We wanted to share a recent Facebook email phishing scam with you that was attempted on one of our clients. The scammers really upped their game with this one, and we just wanted to bring it to your attention and walk through how to see the signs of a scam before it is too late.
The scam:
You receive an email regarding a Facebook page that you’re responsible for that says, "Your page has been restricted because it violates one or more of the Facebook Terms. You must deal with this immediately." The email contains a legitimate Facebook link that will take you to a legitimate Facebook page (but the page actually belongs to the scammer).
The scammers are hoping that you’ll panic and won’t notice any of the small red flags, so that you'll just click through.
Once you are on their Facebook page, they’ll provide a message on how to fix these restrictions by clicking on a second link. This is the real scam link that will allow them to access your Facebook page or account, where they can start doing unfortunate things like deleting admin access, or adding unwanted content.
Things to watch for:
Check the ‘from’ email address: Is it from [noreply or admin]@Facebook.com? If not, then it’s probably not legit.
Ours didn’t include this, which was the only indication in the original email that it might be a scam.
Are there spelling errors? Usually, this is the biggest red flag.
Our email had perfect spelling and grammar. Someone was paying attention in class.
Did you receive any notifications within the Facebook app? This would be the first place for any warnings to appear.
Again, we didn’t receive any.
If you spot it:
DON'T CLICK ON ANYTHING. You could lose control of your page. And no one wants scammers running unrelated ads or posting unwanted content.
If you do lose access, you may eventually be able to regain control by contacting Facebook directly. This takes time and by the time it’s rectified, the damage could already be done with your followers/customers.
What to do if you clicked the second link or a dodgy link (Facebook):
Open a new browser window or tab and go directly to Facebook login and reset your password. (If you can set up 2 factor authentication as a precaution).
Go into your ‘Settings’ and check ‘Apps and Websites’, if there is anything you don’t recognize, remove or delete it. This is one of the ways others can gain access to your account.
After resetting your password, review the people who have admin and publishing access to your account(s). Anyone you don’t recognize? Limit or delete their access.
Notify any agencies that you are working with that this has happened and get them to check over the accounts, too.
Our advice:
If you are worried about any email from Facebook or any platform saying there is a problem, the best bet is to leave the email alone and just go directly to the platform in a new browser window and see if they have sent you a message in-app.
Remember: don’t panic! Go directly to the trusted source for the real facts and cut out the link intermediary.
Be safe out there!