As a Cyber Liability Insurance provider, we have seen many companies targeted by Facebook scams. This has resulted in data loss, ransoms, and other issues that can affect the account owner and the business. Understanding the signs of a potential phishing scheme is important to prevent access to your accounts.
Chances are, you have received an email or notification from “Facebook” at some point that didn’t look quite right. That’s because it was most likely a phishing scam designed to get access to your accounts and other areas of your business.
Currently, the most common Facebook phishing schemes:
- Fake Copyright Infringement Notices: Scammers trick users into believing their content violates copyright laws to steal login information.
- Impersonation of Facebook Officials: Fraudsters pose as Facebook staff to extract personal or financial information.
- Malicious Links in Messenger: Sending harmful links through Facebook Messenger that can compromise user security.
- Fake Friend Requests: Used to gather personal information or spread malware.
- Ad Scams: Promising products or services that don’t exist to defraud users.
The Facebook Policy Infringement Scam Script
Copyright violations are being sent in mass emails to users, like the one we received below in May 2022. The goal is to steal the login credentials of the users.
A closer examination reveals that the con isn’t all that clever. There are warning indicators at every step. What matters is that you remain calm and aware. Even the most cautious people might be led down dangerous pathways by panic.
For starters, the email From: field is from messaging-service @ post.xero.com, not from Facebook itself. This is an immediate red flag.
This was the email we received, but you may see variations on this theme:
They direct you to a URL where you can contact Facebook Business Support. If you do, you will be directed to a bogus Facebook fan page called “Facebook Business Support.” If you look closely, you’ll notice that the letters in the name aren’t English. Moreover, this is not the authorized website for the Facebook Business Help Center:
The scammer will request sensitive information such as login passwords. Scammers/hackers will get their hands on the information you provide. As a result, they have access to both your Facebook account and your fan pages. They might even exploit the information for other plans, like identity fraud.
Other Versions of Facebook Email Phishing
As scammers evolve, so do their methods. While email is still the predominant medium, there are variations of the messaging they use to gain access. Other versions include:
- Violation of community standards
- You have been removed as an admin of a business page
- Your account was logged into from a new location
- Your account was disabled for security reasons
In each case, the email will contain a link to reset your password or login. This will be used to gain access to your accounts.
From there, hackers & scammers have used compromised accounts to impersonate and reach out to friends of the account owner and ask for money. For business accounts, some hackers have even setup new ads sending traffic to another page containing phishing schemes. They also run up the daily ad spend to $7,500 a day on your payment method.
If someone gains access, it can harm you and your business data no matter how they do it. The security breach can have serious consequences. Make sure to protect your account and data.
How to Avoid Phishing Scams on Facebook
- Be patient and avoid panicking;
- Verify the sender’s email address prior to clicking on any links in emails. For instance, it’s improbable for Facebook to send alerts from non-Facebook email domains;
- Watch out for strange characters, mistakes, bad grammar, and spelling errors in emails. Be cautious of messages with these issues.
- Did the email start with Greetings? Almost no one writes like that, especially a huge corporation. This is a red flag.
- Always log in to your account using the app or by typing the URL directly into your browser. Don’t click on any links, even if you think you got a real violation notice.
- For assistance, contact Facebook directly. Instead of using links provided by others;
- Use caution when sharing personal information. Please don’t post it on the internet or even through email!
- Avoid clicking on links from unfamiliar sources. Verify prior to making any move!
Expert Cyber Liability Advice from Wedgwood Insurance
We’ve seen Facebook scams before and are here to provide guidance for cyber liability protection. We protect more than just Facebook scams. We protect various parts of your business that are at risk. We also provide services to help your business recover and resume operations.
There’s more to insurance than the price of the policy, and Wedgwood goes above and beyond for our clients with expert advice you can trust. But don’t take our word for it – there’s a reason we’re Newfoundland & Labrador’s most trusted insurance broker.
With over 200 Google My Business reviews, come experience the Wedgwood difference with expert advice from our dedicated team. We ensure that every client has the coverage that best suits their needs through upfront complimentary consultations and midterm reviews.
Please note this blog post is for information only. As an insurance broker, we are unable to assist with account access.
