Recently, I reported on how fake copyright complaints were being used to spread ransomware to businesses. One of our readers saw that article and alerted me to a similar scam. In his case, the email claimed his Facebook ads were violating copyright and his business page would be disabled or removed if he didn't file an appeal. The specific text of the email reads:
Hello,
Your recent ads have been reported for violation of Facebook ToS.
You have now (1) copyright strike, and we'll have to disable your ad account and take down your page.
To prevent that from happening, use the link below to submit an appeal: https://sites.google.com/view/facebook-form
This link expires in 24 hours.
Thanks,
Facebook Team
The link to the Facebook form (which has now been removed) brings you to this page with more "details" about Facebook's advertising policy, followed by a button to complete a form with your account details.
There are a couple of clear warning signs that this isn't an official Facebook page; notably, the form being hosted on a sites.google.com URL (rather than directly by Facebook) and the general poor grammar of the page. But if you missed these clues and went ahead and completed the form, you just turned over your business's login credentials to these scammers.
Interestingly, the image used in the header of the fake Facebook appeal page is the same one used for a similar, though technically more sophisticated, Facebook phishing scam Sophos Security reported in October 2020. Whether this is the same group of scammers or another group trying to copy their methods is hard to know. It's also possible, though I haven't seen evidence of it yet, that this same social engineering method could be used to deliver malware, including ransomware, as I outlined in my prior ransomware article.
As we see with the Sophos example, scammers often will change up their methods and the language in their emails in an attempt to avoid spam filters. If you've received a similar message (on your site or via email), please post in the comments below so others will find it when doing a Google search and avoid the risk of having their Facebook accounts compromised.
[Image credit: Smartphone on keyboard via BigStock Photo, screenshots via Techlicious]
Josh Kirschner is the co-founder of Techlicious and has been covering consumer tech for more than a decade. Josh started his first company while still in college, a consumer electronics retailer focused on students. His writing has been featured in Today.com, NBC News and Time.
From Ivo on January 21, 2022 :: 2:29 am
The Attack started with the following email:
/Hello dear,
/Your ad has been reported for violating Facebook ToS.
/ /You have (2) copyright strikes, and we’ll have to disable your ad /account/page.
/To prevent that from happening use the form below to submit an /appeal:
/ /https://www.facebook.com/ !!! removed this for security !!!
/ /This link will expire in 24 hours.
/Thank You,
/Facebook-Ads
I followed the link - however on my iPhone mobile !
The page I landed on was m.facebook.com
There I stepped through and gave the access code etc as described in your article above -
then very short moment later I got a warning from facebook
two of my posts have violated the guidelines -
same moment my friend got a notification about new posts on my facebook page - that post was indescribably disgusting video which I don‘t want to describe here.
A minute my account was blocked !
Currently, I am very upset - also about the fact that I was able to file an objection with Facebook but could not provide any information about what happened - Facebook instead tells me that they will investigate my objection and either reactivate my account or block it irrevocably.
Reply
From Josh Kirschner on January 22, 2022 :: 6:46 pm
I’m sorry this happened to you. If the scam was similar to the above article, then I’m sure the page you went to was not the actual Facebook mobile page, but a url designed to trick you into thinking it was (e.g., substituting zero for the “O”). This can be especially hard to spot on a mobile device.
Reply
From Claire Lu on January 25, 2022 :: 7:43 pm
Omg, same thing happened to me, as of right now it said three of my posts have violated facebook guidelines, what do we do in this situation? Will facebook recognize the fact that we were being scammed?
Reply
From Josh Kirschner on January 25, 2022 :: 7:51 pm
Are you receiving those warning via an email or on Facebook? If via email and you aren’t sure if it is real, go to Facebook directly (don’t click on links in the email) and you should see the messages in your account. Else, likely fake.
If you have already given your credentials to a phishing site, immediately log in and change your password if you still have access.
It’s also a very smart idea to set up two-factor authentication for your Facebook account to prevent you from falling for any potential future scams.
From Mark Warren on August 22, 2022 :: 11:27 pm
I got the same email
Hello Dear,
Your ad has been reported for violating Facebook ToS.
You have (2) copyright strikes, and we’ll have to disable your ad account/page.
To prevent that from happening use the form below to submit an appeal:
https://www.facebook.com/101103602735143
This link will expire in 24 hours.
I clicked through it not paying attention and it sent the links to my supposed violations. They were child porn and it Paid for an ad on my business account to send out child porn videos. Now I’m locked out. I called the fbi