Online phishing scams are a growing threat to small businesses.
These scams use fraudulent emails and websites to trick you into giving away sensitive information, such as the login credentials to your Facebook account, by playing on emotion and fear.
As of December 2022 the National Cyber Security Centre received over 16 reported scams so it’s very likely you may have seen one of these emails recently.
The consequences of someone taking over your Facebook account could be that they run ads using your credit card, spending thousands and heighten the risk of your account being banned or deleted.
This guide will show you how to spot a phishing scam email and what to do if you get one.
You can then run Facebook ads safely and securely by being aware of the risks, knowing that you have taken steps to safeguard your personal information.
What does a typical phishing email look like?
Below is what a typical phishing scam email looks like. It’s designed to scare and shock you into taking action with it’s language, but if you look carefully, you can see obvious signs that this is not a real email from Meta.
It’s the tactic of shock that’s used here to get users panicked into taking action but if you can take time to read any email like this carefully first, you can spot these signs too.
what happens when you click a link in the email?
Clicking on the link will take you to a Facebook post run from a public Facebook page, so you’ll be able to see this even if you’re not logged in.
Taking you directly to Facebook helps trick the receiver into thinking the post is real, and even if you take the time to check first, you may already feel panicked that your Page or account is about to be banned. When you are in this state, you may need to be more careful in checking what you are looking for.
Meta would never send you to a Facebook Page or a Facebook post for this type of issue, so be mindful and observant of the link you see in the address bar of the link you click on.
where does the facebook post take you?
Clicking the link on the post will take you away from Facebook to a web page that has been designed to look like Facebook. The URL has been structured to look like it could be a secure page, but there is no “meta” or “facebook” in the URL.
This is a big red flag 🚩 as Meta would never ask you to update your details away from their site.
The web page will ask you to submit personal details that will help a hacker access your account, like your email and phone number. They even ask for your Page (Meta would never do this).
If you are still in a state of panic, you may feel compelled to do this to get your Page back.
Do not ever give your details to any site that looks like Meta.
what does a real page restriction email look like?
Below is what an actual email from Meta looks like when a Page has been genuinely warned or restricted.
Note that you’ll see an email sent from the Facebook domain, your name is used in the email to address, and the Page that has been affected is mentioned in the content of the email.
The link will also take you directly to the Meta Business Manager.
- If you have received an email from Facebook telling you your Page has been restricted, then look at the email address – does it look genuine?
- Has your name and Page been mentioned in the email?
- If you click the link, note the web address of the link destination – is it a Facebook post or the Meta Business Manager?
- If you click the Post link, note the web address of the “help centre” – is it a Facebook or Meta URL?
- Are you being asked to enter your details?
Check inside the Business Manager as you will receive a genuine notification in here if your Page has been restricted.
If you do end up submitting your details and realise too late, then change your password immediately and monitor your account closely or new users being added.
Make sure you also have 2 Factor Authentication enabled.
It’s better to double-check everything than react on emotion so ask someone to look at the email and links with you or use a trusted provider like The Social Ad Squad to assist and help you report it.
Being vigilant and hyper-aware is better than trusting an email at first glance because it looks authoritative, and you can save yourself from losing money and business by acting this way.
Good luck out there!