Recently, I reported on how fake copyright complaints were being used to spread ransomware to businesses. One of our readers saw that article and alerted me to a similar scam. In his case, the email claimed his Facebook ads were violating copyright and his business page would be disabled or removed if he didn't file an appeal. The specific text of the email reads:
Your recent ads have been reported for violation of Facebook ToS.
You have now (1) copyright strike, and we'll have to disable your ad account and take down your page.
To prevent that from happening, use the link below to submit an appeal: https://sites.google.com/view/facebook-form
This link expires in 24 hours.
The link to the Facebook form (which has now been removed) brings you to this page with more "details" about Facebook's advertising policy, followed by a button to complete a form with your account details.
There are a couple of clear warning signs that this isn't an official Facebook page; notably, the form being hosted on a sites.google.com URL (rather than directly by Facebook) and the general poor grammar of the page. But if you missed these clues and went ahead and completed the form, you just turned over your business's login credentials to these scammers.
Interestingly, the image used in the header of the fake Facebook appeal page is the same one used for a similar, though technically more sophisticated, Facebook phishing scam Sophos Security reported in October 2020. Whether this is the same group of scammers or another group trying to copy their methods is hard to know. It's also possible, though I haven't seen evidence of it yet, that this same social engineering method could be used to deliver malware, including ransomware, as I outlined in my prior ransomware article.
As we see with the Sophos example, scammers often will change up their methods and the language in their emails in an attempt to avoid spam filters. If you've received a similar message (on your site or via email), please post in the comments below so others will find it when doing a Google search and avoid the risk of having their Facebook accounts compromised.
[Image credit: Smartphone on keyboard via BigStock Photo, screenshots via Techlicious]