If your brand has a Facebook Page, beware.
A scam has been going on for a while now where scammers pose as a Meta policy enforcement department and sends phishing emails, in an attempt to steal people's Facebook login information.
According to screenshots posted by one digital agency, the email comes from the name “Restriction Alert” or “Restriction Details” — it's a scam. Do not take action, do not pass go, do not collect $200, or hackers will take over your account.
The email looks legit because they use a Facebook post as a landing page, which then redirects users to another site. Often, there are no other posts on these pages, no cover photo, and the post you are given a link to is not available on their main page.
Incidentally, one of our clients fell victim to this — it claimed they had violated copyright and had 24 hours to file an appeal or their page would be removed. Our client clicked the link, which took them to a very convincing but fake Facebook login page.
And yes, our client did have two-factor authentication on, so how did they get around that? Because the fake Facebook login page asked for that six-digit code, which our client — thinking they were on Facebook's site — went and got from their authentication app, typed it in, and within seconds, the hackers at the other end (who we later found out were located in Croatia) went right into the account.
Our client got off comparatively easy — the hacker duplicated the name of someone in Business Manager with admin privs, so they could get back in if they wanted, then duplicated an ad campaign our client was running… left the name, so it wouldn't look weird, but changed everything else to a large-budget ad hawking some crypto bullshit.
Luckily, we have some finely tuned alerts here, and were able to alert our client within about $1 of that account spending. But some accounts have been locked completely up and thousands of dollars spent.
And by the way, if anyone from Meta subscribes to our newsletter — can I suggest a very, very simple fix to this? Have a setting in Business Manager that says “Email me a confirmation any time someone not from my country tries to log into my account.”
In the event that you have fallen victim to the scam and your account is compromised, your only real option is to report it to facebook.com/hacked.
One person did that, reported the fake phishing pages to Facebook, and got a message back saying, in part: “Our technology reviewed your report, and, ultimately, we decided not to take the content down… Thank you for helping keep Facebook safe.”
Images: Gyi Tsakalakis via Twitter
