Tech Made Simple

Hot Topics: How to Fix Bluetooth Pairing Problems | Complete Guide to Facebook Privacy | How to Block Spam Calls | Snapchat Symbol Meaning

author photo

Facebook Ad Copyright Violation Scam Used for Phishing Attacks

by on August 02, 2021
in News, Computers and Software, Computer Safety & Support, Blog, Facebook, Privacy :: 13 comments

Techlicious editors independently review products. To help support our mission, we may earn affiliate commissions from links contained on this page.

Recently, I reported on how fake copyright complaints were being used to spread ransomware to businesses. One of our readers saw that article and alerted me to a similar scam. In his case, the email claimed his Facebook ads were violating copyright and his business page would be disabled or removed if he didn't file an appeal. The specific text of the email reads:

Hello,

Your recent ads have been reported for violation of Facebook ToS.

You have now (1) copyright strike, and we'll have to disable your ad account and take down your page.

To prevent that from happening, use the link below to submit an appeal: https://sites.google.com/view/facebook-form

This link expires in 24 hours.

Thanks,

Facebook Team

The link to the Facebook form (which has now been removed) brings you to this page with more "details" about Facebook's advertising policy, followed by a button to complete a form with your account details.

Fake Facebook appeal page showing text that reads Breaking the Advertising Policy. All advertisements and offer must practice trade policies. You may have broken some of the banned articles/rules on Facebook. Unsafe add-ons. Adult articles or services. Growth health articles. Hateful and degenerate language in communication, racism and offensive language. Non-physical items are prohibited on Facebook Marketplace, including but not limited to services, subscriptions, digital products or rentals. Below is a form which must be completed within 24 hours. If you do not complete the form your site will be suspended indefinitely. Followed by a button to continue.

There are a couple of clear warning signs that this isn't an official Facebook page; notably, the form being hosted on a sites.google.com URL (rather than directly by Facebook) and the general poor grammar of the page. But if you missed these clues and went ahead and completed the form, you just turned over your business's login credentials to these scammers.

Interestingly, the image used in the header of the fake Facebook appeal page is the same one used for a similar, though technically more sophisticated, Facebook phishing scam Sophos Security reported in October 2020. Whether this is the same group of scammers or another group trying to copy their methods is hard to know. It's also possible, though I haven't seen evidence of it yet, that this same social engineering method could be used to deliver malware, including ransomware, as I outlined in my prior ransomware article.

As we see with the Sophos example, scammers often will change up their methods and the language in their emails in an attempt to avoid spam filters. If you've received a similar message (on your site or via email), please post in the comments below so others will find it when doing a Google search and avoid the risk of having their Facebook accounts compromised.

[Image credit: Smartphone on keyboard via BigStock Photo, screenshots via Techlicious]

Josh Kirschner is the co-founder of Techlicious and has been covering consumer tech for more than a decade. Josh started his first company while still in college, a consumer electronics retailer focused on students. His writing has been featured in Today.com, NBC News and Time.



Discussion loading

Similar Hack on my Facebook Business Account last night

From Ivo on January 21, 2022 :: 1:29 am

The Attack started with the following email:

/Hello dear,

/Your ad has been reported for violating Facebook ToS.
/ /You have (2) copyright strikes, and we’ll have to disable your ad /account/page.
/To prevent that from happening use the form below to submit an /appeal:
/ /https://www.facebook.com/  !!! removed this for security !!!
/ /This link will expire in 24 hours.

/Thank You,
/Facebook-Ads

I followed the link - however on my iPhone mobile !
The page I landed on was m.facebook.com
There I stepped through and gave the access code etc as described in your article above -
then very short moment later I got a warning from facebook
two of my posts have violated the guidelines -
same moment my friend got a notification about new posts on my facebook page - that post was indescribably disgusting video which I don‘t want to describe here.
A minute my account was blocked !

Currently, I am very upset - also about the fact that I was able to file an objection with Facebook but could not provide any information about what happened - Facebook instead tells me that they will investigate my objection and either reactivate my account or block it irrevocably.

