Facebook Phishing: How to Differentiate Fake Emails from Meta Support

Phishing is a fraudulent scheme used by attackers to access your account. For advertisers, phishing is especially dangerous because fraudsters get out personal information about your account and may also use it for their purposes like running ad campaigns at your expense or compromising your account with ads.

Promodo experts are here to share invaluable advice about how not to fall for a phishing scheme. Based on our hands-on experience, take this piece as a useful guide to protect your account from fraudulent activities on Facebook.

‍

Phishing on Facebook

Facebook scammers hunt for access to your account. They need you to log in with your username and password. Part of Facebook scams, they may contact you personally, or send messages via Messenger or fake emails from Meta support to your email. You may also fall into the trap by going onto a fake Google page or downloading a fake Meta app on your phone.

Messenger Fake Messages

Attackers send users messages on Messenger or may leave a comment under your post with a warning that your account is about to be blocked. The message is accompanied by a link you need to follow to log in and prevent the blocking:

‍Fake Meta support appeals to the violation of intellectual property rights. And since we know how attentive Facebook is to protecting trademarks, this information may seem convincing. However, there are several important factors you need to know to avoid phishing:

1. Analyze the reason for the request. If you are told that you have violated a rule, is that so? Do not fall for manipulations.

If you own an ad account, remember that Facebook never sends blocking notifications on Messenger.

2. You can check the status of your ads as an account holder. If there are any warnings from the system, you will see them only on the Account Overview page or on the Account Quality Check page.

3. Check who is writing to you. Once again, Facebook support does not write on behalf of a specific employee. For this purpose, Meta uses a verified Meta Business Support account with a signature that it is an official chat.

4. Do not click on unknown links. If you believe the content of the message, look at the link, as it may be a phishing link. Usually, it contains additional dashes at the beginning of the domain or at the end of it.

‍

Support Letter by Meta — *The chat with official Meta support*

‍

Fake Meta Applications

Fraudsters also use mobile marketplaces. Therefore, when downloading an application from the AppStore or Google Play Market, carefully check it for originality.

While identifying Facebook scam messages, we coped with the phishing Facebook case when our colleague was hacked. He wanted to download the Meta Business Suite app, though downloaded a fake one. The icon, description, name - everything looked identical and there were a few differences. We detected it as one of the Facebook phishing scams a few hours later when other people's campaigns were noticed in the ad account. It went like this: using the login data to the app, fraudsters gained access to an account linked to the ad account. Then they could use it for their purposes.

‍

As soon as the hacking became noticeable, the account began to take preventive actions. Meta's investigation lasted more than six months and they managed to get only partial compensation for the fraudsters' expenses. The conclusion of this case: you need to be very careful. Marina Eremenko, PPC Deputy Head / Teamlead at Promodo.

‍

Fake Emails

You may also get an email with the subject line and sender like an original. The content of the email will tell you that you have violated the policy. To avoid being blocked, you will be asked to follow the link. It can be pasted in full or sewn into a button. Make sure never click on it!

‍

Facebook phishing email example:

‍

How to recognize a fake email?

1. Pay attention to the sender's address. Meta Support uses only Facebook.com domains and cannot be faked by fraudsters.

2. If the link is visible, look at it carefully. Usually, fake links contain a strange set of letters or a fake domain.

3. If it is a letter from Meta regarding your request, it will contain a case ID.

‍You can also check if Meta has sent you an email yourself: ‍

1. Go to the Meta Account Center and select the "Password and Security" tab

2. In the opening window you’ll see the inscription "Recent emails".

3. Click it to view them. In the new tab, you’ll see all official emails from Facebook.

4. If you can't see an email you've received in the list, it's a scam.

5. Report Facebook phishing email.

‍

What to Do If Your Advertising Account Is Compromised

Contact Meta Support immediately. Choose the reason for your request (account hacking) and the account that was hacked. Describe all the details in your request.

It is vital to provide as much information as you can: describe which campaigns were created or modified by fraudsters and add the identifiers of these campaigns, groups, and ads. Provide information about the cost. If the attackers have uploaded a fake Pixel, make sure to add its ID or name.

‍

We recommend detailing your case in English. You also need to remind Meta about your case constantly. Our experience shows that if you fail to "fluff" them, they may close your ticket without further warning. Therefore, we strongly advise writing to support every week, though they may close your ticket even with such a frequency. Marina Eremenko, PPC Deputy Head / Teamlead at Promodo.

‍

Also, read our featured post: Reasons for Ad and Ad Account Blocking on Instagram and Facebook

‍

What you should do:

1. If you work in an agency or team up with others, notify your colleagues about non-standard actions in your account. Check all ad accounts you work with for unfamiliar campaigns/groups/ads, pixels, costs, and auto-advice that could have been created by fraudsters.

2. Gather all the information and contact Meta Support.

3. Do not delete or change anything. Stop the campaigns created by fraudsters, but do not make any changes.

‍

In the mentioned case, we checked all levels of ads and then it turned out that the fraudsters had created additional auto-rules. They automatically enabled campaigns and ads. Usually, that’s not the case, but in a few hours, they noticed that the campaigns continued to run. That's why it's important to check everything. Marina Eremenko, PPC Deputy Head / Teamlead at Promodo.

‍

Check up your Facebook Account — Facebook Account Check Up List

‍

When Meta Support receives a request, your account will be blocked. It will become unavailable for some time and you won’t be able to use it. Therefore, you'll need to create an additional account and use a different email address. That’s critical because Meta should not associate it with your old account and block the newly created one. In our case, hacked ad accounts were restored at different times. The procedure took us about three weeks. During this period, Meta blocked our Business Manager and several other peer accounts uninvolved in the hack. So, get ready for that. Marina Eremenko, PPC Deputy Head / Teamlead at Promodo.

‍