Tech Made Simple

Hot Topics: How to Fix Bluetooth Pairing Problems | Complete Guide to Facebook Privacy | How to Block Spam Calls | Snapchat Symbol Meaning

author photo

Facebook Ad Copyright Violation Scam Used for Phishing Attacks

by on August 02, 2021
in News, Computers and Software, Computer Safety & Support, Blog, Facebook, Privacy :: 7 comments

Techlicious editors independently review products. To help support our mission, we may earn affiliate commissions from links contained on this page.

Recently, I reported on how fake copyright complaints were being used to spread ransomware to businesses. One of our readers saw that article and alerted me to a similar scam. In his case, the email claimed his Facebook ads were violating copyright and his business page would be disabled or removed if he didn't file an appeal. The specific text of the email reads:

Hello,

Your recent ads have been reported for violation of Facebook ToS.

You have now (1) copyright strike, and we'll have to disable your ad account and take down your page.

To prevent that from happening, use the link below to submit an appeal: https://sites.google.com/view/facebook-form

This link expires in 24 hours.

Thanks,

Facebook Team

The link to the Facebook form (which has now been removed) brings you to this page with more "details" about Facebook's advertising policy, followed by a button to complete a form with your account details.

Fake Facebook appeal page showing text that reads Breaking the Advertising Policy. All advertisements and offer must practice trade policies. You may have broken some of the banned articles/rules on Facebook. Unsafe add-ons. Adult articles or services. Growth health articles. Hateful and degenerate language in communication, racism and offensive language. Non-physical items are prohibited on Facebook Marketplace, including but not limited to services, subscriptions, digital products or rentals. Below is a form which must be completed within 24 hours. If you do not complete the form your site will be suspended indefinitely. Followed by a button to continue.

There are a couple of clear warning signs that this isn't an official Facebook page; notably, the form being hosted on a sites.google.com URL (rather than directly by Facebook) and the general poor grammar of the page. But if you missed these clues and went ahead and completed the form, you just turned over your business's login credentials to these scammers.

Interestingly, the image used in the header of the fake Facebook appeal page is the same one used for a similar, though technically more sophisticated, Facebook phishing scam Sophos Security reported in October 2020. Whether this is the same group of scammers or another group trying to copy their methods is hard to know. It's also possible, though I haven't seen evidence of it yet, that this same social engineering method could be used to deliver malware, including ransomware, as I outlined in my prior ransomware article.

As we see with the Sophos example, scammers often will change up their methods and the language in their emails in an attempt to avoid spam filters. If you've received a similar message (on your site or via email), please post in the comments below so others will find it when doing a Google search and avoid the risk of having their Facebook accounts compromised.

[Image credit: Smartphone on keyboard via BigStock Photo, screenshots via Techlicious]

Josh Kirschner is the co-founder of Techlicious and has been covering consumer tech for more than a decade. Josh started his first company while still in college, a consumer electronics retailer focused on students. His writing has been featured in Today.com, NBC News and Time.



Discussion loading

Similar Hack on my Facebook Business Account last night

From Ivo on January 21, 2022 :: 2:29 am

The Attack started with the following email:

/Hello dear,

/Your ad has been reported for violating Facebook ToS.
/ /You have (2) copyright strikes, and we’ll have to disable your ad /account/page.
/To prevent that from happening use the form below to submit an /appeal:
/ /https://www.facebook.com/  !!! removed this for security !!!
/ /This link will expire in 24 hours.

/Thank You,
/Facebook-Ads

I followed the link - however on my iPhone mobile !
The page I landed on was m.facebook.com
There I stepped through and gave the access code etc as described in your article above -
then very short moment later I got a warning from facebook
two of my posts have violated the guidelines -
same moment my friend got a notification about new posts on my facebook page - that post was indescribably disgusting video which I don‘t want to describe here.
A minute my account was blocked !

Currently, I am very upset - also about the fact that I was able to file an objection with Facebook but could not provide any information about what happened - Facebook instead tells me that they will investigate my objection and either reactivate my account or block it irrevocably.