Reply

Most likely was a spoofed url

From Josh Kirschner on January 22, 2022 :: 5:46 pm

I’m sorry this happened to you. If the scam was similar to the above article, then I’m sure the page you went to was not the actual Facebook mobile page, but a url designed to trick you into thinking it was (e.g., substituting zero for the “O”). This can be especially hard to spot on a mobile device.

Reply

Same thing happened to me

From Claire Lu on January 25, 2022 :: 6:43 pm

Omg, same thing happened to me, as of right now it said three of my posts have violated facebook guidelines, what do we do in this situation? Will facebook recognize the fact that we were being scammed?

Reply

Is that in an email or on Facebook?

From Josh Kirschner on January 25, 2022 :: 6:51 pm

Are you receiving those warning via an email or on Facebook? If via email and you aren’t sure if it is real, go to Facebook directly (don’t click on links in the email) and you should see the messages in your account. Else, likely fake.

If you have already given your credentials to a phishing site, immediately log in and change your password if you still have access.

It’s also a very smart idea to set up two-factor authentication for your Facebook account to prevent you from falling for any potential future scams.

This happened

From Mark Warren on August 22, 2022 :: 10:27 pm

I got the same email
Hello Dear,

Your ad has been reported for violating Facebook ToS.

You have (2) copyright strikes, and we’ll have to disable your ad account/page.
To prevent that from happening use the form below to submit an appeal:
https://www.facebook.com/101103602735143

This link will expire in 24 hours.
I clicked through it not paying attention and it sent the links to my supposed violations. They were child porn and it Paid for an ad on my business account to send out child porn videos. Now I’m locked out.  I called the fbi

Same here. Got two of

From Christian on January 28, 2022 :: 3:20 am

Same here. Got two of those mails yesterday. One to an address that I did use only for facebook…

The first link leads to a public post that on facebook can be viewed without havin to log in. A click to the link in that posts confronts me with a very red screen from chrome warning be that I’m about to visit a potential fishing site.

That page then can be filled with pretty much trash but still wants 2FA credentials. Seems I entered the wrong ones. wink

Reply

Update ! 7 Days Later - Still Blocked

From Ivo on January 28, 2022 :: 5:30 am

meanwhile made invisible for 7 days - facebook support takes time -
being able to interact with my facebook community is an important factor of my professional existence - why is there no chance to contact support for these cases ?
do you have any secret tip for me what i can do in this situation ?
all links that supposedly help lead me to a lock screen with the following content:

“you have contradicted this decision
JANUARY 21, 2022
Account verification usually takes about a day.
Other Facebook users can’t see your account and you can’t use it.
What happens next?
We will take another look at your account. However, due to the coronavirus (COVID-19) pandemic, we currently have less review capacity available, so we may not be able to review your account again.
If we determine that your account meets our community standards, we will promptly reactivate your Facebook account.
If we determine that your account does not meet our community standards, we will permanently deactivate it. Note that you will not be able to appeal this decision again.”

Reply

Your account has been disabled

From Farzana Shohel Rana on May 23, 2022 :: 8:35 am

Dear Facebook support team,
PLZ OPEN MY FACEBOOK ACCOUNT I DON’T ADD ANY THING MY FRIEND ADD Instagram ACCOUNT IN MY FACEBOOK I DON’T UNDERSTAND WHAT HE DO.WHEN RECIVE EMAIL THAN I REMOVE .I DON’T UNDERSTAND ITS UNLEAGLE FOR ADD IN FACEBOOK .
I respect the direction of the community and I always follow the guidelines of the Facebook community. I’ve used Facebook I’ve never violated community guidelines, your Facebook protection has been accidentally disabled somewhere in my account and help me get it back into my account.

Hello Sir, When I Open My Fb Id Shows Like this. You can not login at the moment. We’ll get in touch with you shortly after We’ve reviewed it. You’ll now be logged out of Facebook as a security precution. Sir this account was very important for me because i have some busssiness information in it sir please re open my id. Thankyou.
Thanks,
YOUR FACEBOOK PROFILE NAME :Farzana Shohel Rana.
Sarder Shohel Rana

Reply

Some of your ads have been reported

From Nichole on August 16, 2022 :: 12:55 am

This happened to me today. I received two of these types of emails. The first, titled “Ads Restricted, had a link that took me to a FB page and had me fill out an appeal. However, when I copy and paste the link in an incognito window, I’m taken to some group Page with postings I believe are from India.

