Anyone who’s tried digging through a website for a customer support number knows how hard it can be. Finding the number isn’t always a solution either: Half the time the lines are automated or you find out you called the wrong one for your particular needs.

How do you find the right support line then? Turn to Google. NPR did just that for Facebook and it found a startling result: The top hit is a scam.

NPR went on to report that Facebook and Google were both aware of the problem and were taking steps to correct it. Neither, however, says it knows how the number got to the top of search results.

Why customer support scams matter to tech professionals

The fake Facebook customer support number didn’t appear overnight: It’s been popping up on Facebook pages and in search engine results for over a year and they’re targeting other websites too.

Facebook should have known about the scam–and reported it to the public–as soon as it appeared. That it didn’t shows yet again that data security’s biggest flaw isn’t systems: It’s people.

SEE: A visual map of emerging cybersecurity trends (TechRepublic)

One of two things happened: Facebook knew about the problem and did nothing, which put its customers at risk, or it didn’t know because it’s been lax about how its site shows up for various Google searches. Neither is acceptable.

Cybersecurity isn’t self-contained. It’s a web of risks and pitfalls that extends down to the lowest ranking person in an organization. Facebook might not be directly responsible for this kind of scam, but it enabled it.

Covering all your bases

It can seem like busywork to audit every little bit of organizational cybersecurity, but it’s necessary. That includes regular audits of search engine results that come back to your site. Any suspicious results should be reported to Google immediately, and it’s not a bad idea to release an official statement as well.

SEE: Experts predict 2017’s biggest cybersecurity threats (TechRepublic)

A good security audit involves examining every single point of contact your system has with the internet, search engine results, and especially humans. It takes a lot of effort and skill to hack into a properly secured server. It’s much easier to scam someone into giving out sensitive data.

This latest Facebook-related scam is small, but it contains an important lesson about security: There are holes everywhere, and if you don’t find them someone else will.

The 3 big takeaways for TechRepublic readers

  1. NPR reported a new Facebook scam involving a false customer service number being the top Google result for Facebook support.
  2. The scam is another reminder of security risks: Even Google results can be turned against an organization.
  3. A comprehensive cybersecurity audit includes examining search engine results. Make sure they aren’t being overlooked.

Also see