(Getty Images)
The latest social media scam is yet another phishing scheme designed to scare Facebook users into sharing their login credentials. Here’s how you can spot the scam and protect your account from hackers.
How the scam works
You see an ad after an Internet search for a product you want to buy. You visit their Facebook page to learn more, but you're asked to login to your account. You find this strange since you are already signed into your account. After signing in and attempting to make your purchase, you're signed up for a subscription service for a fake company.
In another version of this scam, you receive an email that appears to come from Facebook and says something like this: “Recently, we discovered a breach of our Facebook Community Standards on your page. Your page has been disabled for violating Facebook Terms. If you believe the decision is incorrect, you can request a review and file an appeal at the link below.” The message may also state that if you don’t act in the next 24 hours, Facebook will delete your account permanently.
The email includes a link that appears to lead to Facebook.com. Because you want to keep your account, you may think about clicking - however, you must stay calm and take a closer look. On closer inspection, you’ll likely find signs of a scam. These include typos, email sender addresses that aren’t related to Facebook, and, if you hover over the link in the email (without clicking on it), you will discover that it doesn’t point to Facebook’s website.
Another version of this Facebook phishing scam targets Facebook business pages with a threat to deactivate the account due to a Terms of Service or Community Standard violation. The message appears to come from Meta Business Support and requires the administrator to confirm the account by clicking a link, or it will be permanently deleted.
If you click the link, you’ll likely be taken to an official-looking page and prompted to complete a form to appeal the policy violation. You’ll be asked for your login email, phone number, name, and other details. The page will ask you to confirm your password when you hit submit. If you do, scammers will have all the information they need to hack your account.
How to avoid Facebook phishing scams
- Don’t panic. Always read suspicious emails carefully, looking for signs of a scam, before you act. Remember that scammers love to target social media accounts, so fake alerts aren’t uncommon.
- Verify the claims. Log into your Facebook account directly to verify there is a problem before deciding how to proceed.
- Always log into your account directly. Even if you think an alert is authentic, use your social media app to log in or enter the URL in the browser bar by typing it, not by clicking on a link sent to you.
- Guard your login credentials carefully. Never enter your login information on a third-party website or a page other than the official Facebook website. Never send your login information to someone via email or Facebook Messenger. If you entered your login credentials into a fake form, change your password immediately.
For more information
Read more about how phishing scams work. Learn more on BBB.org about protecting your verified social media account and spotting fake social media accounts. Check out these tips from Facebook about keeping your account secure.
If you spot a social media scam, report it to BBB.org/ScamTracker as well. Your reports help us build community awareness about common scam tactics.
Want more scam news? Subscribe to BBB's weekly Scam Alerts.