A client of mine forwarded me the following email:
Your pаgе “[Redacted],” has been flagged for violating Facebook’s Page Terms and Conditions, resulting in a restriction or unpublishing of your page. This means that while you can still access your page, others may be unable to view your posts. Additionally, you will not be able to create new posts or add new administrators to your page. If you believe this is a mistake, please use the following link to submit an appeal:
The Facebook Team.
The client and I were both confused as to what the issue could be. I was slightly suspicious at first, but I hovered over the link and, sure enough, it went to a facebook.com URL. “Okay, I thought. “Looks legit, and Facebook can get things wrong sometimes, so let’s check it out.”
“Раgе Наńdlе Сеntег?” A name like that, and a mark over the N? Come on.
The very recent timestamp on it should have been a flag for me.
The wording: “Note: If we do not receive an appeal within 24 hours from your account we have to respect the decision mentioned above!” Terribly worded, and an exclamation point at the end. Not the kind o thing Facebook would write.
I also immediately noticed the space after the period. Very sloppily written, overall.
The kicker, though, is the URL for the form. But if you’re not used to seeing these sorts of things but you already verified that you’re still on Facebook, you might just skim past the form’s URL.
The notification was also very vague.
The Facebook Phishing Scam
If you click it, this is the page you’re taken to:
Looks very much like a Facebook help page, does it not? Complete with Meta branding.
The big red flag here though? The message at the top doesn’t even mention copyright violation. I did think it odd, as did my client. I filled it out with fake information to see what would happen, and lo and behold, you’re presented with a popup asking for your email address and password.
Cleverly though, it doesn’t take the password at first, which acts as either a verification or a way to get people who think, “Oh, well maybe I used a different password, so let me try another one.” And just like that, the ne’er-do-wells have two of your passwords.
It accepts it the second time, but then it takes you to a page that asks for an authentication code along with a timer telling you to wait, which gives the hacker time to log into your account. This is also a known fake because you can input literally any digits and it will accept it.
Once you’ve given the hacker the keys to the kingdom, you’re redirected to an actual Facebook support page, none of which has anything to do with anything you just went through.
After going through the process I went back to the initial page again. Clicking the name of the page takes you to a sparse Facebook business page. Zero reviews, no real information, and why would Facebook’s copyright infringement team have a page like this set up anyway?
I decided to write this article because I noticed someone had commented on the page asking why they got a violation notification, so I figured a lot of people were getting hit with this.
What to do if you got phished on Facebook
If you have fallen victim to this scam, here’s what you should do. Do it immediately. If you’re being targeted for this, you have a business account. A hacker can change the password, kick you out, and ruin your personal and business accounts. If you’ve got an ad account tied to it, they could use your credit card to run their own ads. They could sell your login information. They could access other websites if you use the same password for everything. If it sounds scary, it is.
Immediately change your Facebook password
In Facebook, click your face then click Settings & privacy, then click Settings.
Click Security and login.
Under Login, click Change password.
Change your password. Make sure it’s not either of the passwords you gave the hackers a few minutes ago. Make it a good, secure password.
Check where you’re logged in
Just about the link to change your password is a section called Where you’re logged in. Click the See more link and review all the places your account is logged in.
If anything looks unfamiliar, especially if it’s timestamped any time after you got phished, click the three vertical dots on the right and click Log out.
Change your other passwords
If you’re someone who still uses the same password for just about every app or website you use, change all your passwords. You could use a password manager like LastPass.
Whatever you do, make sure you definitely change the passwords on any accounts you have with the email and password combo you accidentally just gave away.
How to avoid getting phished in the future
We already outlined a lot of the red flags when it comes to phishing scams above.
- Unprofessional writing
- Poor use of punctuation
- URLs that are not associated with the company it purports to be from
- Password prompts
- If things just seem off or you’re not sure why you’re getting the notification, don’t click it
If you’re suspicious of an email or a notice you received, hold off on taking any action until you’ve talked to someone who might know better about it.
While we’re not cybersecurity experts, we’re pretty good at sniffing these things out so you can run it by us at no charge if you’d like. You can contact us by any of the social media or contact links at the top and bottom of this website. We just want to do our civic duty and keep hackers out of your business.
We’ll let you know if we can’t quite figure it out, and we’ll be glad to pass you along to some actual trusted cybersecurity experts we know if you need professional help preventing or recovering from a cyberattack.