If you own a Facebook business page, you’ve seen the messages. Many start with…
IMPORTANT NOTIFICATION!
What follows is typically a scary message through Facebook Messenger about how your page committed copyright infringement, how you’ve otherwise violated community standards, and how your page is set for permanent deletion! Your heart rate will shoot through the roof, but don’t worry, it’s likely a scam. More specifically, it’s a phishing attempt, as a fake account attempts to gain your personal information (such as a password) or tricks you into clicking on a deceptive link. These bad actors are often quite good at replicating the look of an official Facebook or Meta account. They may use that Facebook shade of blue and a strikingly similar logo, or they may call themselves something like “Business Services” or “Complaint Center.” I’ve also seen “Facebook User” and “Meta Help Center” in efforts of deception.
First things first, if Facebook is truly mad at your page for one reason or another, they won’t contact you through Facebook Messenger. You’ll get an official notification (not a notification of a message, just a notification) or an email. According to Facebook, you can trust emails from the following addresses: fb.com, facebook.com, facebookmail.com, instagram.com, meta.com, metamail.com, and support.facebook.com. Double check emails from these accounts and ensure there are no misspellings. Again, this may be a case where a bad actor is attempting to look like a Facebook or Meta email account. Even if you’re pretty sure that the message comes directly from Facebook, double check with a friend. We’re also always available at the Beehive for some quick advice. Finally, there’s a Facebook security feature that tells you when they’ve last sent you an email. Match up the dates and times to be sure.
Here’s some other signs that you’re dealing with a scam/phishing attempt:
— The language will be aggressive and will often state that your account will be deleted or suspended unless you take action. Facebook also cites these “threats or urgent demands” as a way to identify a scam.
— You’ll see language that tells you to click on a link or that asks for passwords. According to Facebook, “We will never ask you for your username or password in an email message, or send you a password to verify in an attachment.” Furthermore, they state, "Meta representatives will never request money or ask for passwords, payment details or other sensitive information over chat or email."
— You’ll get messages/emails from unfamiliar senders. Again, check for those specific Facebook/Meta email addresses.
— They may ask you to confirm your page, request a review on your (fake) case, submit an appeal, contact them with questions or concerns (through a deceptive link), or otherwise fight the actions being taken against your page. They want you to click on a deceptive link to stop your page from being taken down. Don’t fall for it.
— Bad grammar or misspellings can also be a sign that you’re dealing with a scam.
You can also check some aspects of your account status through facebook.com/business-support-home. According to Facebook, this page will let you, “review the most recent accounts and assets that need attention due to not complying with our Advertising Policies or other standards.” An emerging theme through much of this advice? Sticking to the Facebook domain and its features is a safe way to navigate account issues. Anytime you’re leaving facebook.com or the Meta Business Suite (business.facebook.com), that’s when you’ll run into trouble. We would suggest the same principle if you’ve been hacked. Head to Facebook’s guide on “What To Do If You’ve Been Phished on Facebook.” Hackers like to compound your pain; they’ll target those that have been hacked and offer a quick fix or account recovery. Go through official Facebook channels only to attempt account recovery.
Let’s end with some more security tips:
— If you don’t recognize the sender, don’t click on any links in Facebook messenger or Instagram messenger. If a known sender is acting strange, don’t click on any links. Your friend may have been hacked.
— These days, 2-factor authentication is a must-have. Set it on all your accounts! You can use the Google Authenticator app or your phone number. Some accounts will require both.
— Create unique passwords. Good password apps (such as 1Password) will create them for you. These apps will also store those passwords.
— If you feel like you’re being scammed, do a quick Google search! Reddit is a good source to look for similar scams. Don’t take anything said on Reddit as gospel, but it’s good to check there. Scams and phishing attempts are usually mass actions. You won't be alone.
— Many of these same suggestions go for Instagram. Facebook and Instagram are owned by the same company and you’ll get messages through the Meta Business Suite for both accounts.
Lastly, this article is not saying that you’ll never make a mistake as a Facebook/Instagram page owner. If there’s a legitimate issue, and you receive correspondence from the platform itself, you’ll need to clean up that issue. Please double and triple check these messages before taking any action though. Also, these aren't the only scam and phishing threats on Facebook and Instagram! Keep up to date by reading social media and digital media marketing news sources.
Unfortunately, it can be a dangerous world out there for business owners that need to manage their social media accounts. Be safe.
