I got a notification on Facebook from the privacy policy team that my page has been reported. Now I have to verify ownership of the page? Can you confirm this is legit?
While Facebook has a lot going on with its billion active daily users and thousands of employees, personal notifications about business pages or profiles are quite unlikely. More importantly, a notification from Facebook itself has a very distinctive look and clicking on it takes you to the administrative interface which immediately assures you that it’s legit. Sounds like you received something quite similar to my notification from a user called “Privacy Policy” on Facebook. Sneaky, eh? A user called Privacy Policy.
Whether something looks legit or not, however, vigilance and skepticism are your friend, whether you’re trying to ascertain if an email is real or a Facebook notification is from a scammer or phishing attack or not. In the spirit of detective work, let’s step through this notification and see what’s going on…
To start, here’s what I saw in my own personal Facebook account notification stream:
On first glance it might seem legit but, um, “shared”? If there was an issue with my Facebook business page, why would the reporting team “share” my page rather than just notify me of a violation or problem?
Still, maybe. Maybe it’s legit or maybe you read it without really thinking about what it says and click to learn more. In which case you get to this pop-up window:
If you read the text carefully, it’s rather gobbledygook, confusing, grammatically incorrect and just generally weird. Most telling is that it’s from “Privacy Policy” but wants you to confirm “the repair” of your Facebook account.
Still, you’re anxious, you see a link, you click on it.
BUT WAIT! Let’s look at that link. In fact, let’s ask; why would Facebook link to something off site at all? They wouldn’t. But maybe you don’t know that. Then look at the domain for this link: fb<string of random numbers>.my.id. Know where .ID is the domain for? Indonesia. Now it’s as obvious as can be this is a phishing attack, as we say in the biz. They just want to steal your account credentials.
Worst case, you click. Now you’ll see a not-quite-right Facebook login page (that’s not secure):
Not quite what Facebook looks like, but it might fool you if you’re anxious and moving really fast.
To ensure something like this is legit, though, start by entering a fake email and password to see what happens. I use “president@whitehouse.gov” and “melania” as the fake credentials. In this case, it accepts them!
In other words, it clearly isn’t validating anything at all, just saving the data to a file on their server somewhere in Indonesia.
Once you enter bogus info on this page, it then asks for more information from you:
Why would Facebook need this information?
No worries, enter some junk and you’ll be verified! Whoo!
What this page should really say is “Hey sucker! Thanks for the info. We’re going to hijack your account in just a few minutes!”
In other words, what’s really going on here is that an enterprising young scammer has built a few pages and is prodding people on Facebook to go to that bogus site and share their login credentials and personal info. DON’T DO IT.
With just a bit of skepticism and a close read of the details, it’s clear that this is a scam from the very first step. But sometimes we move too fast and even I’ve been caught by one or two of these well assembled scams over the years. If this suckered you, then
- Go and change your Facebook password ASAP. I’ll wait. Back? Ok. Now
- Enable 2-factor authentication on your Facebook account which would mean that even if they get your password, they won’t be able to get into your account.
Be vigilant out there; anti-virus software protects from app attacks, not personal scams like this one. It’s up to you to be skeptical and cautious.
Pro Tip: I’ve been writing about Facebook and online scams for many years. Please check out my spam, scams and security help area and my Facebook help areas both while you’re visiting. And why not follow AskDaveTaylor on Facebook too? Thanks!