Facebook Hackers: We added a restriction to your account. See why…
13 September 2023You’d probably like to think that you can spot a message from a scam account a mile away, but it’s becoming harder and harder to distinguish authentic messages from fake ones.
There’s a Meta Business phishing message about account restrictions that’s becoming increasingly prolific – I’ve received 3 of these messages in the last 2 days. Here’s more about recognising these messages and protecting your account from unwanted intruders.
What does the message look like?
As a Facebook Page Admin, this message is the first thing you receive:
It looks pretty authentic, especially on mobile. Anyone who doesn’t recognise this as a fraudulent message will click on the link, which takes them to this post:
The link to the supposed account confirmation actually takes you to the scam domain name meta-private.mobi
If the recipient still hasn’t noticed that there’s something suspicious about this process, they might then enter their login details. This allows the scammers full access to their Facebook account including their pages and, if they have one, their ads account.
Depending on what the offender then does with their account, they’ll also find their personal Facebook account banned permanently. They might also end up with their Business page deleted permanently too.
How does it work?
As with all online scams, the people behind it try and make it seem as legitimate as possible.
In this case, the sender of the initial message is a Business Page named ‘We added a restriction to your account. See why…’ which is rather cleverly made out to disguise itself as one of the very real messages that Facebook sends its users on a regular basis.
This message is sent to your Business Messenger Inbox and appears with your other Meta account messages, which is your first real red flag. Facebook sends legitimate messages as notifications.
What’s even more clever is that the scam page blocks yours, preventing you from seeing any details if you try and view the profile of the sender.
Another big clue that this message hasn’t come from the Facebook powers that be is what happens if you get as far as clicking the link in the message.
It takes you to a different page entirely!
The post explaining why your account has been ‘restricted’ and asking you to confirm your account is from a page called ‘Meta Business Support’ – a separate page from the one sending the initial messages and is a public post.
How can I protect myself and my account?
When you’ve worked hard to gain followers and increase engagement on your page, the last thing you want is to lose it all to a scammer. The best thing you can do to secure your account is turn on two-factor authentication. This process will require you to enter a one-time login code or verify your login attempt every time someone does so from a browser that Facebook doesn’t recognise. You can also register to receive an alert every time someone tries logging in from an unknown browser or device.
How do I turn on two-factor authentication?
- Login to your personal account
- Go to Settings & Privacy
- Click ‘Privacy’ and head to the privacy shortcut titled ‘Check a few important settings’
- Select ‘How to keep your account secure’ which will bring up the pop up below . Click ‘Continue’ and ‘Next’ until your find yourself on the page named ‘Add an extra layer of security to your account’
5. Click ‘Get started’ and follow the instructions
You’ll then be able to choose whether you’d like to set up your two-factor authentication via SMS or a third-party authentication app. Please be aware that Facebook changes a lot, so these instructions were correct at the time of writing on 13th September 2023.
Make sure that any page managers or admins also activate two-factor authentication in order to maximise the security of your page. It’s also important to remove any old admins that no longer need page access.
It’s a good idea to remind any staff dealing with your page about how to spot scam messages and be hyper-vigilant and cautious when receiving messages and emails that require them to confirm any login details.
What do I do if I get hacked?
Scammers are getting increasingly clever and imitating legitimate correspondence relatively accurately (this is a long way from messages from Prince Eric in Tasmania). All of this is making hacking and phishing more difficult to recognise and protect yourself against.
If you do find yourself the victim of account hacking then we may be able to help.
Get in touch for an initial assessment.