Here is the 1st message:

Your pa⁣ge has be⁣en res⁣tricted from ru⁣nning Fa⁣ceb⁣ook A⁣ds re⁣garding Face⁣bo⁣ok Page Pol⁣icy vio⁣lati⁣ons.

Sin⁣ce your con⁣tent goes aga⁣inst our guideli⁣nes, curre⁣ntly you won’t be able to create any new campaig⁣ns.

If you think we made a mist⁣ake you can ask us to review our dec⁣ision, by fil⁣ling out the form bel⁣ow:

https://facebook.com/[redacted]/

This link will be avai⁣lable for the next 48 ho⁣urs, if you don’t fill out the form you will lose access to your Fa⁣cebo⁣ok Pa⁣g⁣es which can lead to acco⁣unt deactivat⁣ion, as our team rev⁣iewi⁣ng time is lim⁣ited.

Thank you for helping us grow toget⁣her, as we are enh⁣ancing fu⁣rther Fa⁣ceb⁣oo⁣k qual⁣ity com⁣munity exp⁣erince.

Fa⁣ceb⁣ook A⁣d Man⁣ager Te⁣am.


Your page has been scheduled for review, after violating Terms. lf we don’t hear from you within 48 hours, your page will be automatically unpublished and deleted.


The 2nd one, titled “Policy Issues” takes me to a recently made FB page and prompts me to clink another link. This link brings me to red page warning letting me know I’m entering a phishing site.

Here is the second email.

Repeated violations could lead to your Page being deleted. Learn more about this policy.

If you believe your account was reported by mistake,
submit an appeal by visiting your support inbox below:

https://facebook.com//[redcated]

Thanks,
Lucie Maks

I have two-factor authentication already enabled on my account but I’m still going to change my password as a safety precaution.

Reply

Same email... can we do anyting?

From Michelle on August 31, 2022 :: 3:45 pm

Is there any way to report this? I’ve received 2 emails that were pretty much identical… at first, I didn’t think anything beyond scam, but since I work with Social Media and manage various accounts I felt I had to investigate before assuming.

Beginning of emails:
Your account has been scheduled for review after violating Facebook Terms. If we don’t hear from you within 24 hours, your Facebook profile will be automatically unpublished.

Would love to know if there’s a way to report/banish, or even protect me more.

Reply

Report the Facebook app

From Josh Kirschner on September 06, 2022 :: 8:33 am

Yes, go to the linked page on Facebook the scam is directing you to and report that page as a scam or fake page.

Reply

GOT A SIMILAR ONE

From B on September 05, 2022 :: 3:10 pm

this is the one I just received:

Hi UserID 7896132465,

Your ad has been reported for violating Facebook ToS.

Your page appears to contain copyrighted material owned by a third party, such as a video or background audio.

If you believe that your page has been reported by mistake, can you please appeal by following the link below.

https://www.facebook.com/103319159191849

If we do not receive an appeal within 24 hours, this could cause to your account to be disabled.

Thank you,
Best Regards, AdsOperations Team Facebook.

Reply

Shady email received

From Tom on September 10, 2022 :: 5:46 am

Their “Meta for business” “appeal” page I received in their email message (NO notification was posted on my Facebook biz account) is leading to the following link on Facebok, which I reported to facebook:

https://www.facebook.com/permalink.php?story_fbid=pfbid0yqX6G4xaWfv96s2786GnUSpoQ5hgK9AdtDvakoLWJj9BukHZAaoh1Q3ox5qVvvyol&id=101538026036629

Reply

Home | About | Meet the Team | Contact Us
Media Kit | Newsletter Sponsorships
Accessibility Statement
Terms of Use | Privacy & Cookie Policy

Techlicious participates in affiliate programs, including the Amazon Services LLC Associates Program, which provide a small commission from some, but not all, of the "click-thru to buy" links contained in our articles. These click-thru links are determined after the article has been written, based on price and product availability — the commissions do not impact our choice of recommended product, nor the price you pay. When you use these links, you help support our ongoing editorial mission to provide you with the best product recommendations.

© Techlicious LLC.