Reply

Most likely was a spoofed url

From Josh Kirschner on January 22, 2022 :: 6:46 pm

I’m sorry this happened to you. If the scam was similar to the above article, then I’m sure the page you went to was not the actual Facebook mobile page, but a url designed to trick you into thinking it was (e.g., substituting zero for the “O”). This can be especially hard to spot on a mobile device.

Reply

Same thing happened to me

From Claire Lu on January 25, 2022 :: 7:43 pm

Omg, same thing happened to me, as of right now it said three of my posts have violated facebook guidelines, what do we do in this situation? Will facebook recognize the fact that we were being scammed?

Reply

Is that in an email or on Facebook?

From Josh Kirschner on January 25, 2022 :: 7:51 pm

Are you receiving those warning via an email or on Facebook? If via email and you aren’t sure if it is real, go to Facebook directly (don’t click on links in the email) and you should see the messages in your account. Else, likely fake.

If you have already given your credentials to a phishing site, immediately log in and change your password if you still have access.

It’s also a very smart idea to set up two-factor authentication for your Facebook account to prevent you from falling for any potential future scams.

Same here. Got two of

From Christian on January 28, 2022 :: 4:20 am

Same here. Got two of those mails yesterday. One to an address that I did use only for facebook…

The first link leads to a public post that on facebook can be viewed without havin to log in. A click to the link in that posts confronts me with a very red screen from chrome warning be that I’m about to visit a potential fishing site.

That page then can be filled with pretty much trash but still wants 2FA credentials. Seems I entered the wrong ones. wink

Reply

Update ! 7 Days Later - Still Blocked

From Ivo on January 28, 2022 :: 6:30 am

meanwhile made invisible for 7 days - facebook support takes time -
being able to interact with my facebook community is an important factor of my professional existence - why is there no chance to contact support for these cases ?
do you have any secret tip for me what i can do in this situation ?
all links that supposedly help lead me to a lock screen with the following content:

“you have contradicted this decision
JANUARY 21, 2022
Account verification usually takes about a day.
Other Facebook users can’t see your account and you can’t use it.
What happens next?
We will take another look at your account. However, due to the coronavirus (COVID-19) pandemic, we currently have less review capacity available, so we may not be able to review your account again.
If we determine that your account meets our community standards, we will promptly reactivate your Facebook account.
If we determine that your account does not meet our community standards, we will permanently deactivate it. Note that you will not be able to appeal this decision again.”

Reply

Your account has been disabled

From Farzana Shohel Rana on May 23, 2022 :: 9:35 am

Dear Facebook support team,
PLZ OPEN MY FACEBOOK ACCOUNT I DON’T ADD ANY THING MY FRIEND ADD Instagram ACCOUNT IN MY FACEBOOK I DON’T UNDERSTAND WHAT HE DO.WHEN RECIVE EMAIL THAN I REMOVE .I DON’T UNDERSTAND ITS UNLEAGLE FOR ADD IN FACEBOOK .
I respect the direction of the community and I always follow the guidelines of the Facebook community. I’ve used Facebook I’ve never violated community guidelines, your Facebook protection has been accidentally disabled somewhere in my account and help me get it back into my account.

Hello Sir, When I Open My Fb Id Shows Like this. You can not login at the moment. We’ll get in touch with you shortly after We’ve reviewed it. You’ll now be logged out of Facebook as a security precution. Sir this account was very important for me because i have some busssiness information in it sir please re open my id. Thankyou.
Thanks,
YOUR FACEBOOK PROFILE NAME :Farzana Shohel Rana.
Sarder Shohel Rana

Reply

Home | About | Meet the Team | Contact Us
Media Kit | Newsletter Sponsorships
Accessibility Statement
Terms of Use | Privacy & Cookie Policy

Techlicious participates in affiliate programs, including the Amazon Services LLC Associates Program, which provide a small commission from some, but not all, of the "click-thru to buy" links contained in our articles. These click-thru links are determined after the article has been written, based on price and product availability — the commissions do not impact our choice of recommended product, nor the price you pay. When you use these links, you help support our ongoing editorial mission to provide you with the best product recommendations.

© Techlicious LLC.