Facebook Ads Copyright Violation Scam Used for Phishing Attacks
Recently, one of our Facebook page managers saw a suspicious message sent to our Facebook account and alerted me ‘This has been sent to the UCSCU Facebook page’. the message claimed that our Facebook ads were violating copyright and that our ads distribution will be limited if the page is flagged repeatedly and that we should file an appeal. The specific text of the message reads:
The link to the Facebook form brings you to a button ‘contact us now’ and when clicked it redirects you to a completely different page ‘How can we help you?’ where they ask you to complete a form with your phone number, email address and date of birth as seen below.
There are a couple of clear warning signs that this isn’t an official Facebook page; notably, the form being hosted on a http://linkpop.com/centermetabusinesss URL (rather than directly by Facebook) and the general poor grammar of the page. But if you missed these clues and went ahead and completed the form, you just turned over your business’s login credentials to these scammers.
Interestingly, the image used in the header of the fake Facebook appeal page is the same one used for a similar, though technically more sophisticated, Facebook phishing scam Sophos Security reported in October 2020. Whether this is the same group of scammers or another group trying to copy their methods is hard to know. It’s also possible, though I haven’t seen evidence of it yet, that this same social engineering method could be used to deliver malware, including ransomware.
As we see with the Sophos example, scammers often will change up their methods and the language in their emails in an attempt to avoid spam filters. If you’ve received a similar message (on your site or via email), please post it here so that others will find it and avoid the risk of having their Facebook accounts compromised.
How to avoid ‘phishing’ scams
Here’s some other things you can do to keep your business safe from phishing attempts:
- Don’t take emails at face value, especially if they are about logins, suspensions, disabled accounts, or anything urgent.
- Ignore links, navigate to sites directly and log in the way you usually do.
- Use a password manager, it won’t enter your credentials into a fake site.
- Use hardware keys or FIDO2 devices for two-factor authentication—they won’t authenticate you on a fake site.
- Use tools like Malwarebytes Premium and Kaspersky internet security that completely blocks malicious and fake websites.