With a dramatic increase in phishing attempts on Facebook Messenger, it's critical that you & your team know how to identify and avoid scamming attempts.
While you're out there using social media to give your organization a boost and stay in touch with your community, you're going to come across some amazing people who share your passion for making a positive difference. Unfortunately, you will also encounter users who want to steal your information and do you harm.
At Effct.org, we've observed a noticeable increase in various suspicious activities, including phishing and scams, occurring on Meta platforms lately. Our aim is to provide you with straightforward tips to recognize these deceptive tactics and ensure your continued digital safety.
Common Scam Attempts
The first step to preventing phishing is being able to spot a phishing or scam attempt. We’ve noticed three unique types of phishing schemes in recent days:
Meta Impersonation Scams: Scammers mimic Meta and send messages to page admins, falsely claiming their account is locked. These messages prompt them to click a fake link. Clicking the link may prompt users to submit their sensitive personal information, enabling scammers to access digital accounts, or expose users to harmful software like malware or viruses.
Fake Customer Scam: Scammers pretend to be store customers reporting a faulty product. They claim to attach an image of the product, but the attachment is a .rar file, which could contain malware. Opening this file could activate the malware, potentially causing severe damage to your device and granting unauthorized access. In some cases, scammers provide Google Drive links that may initiate a download onto your computer. Be cautious of such links.
Cybersecurity Cleanup Scam: Scammers pose as members of a "cyberspace cleanup team" and make threats of disrupting a user's website. This scam prompts users to click a link, potentially leading to a fraudulent site or exposing them to malware. Our team has found that this scam is much less common, but still poses a threat to you and your team.
While these are the scam attempts we have witnessed so far, phishing and scamming attempts can take on many different forms, such as:
Fake package tracking updates
Fake “password reset” emails
Fake subscription emails
Spotting a Scam
In order to spot a phishing or scam attempt, look for the following red flags. They’ll show you how to catch a scammer:
The message emphasizes opening an attachment or clicking a link, a tactic often used by scammers. These attachments and links frequently carry malware, which can harm your computer, give hackers access, and put your organization and communities in jeopardy.
Beware if the message sender poses as Meta, Facebook, or another official account. Many of these scams involve mimicking Meta officials or employees. Remember, Meta and Facebook never reach out via Messenger for Business Manager, Ad Account, or Page issues. Legitimate communications come through the email linked to your personal Facebook account, often from the domain "@support.facebook.com." Scammers may also contact you through your personal email, so verify the sender's address. Moreover, be cautious of any grammatical or graphical anomalies like typos or odd designs, as these could indicate a fraudulent message.
Be cautious of messages using urgent language or catastrophic threats for your Page. Scammers frequently employ this tactic, giving recipients minimal response time. For instance, some claim to be from Meta and insist that Pages must click a fraudulent link within 24 hours to avoid having their Pages permanently disabled. Others might threaten to report your Page. If you receive such a message, stay calm and avoid rushing into action. Scammers create false urgency to prompt hasty responses. By acting without careful thought, you might fall into their trap and not realize it's a scam.
Watch out for suspicious sender names or photos. Scammers often create false identities, imitating both regular users and official entities. These profiles might employ stock images or pictures of unrelated individuals, coupled with fabricated names. Some common indicators we've come across include:
Scammers posing as Meta, employing an upside-down Meta logo as their profile picture.
Usage of multiple fonts in the "official" page name, a telltale sign of a scam.
Inclusion of photos of entirely different individuals. Our team even discovered instances where a scammer used a picture of actor Brad Pitt for their profile.
Protecting Yourself from a Scam Attempt
Think you got a message from someone trying to scam you? Take the following steps:
Do not open any links or attachments. This is how scammers are able to take advantage of you.
Report the account for fraud/scamming. This will help prevent them from scamming other users.
Delete the message. This is the only surefire way to make sure that no one on your team falls victim to the scam.
Inform your team. It's important that you communicate this scam attempt to your team and confirm that none of your team members were impacted.
Reach out to professionals for help. If you are unsure if a message is legitimate or not, you can contact anyone on the Effct team. We are happy to work with you in order to keep your team safe.
Stay safe out there!