I don’t know what to do, Dave. I got a message on Facebook that my business page has violated some Facebook policy and that it’s going to be shut down if I don’t confirm that I’m the page owner. But it doesn’t say how to do that! Can you help out?
I’ve written quite a bit about email and text message scams but it turns out that scammers are trolling every site and service that people use. Including Facebook. The basic playbook is the same, though; inform the user that they’ve done something wrong, tell them that there’s a way to avoid consequences, then ensure that it’s on a very tight deadline so they don’t have time to think. You know, you already get these as email spam, the “you have won”, “shipment failed” and “membership expired” messages.
The complicating factor here is that with over 1.7 billion active daily users, Facebook does have a reputation for taking arbitrary actions, though typically you aren’t warned, you just experience the consequence of whatever’s triggered it. Real Facebook communication is verifiable, however, and not going to be from “Andrew R.” or similar, and there are other signs that a message might just be bogus. Let’s have a look…
THE FACEBOOK NOTIFICATION
I actually see these types of messages quite frequently, often multiple times in a single day, so it’s easy for me to find some examples for this article. I logged in this morning and here were my Notifications:
Pretty typical interaction on Facebook with one friend liking a comment I left about Doctor Who and another friend mentioning me in his comment. But what’s with the message from “Md Aynal Islam”?
When I switch to the Go Fatherhood page on Facebook and check its notifications, “Md” is there again:
The second and third entries are Facebook business as usual, but what is the deal with Md Aynal Islam? (and why doesn’t that sound like a real name?). A click and instead of it opening up a small Messages window as you would see with a personal Facebook account, it jumps to the Professional Dashboard which has a completely different layout. If you’re a one-person Facebook page, it’s vast overkill, but it works.
THE BOGUS MESSAGE ITSELF
Meanwhile, here’s the message I’ve received from Md Aynal Islam that “needs” a response:
As is typical with spammers, there’s a sense of urgency here both with “Final warning” and “After 24 hours” instilling what they hope will be a sense of panic. But a calmer reading of the message reveals that it’s bogus.
First off, who the heck is Md Aynal Islam and why wouldn’t this message, if legit, be sent by Facebook? Having said that, I have also received these sort of ‘verify identity’ or ‘account poised to be shut down’ messages from user accounts with names like “Facebook Security Department” and “Meta Account Support”, so the name, by itself, is insufficient to justify you trusting and believing any message you receive.
But there are other factors. This is the “Final warning” when I haven’t received any previous warnings? I’m supposed to go to an external Website not part of Facebook or Meta (the parent company) to “confirm” my account access? Also, isn’t the account graphic a bit silly for something this official?
What’s interesting is that by default Facebook Messenger has removed all URLs and links, so while the scammer probably had a neatly embedded ‘confirm account’ link, it’s been stripped out of the message.
Not convinced? Here’s another scam I got on the same Facebook page a few days ago:
Do you think Nadiya Islam is related to Md Aynal Islam? Notice that it’s exactly the same template; urgency, about to be shut down very soon, use external link to confirm or verify your account identity.
HOW THESE SCAMS WORK
You’re wondering now whether these scams work and the answer is very infrequently, but enough that it’s worth them trying to trick you out of your account credentials. How would they do that? You click on the link and it looks exactly like a Facebook page and prompts you for your account and password, then thanks you for your cooperation and bounces you back to the real Facebook.
Now they have your account credentials and either a minute or two later or perhaps a few days later they’ll log in and change everything to lock you out of your own page! This is one reason why 2-factor authentication is so critical for your account protection.
There are also variations where you allow them access to your account because they’re a “big advertiser” that wants to pay you an exorbitant fee to run some ads or post some content. Two minutes later, you’re logged out. Again, lots of skepticism and two-factor authentication are your best protection!
WHAT TO DO INSTEAD OF RESPONDING
Suffice to say, if I were to say “oh no! I can’t click on your link but want to resolve this problem, can you please share a better link” they’ll be happy to redirect me to their faux site to harvest my login credentials. ¡No bueno!
Instead click on the “•••” adjacent to the message to reveal the menu:
You can either delete the conversation entirely or categorize it as spam by “Move to spam“. Either way, the message is gone and you’re safely able to go back to your regular Facebook posts and interactions. You: 1. Scammer: 0. Well done.
Pro Tip: I’ve been writing about Facebook since it first came online. Please check out my extensive Facebook help library for hundreds of useful tutorials and insider tips and tricks. And why not follow AskDaveTaylor on Facebook for even more great content? Thanks!