Facebook phishing attacks are getting crazy. These hackers continue to create more and more creative tricks to get page owners to hand over their login information and even their financial information. I’m an admin for several dozen of my clients’ Facebook pages. I see fake Meta warnings about scheduled page deletion or suspension and violating community standards on nearly a daily basis. Unfortunately, one of my website clients was the victim of one of these phishing attacks. They stole his credit and debit card information and made multiple charges to his accounts. Luckily, he caught it quick and minimized the damage but this stuff is getting scary. Especially for new page owners who might not pick up on these clever scams. So let’s look at what these phishing attacks look like and how we can prevent them.

Click Here To Schedule a Free Consultation

How does the attack happen?

‘The attackers start by sending a message, sometimes in an email and more recently through Facebook messenger. The message can claim several different things like “Your page is scheduled for deletion because it violated our Community Standards” or some variation on this message.

The Facebook messenger message below has a similar message. The Facebook messenger message below says that we need to “Important announcement from Facebook.” Notice that the icon being used is the Meta logo. These messages will all claim to be from an official Meta support person or Facebook Support team.

facebook phishing attack in messenger

Then, regardless of what type of message it is, these messages always have links. The attackers will have a link in the message that they say allows you to “Appeal the Violation of the Community Standards” or in this case, “Request for Review”. When you go to this link the attackers will have a form for you to fill out with your personal information or they may ask you to log in to your Facebook account. These forms or login are fake and the attacker will capture this information to access your accounts.

With a form like below, they will ask for your contact information, take this information (like name, email, phone number) and contact you pretending to be from Meta. They will then try to get more information from you such as login credentials or even payment information if you have ad accounts.

fake meta form

How do you avoid these phishing attacks?

Look closely at the URL.

If the URL doesn’t start with facebook.com then it’s not a legitimate link. some links may have Facebook or Meta in the link but the root domain must start with facebook.com. No other root domain will be real.

Never Click an Unknown Link

Never click a link from a message or email unless you are 100% sure you know the sender. It doesn’t matter how professional the email looks. Do not click on links that you have ANY question about.

Log in to your Account

Log in to your account instead of trusting a link. You will see notifications inside your business page or in your business manager if there are actual issues with your page or account.

Never Share Information Online

Don’t share your personal or business information online. Ever! Facebook or any other social network will not ask for your personal information. They already have it! The pages and forms will look very professional and often are exact replicas of pages inside of Facebook. Don’t be fooled.

What to Do if You Fall Victim to a Phishing Attack

Change Your Passwords

Immediately change your Facebook password and the passwords of any other accounts that share the same or similar credentials. Use strong, unique passwords for each account.

Check Account Activity

Review your recent Facebook activity. Look for any posts, messages, or changes you didn’t make. This can help you understand the extent of the breach.

Alert Friends and Family

Notify your contacts that your account was compromised. This is crucial as scammers may try to impersonate you or send malicious links to your friends.

Report to Facebook

Use Facebook’s reporting feature to inform them of the phishing attempt. This helps them take actions to prevent further scams.

Scan for Malware

Run a full scan on your device with a reputable antivirus program. Malware is often used in conjunction with phishing attacks. ESET is my go to antivirus and malware scanning program.

Contact Financial Institutions

If the scam involved financial information, contact your bank or credit card company immediately to alert them of potential fraud.

Document Everything

Keep records of all communications related to the scam. Tale screenshots of any page you visit, copy messages and emails from both attackers and Facebook or Meta. Be sure to keep track of any communication you have with your financial institutions if necessary. This can be helpful for any potential legal or recovery processes.

You want and need to have your business online. Facebook is one of the best places online ot get exposure for your business. However, this comes with the risk of hackers trying to steal your information and damaging your buisness page and possibly your personal profile. Follow the advice in this article, stay on top of the latest risks and safety practices on Facebook and any other platform you have presence. This gives you the best chance at having a great experience with your business online.

I hope you found value with today’s post.

If you did, please leave a comment and share with your fellow digital marketers.

To Your Success!

Steve Stark
Follow us on Facebook