you would have seen in EVERY ad receipt email ever sent:
So..sorry not sorry for pointing this out, but, like…you should be familiar by now with the real emails Meta / Facebook sends. The type of signature the real emails use, the email addresses they are sent from, and the fact that…Facebook does not ever ever ever ever need to copyright a damn Facebook message ON THE PLATFORM THEY OWN!!!! JEEZ!
LET ALONE the fact that ALL FACEBOOK COMMUNICATION (outside a direct Facebook Ad Support Chat that is currently live) is through the Support Inbox – not random facebook messages!
If – after the Facebook ad support chat ends – you get a random Facebook message from someone pretending to be Meta or Facebook RED FLAG 🚩 🚩 🚩 !!
This shit should be obvious. But I get it, you see the fake Meta logo, a threatening message, you’re worried about losing money from a ban and click – but now you’ve entered a world of pain because clicking on their fake links get you hacked.
And like I said folks, I’ve been hacked – clicking a website that looked legit that immediately hacked me – so it can happen to the best of us. I just hope you’re taking notes, because there isn’t ANY other article as extensive as this one on dealing with a hacked Facebook ad account.
TLDR: Stop clicking on @#$%&!ing random links in your email, on scammy websites, or to scammy websites, and stop clicking on pop ups that look fishy. Check the @ server for emails, make note of the legit Facebook emails I provided above and protect yourself.
Facebook Ad Account Hacked: Accountability
Almost lastly: Facebook is a social media site that sells ads on their private website, it is not a public school where you have rights endowed by a state or governmental authority. Facebook is not a cybersecurity company.
So getting self-righteous on how Facebook “let this happen” and “should fix this for you” – you let this happen too but not paying attention. And you jeopardized thousands of other Facebook users by not proactively protecting yourself with cybersecurity or easy-to-guess passwords.
I know I know, them are bitter sweet words to hear. But if you want a solution, keep reading. If you want to feel sorry for yourself, I mean, you don’t need me for that. I just want to point out that having unrealistic expectations like expecting a social media site to suddenly change into a cybersecurity service FOR FREE for you is just a recipe for disaster and disappointment.
Facebook Ad Account Hacked: The Truth
Truth be told, even if you’re doing every best practice I mentioned, and actually paying attention, sometimes you can just be victim of a massive cyberattack. Like when several US federal government agencies were hit in a global cyberattack by Russian cybercriminals who exploited a vulnerability in widely used software.
And even if that is what happened to you, it still doesn’t change Walmart into Target, the NFL into the NBA, or Facebook into your own personal cybersecurity company, that will unhack your website, ad account and Facebook Business Page. You need experts for that – more on this later.
Facebook Ad Account Hacked: Help Stop the Hackers
Also, if this pisses you off as much as it does me, report these fools TO Facebook for having a fake name and BLOCK them from your Page. Or simply turn off messages to your Page unless you have chatbots that have high conversions through chats – then create a if-this, then-that flow to block this type of account.
Facebook Ad Account Hacked: Cybersecurity
It should go without saying that you need cybersecurity. Hiring a cybersecurity company should be on your #1 list of things to do this year because the hackers are literally staging a hackapolypse these days.
The problem is, who do you trust? Hackers will even create fake cybersecurity sites to trick you into trusting them with log in info.
Here are couple of companies one of my clients recommended:
1. LiquidWeb and
2. Cyberunit
Now, I can’t speak for these personally. If you want my top tier reccs after we’re working together, I’ll share some info on the company I use and trust. The hackers attack my blog on the daily and try to put spam links on every article, and I have to block them, so I’m not revealing this info publicly. But, if you become a client I’ll help you out there too.
Facebook Ad Account Hacked: Get Facebook Ads Live
You made it this far in the article? Congratulations. It was a beast to put together, I’ve been working on it for over 7 hours to provide a legit resource for you, since I haven’t found anything this in-depth online yet, and definitely not from Facebook or someone like me who worked at Meta. You want to get your Facebook ads live again? Keep reading:
Facebook Ad Account Hacked: Need more help?
So, the hard reality that Meta and Facebook ad support won’t tell you and no other article online will share (unless they’ve copied this article after it’s published) is that Facebook does and will quarantine hacked accounts for the safety of everyone else on the platform.
If you have a Facebook ad account hacked, the odds are not in your favor of recovering it, because it’s a tainted asset. Facebook will shadow ban you, and suppress reach even if they restore your hacked ad account.
Because, why should they allow a compromised account jeopardize literally everyone else on their website?
If the hacker STILL has a backdoor into YOUR website (and ad account), and you HAVEN’T hired a cybersecurity firm to REMOVE THE THREAT, and protect your site on a regular basis, you’re telling Facebook, “I don’t give a damn about my own security or any Facebook users on the platform.”
Do you think Zuck wants to go before Congress AGAIN and explain “what a Face Book” is? All the bad PR Meta would get for allowing security threats to proliferate ANOTHER Cambridge Analytica is insane in scope.
It’s big picture time folks: think about the risks that a hacked account puts not just individual users on the platform but the value of Facebook’s stock, and public image. But, no worries, I got you. If you need to get Facebook ads live again, I do have a solution.
Learn more
I hope you’ve found this article helpful on how to navigate the stormy waters of having a Facebook ad account hacked.
I’ve created a lot of helpful guides on my blog, but nothing beats hands on guidance for avoiding shut downs from someone whose worked at Facebook for years.
Note: If you do not run ads on Facebook and are just trying to recover a personal profile for NON-advertising purposes, you will need to look elsewhere for help.
BUT if your goal is to get Facebook ads live again after getting a restricted ad account or a restricted Facebook Business Manager, then keep reading as there is a solution to this.
Facebook Ad Account Hacked Solution
Ad agencies: tired of getting the silent treatment from Facebook when all you want to do is get your Facebook ads live and revenue in the door?
If have been hacked, and your goal is to get Facebook ads live again selling your product or service and Facebook won’t help – I can get you results when Facebook won’t say a word.
I’m a Facebook ad policy specialist who worked at Facebook and I’m trusted by high level brands that take accuracy and results seriously.
I can show you how to resolve FB bans even if Facebook ad support is useless to resolve ad account restrictions.
Don’t lose any more money from Facebook bans and schedule your call with me now.
Don’t take my word for it, let my clients tell you what it was like working with me:
It shouldn’t be a mystery on what to do to recover from a ban. I strive for customer satisfaction, being a business owner myself.
My clients have included the social media marketing agencies of Tony Robbins, Harv Eker, and Dean Graziosi. How much is it costing you to have a disabled Facebook ad account? Talk today.
I’m featured on the Queen of Facebook Mari Smith’s Marketing Essentials Course.
If you want to skip the line before this offer ends, immediately secure expert-level Facebook consulting. Book a call with me now!
If you’re ok with waiting a bit longer, and entering the waitlist to see if you’re eligible – Schedule a call or contact me via email.
Free eBook: Top 5 Reasons Agencies Fail at Facebook
My account did not login I don’t use anything post or comments against community guindness