In recent days you might see a notification in your Facebook account that looks something like the message above. The messages will vary, but the end result is always the same. Scammers trying to separate you from your hard earned money, peace of mind, and security. But there is good news. Their claims are fake, but their intent is not. DO NOT CLICK ON ANY LINKS THAT GIVE YOU A BAD FEELING. IF YOU DID NOT DO ANYTHING WRONG YOU ARE PROBABLY RIGHT.
The internet is awash with scams and fraudulent activities aimed at exploiting unsuspecting individuals. A recent addition to this array of deceitful practices specifically targets owners and administrators of Facebook/Meta pages. These perpetrators employ deceptive messages that allege violations, potentially leading to the disabling of the victim’s page. This scheme has earned the moniker “Meta Business Support Scam” or “I.N.C. International Concepts Alert.”
An Overview of the Scam
This elaborate scam kicks off with the recipient receiving an unsolicited message, purportedly from “Meta Business Support.” The message accuses the recipient’s Facebook/Meta page of various violations, including the use of others’ names or images and the dissemination of misleading content. It emphasizes that this isn’t the first warning and insists on immediate action to prevent permanent page deactivation.
The message includes a link directing the recipient to a counterfeit Facebook page, urging them to “Confirm your account” within a 24-hour window. This fake page serves as a phishing ground to harvest personal information and login credentials or distribute malware to the victim’s device.
The scam message is carefully crafted to instill panic and prompt immediate action from the recipient. It leverages the names of trusted platforms like Meta and incorporates official-sounding language related to intellectual property infringements. All of this is orchestrated to exploit users’ trust in Facebook/Meta and their apprehension about losing access to a page often representing a valuable business asset.
How the Scam Operates
Let’s delve into the step-by-step mechanics of the “Meta Business Support” phishing scam:
1. Unsolicited Message
The scam begins with an unsolicited message sent to the victim’s Facebook inbox. The sender’s name appears as “Meta Business Support” to lend credibility. A sample message could read as follows:
Sender: Meta Business Support,
Your Page Has Been Disabled.
I.N.C. International Concepts has reported that your article:
1. Using someone else’s fake name/photo.
2. Share content that misleads other users.
We’ve warned in the past that if you continue to post content on your page that infringes someone else’s intellectual property rights, your Page will be disabled. If you believe this is an error in our system, please verify your
account at the link below. Account Confirmation: https://mfb.social/p/help/
Confirm your account within the next 24 hours otherwise our your Page may be permanently disabled. Meta Security Team.
The message employs scare tactics, citing previous warnings and the impending permanent page deactivation, creating a sense of urgency.
2. Phishing Link
The message incorporates a link to a counterfeit domain, “mfb.social,” unrelated to the official facebook.com or meta.com. This deceptive link redirects victims to a phishing page that mimics a Facebook account verification page, meticulously replicating the look and feel of the genuine Facebook interface, complete with company logos and branding.
3. Submission of Credentials
Once on the phishing page, the user is prompted to verify their account by providing login credentials and personal information. These details are then harvested by the scam operators. In certain cases, the fraudulent page may include a disguised malware file presented as an update, infecting the victim’s device upon download.
4. Account Compromised
Armed with the victim’s login information, the scammers gain access to their Facebook account and page. This access is exploited to send further phishing messages to the victim’s friends and contacts, extending the scam’s reach. Additionally, the account access enables the scammers to post spam content or malicious links using the victim’s identity. They may even attempt to extort money from the victim, threatening page deactivation.
This can result in the legitimate account being disabled by Facebook/Meta due to suspicious activity. Furthermore, the victim may suffer financial losses and identity theft if sensitive information was shared.
What to Do If You Receive Such a Message?
If you receive a suspicious message claiming to be from Meta Business Support or mentioning the I.N.C. International Concepts complaint, follow these steps:
- Do Not Click on Any Links: Refrain from clicking on any links provided in the message, as they will redirect you to a fraudulent website intended to pilfer your information.
- Check the Sender’s Email Address: Scam messages typically originate from non-official email IDs. Meta/Facebook will never send emails from addresses such as @outlook.com or @gmail.com.
- Look for Spelling/Grammar Mistakes: Authentic messages from Meta are professionally written and devoid of errors. Scams often contain typos, awkward phrasings, and incorrect grammar.
- Verify Directly with Meta: If you have concerns, log into your Facebook account and check for notifications regarding the security of your page. Contact Meta Business Support through official channels, such as live chat, to seek confirmation.
- Report the Message: Employ Facebook/Meta’s reporting tools to flag the scam message as fraudulent. This assists in safeguarding other users.
- Change Account Passwords: If you shared personal information, promptly change your passwords for Facebook, email, and any other accounts using the same credentials. Enhance security by enabling two-factor authentication.
- Scan Devices for Malware: If you downloaded any files, utilize antivirus software to scan your devices and eliminate potential malware or spyware.
- What to Do If You Already Shared Your Information
- If you’ve already furnished your login credentials or personal information through the phishing site before realizing it’s a scam, take the following immediate steps:
- Secure Your Accounts: Change the passwords for your Facebook/Meta account, email, and any other accounts using the same login details. Enable login approvals or multi-factor authentication wherever possible.
- Check for Unauthorized Access: Review all recent posts and activities on your Facebook page to ascertain whether the scammers have gained access to your account. Check connected apps and remove any suspicious ones.
- Report Compromised Account: Utilize Facebook/Meta’s account recovery and hacking reporting procedures to receive assistance in securing and recovering your account.
- Contact Banks/Credit Bureaus: If you shared banking information or government IDs, notify your financial institutions and credit bureaus to be vigilant for suspicious activities.
- Monitor Accounts and Credit Reports*: Maintain vigilance by regularly scrutinizing bank statements, credit reports, and account activities over the next few months to detect any signs of misuse of your personal information.
FAQ About the Meta Business Support Scam
Is this a legitimate message from Meta?
No, this is a phishing scam intended to steal information. Meta will never disable your page without prior notice and due process.
How did the scammers get my contact info?
Scammers use email harvesting bots and buy hacked account data from the dark web. Anyone with a public Facebook page/profile is vulnerable.
I shared my login details, what should I do now?
Immediately change your password and enable two-factor authentication. Check for unauthorized access to your account. Report the compromised account to Meta.
Can this hacking permanently damage my Facebook page?
It can if the scammers post malicious content that gets your page banned. Or if Meta disables your account for suspicious activity after it gets hacked.
Should I click the link to confirm my account?
Absolutely not. The confirmation link goes to a fake phishing site designed solely to steal your personal information.
How can I report this message to Meta?
Forward the scam email to firstname.lastname@example.org. Report the message within Facebook using the “Find Support” option.
How do I contact Meta Business support?
Reach out to Meta Business support via the “Manage Support Inbox” option on your Facebook page. Or use their live chat/contact form on the official Meta for Business site.
Why is my account at risk if I never violated any policies?
The disabling notice is a deceptive tactic used in the phishing scam message. Your account is not really at risk of being disabled.