Navigating the Deceptive Waters of Facebook Phishing: A Survival Guide

I normally don't run social media ads but wanted to give it a try since it has been awhile (my clients like to ask for my insight and what better way to provide it than to walk in their shoes!) 

The amount of phishing spam I received will blow your mind!

It started as soon as I ran my first boosted post and ended as soon as it was over. They targeted my public email which was the dead giveaway as it is not associated with my Facebook account.

So today's newsletter focus: Beware of Facebook Phishing (cue lightning strike and clap of thunder)

If you receive an email or a DM that is from “Meta” stating you have been in some type of violation with your account and to click this facebook link or this facebook post, DON’T!

Meta will not send you a random email that does not contain your name (they normally do not address it to your user name, profile name, or name of business) and definitely will not DM you if there is a problem with your account. They will also not email you from Outlook, through WordPress, or the plethora of other ways I have seen these messages come through.

When it doubt OR If you do see an email from @facebookmail.com or @facebook.com - check the from AND the reply to!

Below are all valid emails from Facebook...

* Facebook is not immune from having their domain spoofed, no one is. Like the example below, most of the spammers were focused on the body of the email so they stuck with public domain emails, hoping the recipient did look past the sender name "Meta".

So what should you do?

ALWAYS log into Facebook and go directly to Ad Manager to see if there is an issue. If you don’t see a notification upon signing into Facebook or see a banner alert in Ad Manager (where you will normally be stopped if something is truly wrong), there are absolutely no issues with your account.

I have put an example of the emails I received below.

** Facebook will NOT delete your ad account if you have a violation! They will disable it but if the word "delete" is used, that is another red flag! YOU can delete your business manager account and ad account but FACEBOOK will deactivate or disable it. 

BE CAREFUL!

I read in a group that someone fell for this, clicked the link, entered all of her information, and later got an alert the someone was trying to log into her site.

Which brings me to point #2 – PLEASE activate two-step verification with Facebook (preferably Google Authentication).

We all make mistakes so if by any chance you do fall for the deception, your account is protected. Just make sure if you use the same password across the board, those accounts also have two-step verification or change the password immediately!

Prefer to receive these sent directly to your inbox? Sign up for our newsletter and get notified about new blogs, great deals, and other helpful tips.