The latest Facebook scam to hit social media is designed to trick business and organization page admins and other users into sharing their login credentials with scammers. For governments, the impact of losing admin control of Facebook accounts can have serious ramifications. These types of phishing scams certainly aren’t new, but this one is particularly tricky. Here’s everything you need to know to spot it and protect your account.
How It Works
You receive a notification that appears to be from Facebook (Meta) indicating that your page has been disabled (something along the lines of: “Your Page Has Been Disabled”). When you click on it, you get an explanation about why this may have happened, including notes about violations such as sharing misleading content, using photos that are not yours, or sharing offensive content.
When you take a closer look, you’ll notice that what appears to be a notification is actually a post from a Facebook page created with the name: Your Page Has Been Disabled. The post is either posted to your personal page by a hacked or nefarious profile or posted elsewhere tagging you personally or tagging your organization’s business page. The tag makes it appear in your notifications (or in the Social tab of the Social Assurance app). When you click the notification, you’re taken to a post that actually looks like it could be a notification directly from Facebook/Meta–making this scam especially tricky.
The post includes a link to a page that asks for some of your personal information in an interface that closely mimics Facebook’s colors and design, so you think you’re providing your info to Facebook. The prompted information typically includes your account’s login information, but can also include personal data, passwords, and other sensitive info.
If you click on the name of the page, which in this case is usually phrased as a notification might be, you’ll find an actual page that’s been set up under that name. The profile picture is a common flag graphic or warning icon (adding to the deception that this is a notification rather than an actual page). You may be able to see other posts that the fake account has published tagging other individuals or businesses similarly.
Here’s an example of what the messages used for this Facebook scam can look like.
How You Know It’s a Scam
1. It’s not actually a communication from Facebook.
Look closely and you’ll see that you’ve actually been tagged in a post, not that you’re receiving a notification. The name of the account tagging you is posing as verbiage for a notification.
2. You’re tagged.
Facebook/Meta will use a standard notification window to inform you of something like account status–not a post–which means you won’t be tagged. Other people/organizations will also not be tagged in these types of notifications.
3. Typos, incorrect grammar, and awkward language.
Regardless of platform (social, text, email), typos and spelling/grammar errors are a huge red flag that you may be being targeted by a scammer. Proceed with caution.
4. Urgency.
In addition to incorrect language and conventions, urgency is another red flag. Scammers often create urgency that forces you to make a decision or click on something quickly in hopes that you will act without thinking things through.
5. Links that aren’t quite right.
Note that Facebook will typically use buttons to prompt users to click something as opposed to imbedding links. Look very very closely at links and avoid clicking them as a general rule. Scammers often use links that inverse a couple letters or are just slightly off so, at first glance, they look legitimate.
It’s important to note that Facebook/Meta sometimes does disable accounts, namely those acting in violation of the platform’s Community Standards. When this happens, users will see an in-app or in-platform notification like these.
What To Do
First, avoid following any links. Second, untag yourself or your organization from the post. Third, report the post as spam and ask other members of your team to do the same. To do so, simply click the flag icon at the bottom of the post and follow the prompts. Note that more flags/reports on a post will increase the likelihood that Facebook will respond to the nefarious activity and remove or hide the post.
Protect Yourself
As a best practice, it’s important to consider the level of access to your social media accounts and who, across your organization, it’s provided to. Securing your accounts with systems and processes that relegate access permissions through a central platform can help ensure that individuals across your team have only the access level they need–keeping your accounts inherently safer. This makes it easier to implement policies, protect your accounts, and ensure that those who have access are in the know about scams like this one.
Interested in learning more about centralizing and securing access to your accounts? Social Assurance can help. Our social media management platform is designed specifically for governments and organizations operating in regulated industries –helping you create, publish, and monitor marketing content–including direct integrations with all major social media channels–securely and compliantly. The platform also allows admin-level users to assign tagged posts like these to someone specific within your organization for follow-up, ensuring that users with rogue access don’t follow nefarious links and submit sensitive information. Reach out to info@socialassurance.com or follow the link below to submit an inquiry.
Schedule a Demo