Alert: Sophisticated new phishing scam targets small business owners on Facebook
⚠️ A sophisticated phishing scam is targeting Facebook Business accounts, disguising itself as an urgent warning from Meta regarding branding and advertising policy violations.
How the scam operates
Victims receive convincing emails appearing to originate from Meta, with alarming subject lines like: “Your page’s visual language is under formal review.” or “Confirm that your business name and profile visuals are officially approved or licensed.”
These messages use official-looking branding and language, creating a sense of urgency. A typical email claims your business account has violated Meta's guidelines and urges immediate action through a "Verify content" button.
Clicking this button redirects you to a realistic but fraudulent version of Meta’s Privacy Center, complete with Meta logos and disclaimers. There, scammers request detailed personal information such as your full name, personal and business emails, phone number, and date of birth.
Crucially, the scammers don’t immediately ask for your login credentials, making the threat harder to detect and more convincing.
Why this scam is particularly dangerous
Unlike typical phishing schemes, this scam employs a multi-stage approach that builds user trust by collecting personal details instead of passwords right away, giving a false sense of security. Scammers then use your provided information to impersonate Meta representatives and escalate attacks later. Ultimately, account hijacking happens: once scammers have enough data, they can seize control of your Facebook Business account, run fraudulent ads, and compromise your business reputation and finances.
Small businesses and indie professionals are the most affected
Small businesses typically lack dedicated cybersecurity resources, making them prime targets. Consequences of a successful attack include permanent loss of business pages or ad accounts, significant financial losses from unauthorized ad spending and potentially significant reputational damage.
How can you protect yourself
- Verify independently: Never click links in suspicious emails. Always log into your official Meta account directly to check notifications.
- Guard personal information: Be extremely cautious when asked to provide sensitive information, even if passwords aren’t immediately requested.
- Enable Multi-factor Authentication: This provides a crucial extra layer of security.
- Use advanced scam detection tools: Consider free tools like Bitdefender Scamio and Link Checker to evaluate suspicious communications.
Has anyone here encountered this scam (or a similar one) and if so, how did you deal with it?
Share your experience in the comments below. 👇️
