Beware of the new Meta Security scam that wrongfully states your business page has been disabled and thereby lures you into revealing sensitive information.
What is the Meta Security scam?
The Meta Business Suite is a go-to solution for online entrepreneurs, and for good reason. Introduced by Facebook in 2020, this one-stop toolkit can really become the lifeblood of a modern marketing campaign by providing a fully-fledged spectrum of instruments to manage a business’ Facebook and Instagram accounts, all in the same place. The functionality ranges from ads management and the ability to answer direct messages across both services, to comprehensive visibility of the leads and statistics that reflect customer activity.
The reverse side of its popularity, though, boils down to close scrutiny from malicious actors out there. In an ongoing wave of fraud, Meta Business Page owners have been receiving scam messages, allegedly from Meta Security Team, that say the following: “Your Business Page Has Been Disabled” or “Violations detected may result in your Page being removed”. Let’s get into the finer details of these scenarios to understand what goals the riff-raff pursues and how to stay safe.
Types of fake Meta Security notifications
Based on the wordings of the phony messages received by target Meta Business Suite users, this scam can come in several different forms. Continue reading to get the lowdown on these spin-offs.
1. “Your Page Has Been Disabled”
The most common variant pushes the narrative of the recipient’s Business Page having been already disabled. These alerts come from random senders labeled simply “Facebook user” (see the screenshot below). For the record, here is the full text of the spoof message:
“Hello Your Page Name,
Your Business Page Has Been Disabled.
We are constantly updating our Meta Privacy Policy and Terms of Service. We have temporarily suspended your page because someone told us that you violated our terms and conditions of service.”
To view the details of the purported violation and get started with addressing the problem, the user is instructed to click on the embedded link. This will open a misleading page that says, “Your Page Has Been Disabled”. Its text mostly duplicates that of the original direct message (DM), but it additionally recommends the following, “Confirm your account within the next 24 hours otherwise your page may be permanently disabled”. And arguably the most ironic part is the phrase, “We Help Keep Your Page Secure”.
A major giveaway at this point is that the URL of the landing page is a Facebook domain copycat that comes in the following format: hxxps://facebook.[string of random digits].review. This gives any vigilant user a clue that they’re dealing with a hoax. Unfortunately, plenty of people would probably overlook the discrepancy, get on the hook, and click that pink “Continue” button, only to end up in a phishing trap that will be described further down.
2. “Violations detected on your Page”
Unlike the previous stratagem, this one pretends to come from an entity named “Meta Security”. It largely revolves around intellectual property infringement and looks a bit less scary as it only states that the removal of the target’s business page is potentially possible, and the incriminated violations could be a mistake. However, this somewhat milder tone can still be a foundation for a successful scam because the recipient is more likely to engage with it.
The message is as follows,
“Violations detected may result in your Page being removed.
We received notices that this page infringes intellectual property rights, often posting someone else’s work without permission or using someone’s trademark in a misleading way. Repeat offenses may result in your Page being removed.
If you believe this is an error in our system, please verify your account at the link below”
Again, the would-be victim is expected to click on the embedded link and go through a rabbit hole of account confirmation, which is nothing but a hoax in disguise. This time around, the linked-to site says, “Violations detected on your Page”. The rest of its wording matches the landing used in “Your Page Has Been Disabled” variant described in the section above.
3. Meta Business Support imitation
One more derivative of the fraud in question involves what’s called the Meta Business Support. As is the case with the “Violations detected on your Page” version, the deceptive message here mentions intellectual property encroachment. Here are the contents of this warning for your reference:
“We have temporarily suspended your page because the content you post on this Page infringes someone else’s intellectual property rights.
If you continue to post content that infringes someone else’s intellectual property rights or violates the law, your Page may be permanently disabled.”
If you get curious and venture into opening the Meta Business Support link at the top of the counterfeit notification, you will find yourself on a page illustrated in the screenshot below. The more prudent users will easily notice telltale signs of a swindle there. First of all, it says, “No posts yet”. That’s not something you would expect when dealing with a reputable brand. Second, the page was created in mid-September 2023, so it’s definitely not related to a firmly established entity.
Similar to the previous spin-off, the alert urges the user to verify their account by clicking on the corresponding link that loads the “Your Page Has Been Disabled” landing. This brings us to the next part, which focuses on the objectives of the Meta Security scam. Predictably enough, it’s all about trying to wheedle out sensitive information.
Identity theft at the core of the Meta Security scam
While all variants of this fraud have their distinguishing hallmarks in terms of message texts and landing pages, they all share a common denominator. If a victim chooses to interact with those notifications – which is in and of itself a bad idea – and clicks the “Continue” button, they’ll end up on a “Meta Business Help Center” phishing page shown below.
It’s designed to match the Meta style and contains the company’s logo for greater, albeit feigned, credibility. Interestingly, rather than following the classic credential phishing logic aimed at obtaining one’s sign-in credentials, it asks the user to upload a photo of their official ID (e.g., birth certificate, passport) that contains the date of birth. If the unsuspecting target falls for this trickery, they will see an “Accepted” notification that supposedly reflects the status of the submission (see image below).
The consequences of sticking to the riff-raff’s instructions can be serious. When in dark web databases, ID details can be mishandled for bank frauds, spear phishing, and other chicanery that put your identity and financial well-being at risk. To top it off, this particular plan may potentially culminate with requesting Meta login credentials which, combined with your ID information, allow crooks to take over the account and harm your business reputation.
All in all, the Meta Security “Your Page Has Been Disabled” scam is one of the most common fraudulent schemes targeting the ecosystem of Meta Business Suite and Business Manager users. The landing pages involved in it are being taken down fairly quickly due to complaints, but new ones supersede them without much delay. That said, it’s in every user’s best interest to know how to identify such hoaxes and how to act if the dubious-looking message shows up in their inbox.
How to keep your business account and identity safe
Let’s face it, these scams aren’t going anywhere anytime soon. It’s therefore crucial to follow several recommendations that help minimize the risk of identity theft. Here is a summary of these tips:
- Exercise caution with suspicious direct messages. Neither Facebook nor Instagram will ever DM you about violations on your account. They have other official channels to notify customers.
- Pay attention to URLs in messages. If a notification claims to come from the Meta Business Suite team but the embedded link starts with anything other than facebook.com, that’s a sure-shot sign of a scam.
- Look for inaccuracies. Most internet con artists don’t proofread their messages. If you read the contents of the deceptive notifications carefully, you’ll most likely find typos, grammar errors, and other mistakes. For instance, the warnings constituting the Meta Security scam have extra spaces, missing periods, and fragments like, “Confirm your account within the next 24 hours otherwise our your Page may be permanently disabled”.
- Never disclose sensitive info. It’s unacceptable for a reputable brand to require uploads of official documents. If a page asks you to, don’t engage with it.
- Examine linked-to landing pages. If you are redirected to a page that claims to be under the Meta umbrella, take your time and examine it scrupulously. Things like missing posts or a very recent launch date should give you a heads-up.
Finally, it’s strongly advised to report dodgy activity to Meta whenever you suspect someone is trying to scam you. Not only will doing so dot the i’s and cross the t’s for you personally, but it will also help stop the fraud in its tracks and prevent other people from falling victim to it. Stay safe and be vigilant.