Social Media is prime hunting grounds for scammers and phishing scams are out of control on Facebook.

A phishing scam is a type of online fraud that occurs when a scammer poses as a trusted entity in order to trick victims into sharing sensitive information. Phishing scams are often carried out by email, but they can also take the form of text messages, phone calls and social media posts.

These type of scams are becoming increasingly common, so it's important to be aware of how they work and what you can do to protect yourself.

Unfortunately Meta, Facebook’s parent company, is doing very little to address this problem and no matter how many times the fake pages are reported they are not removed and the hackers are able to continue their phishing scams, preying on the vulnerable. To say that Meta is enabling hackers to thrive on the platform is an absolute understatement!

Facebook phishing scams are very common and often take the form of a fake Facebook page creating a phishing post where they tag multiple businesses. Facebook then sends the tagged business page a notification to let them know they have been tagged, however given the nature of the post and the wording, many believe at first glance believe it is actually from Facebook. But the reality is that these Facebook notifications are merely a notification letting you know that your business has been tagged in a post.

Unfortunately many are not aware of how these scams work and when their business is tagged by these fake pages they believe their business page is about to get shut down so follow through with the instructions - this is how easy it is for a page to get hacked.

These posts may claim that there is a problem with your account or that your account has been compromised, and they will usually include a link to a fake website which may look very similar to the real Facebook login page. Victims who enter their credentials on this fake page will have their information stolen by the scammer. See examples below.

Below is a screen shot of a fake Facebook page that is still active that is currently running a phishing scam. It has been reported, but I received notification that it did not go against Facebook's Community Standards so it will not be removed. This is one of probably hundred's, if not thousands, that exist on the platform today.

FAKE FACEBOOK PAGE

It's very easy to tell that the above is a fake Facebook page.  The main giveaway is that Facebook do not have page recovery pages, or security pages like this. Here are some easy points to identify that this, or any other Facebook page is fake.  Check for the following: 

1. In this instance the Facebook logo is incorrect colour and wrong sizing, however not everyone will know this
2. Typos in the Facebook page name
3. Only 1 person likes the page
4. Facebook is not a government organisation
5. The Page Transparency can be a dead giveaway on ANY Facebook page.  This fake page was created on 4 May 2022

Facebook would NEVER do anything like this.  The post below is the one shared on the fake Facebook page above.

The above fake page and phishing scam is pretty easy to spot, but people are still unsure when they receive a Facebook notification (which is a tag notification, not a message from FB) and there are some that do fall victim, as can be seen in the above screen shot.  The stand-out points in the above images that scream phishing scam is:

PHISHING SCAM FACEBOOK POST

1. Fake Facebook page
2. Typos in the post
3. The link is clearly not a Facebook link
4. Facebook would never do anything like this anyway, they would send you an official Facebook notification, not tag you in a Facebook post. 
5. Tagging of business pages in the post - Facebook does not do this!

The mind truly does boggle and I really do question how good the Facebook AI is when it cannot even recognise fake pages that use Facebook’s very own logo. You would also think that when a page is reported by an actual person the page would definitely get removed, right?! Wrong!

Sadly, when a fake page that is running a phishing scam is reported the response I, and the majority of people, get from Meta 99.9% of the time is “Thanks for your report - you did the right thing by letting us know about this. The Page you reported was reviewed, and though it doesn't go against one of our specific Community Standards, we understand that the Page or something shared on it may still be offensive to you. We want to help you avoid things you don't want to see on Facebook.”

To protect yourself from Facebook phishing scams, never click on any links that request you to verify your account and please understand that Facebook will NEVER tag you in a post and tell you that unless you verify your page it will be shut down and permanently disabled in 24 hours, or words similar to that.

Below are screenshots of other fake Facebook pages that are currently live on the platform - all these pages have tagged business pages - many page admins will know it is a scam, but unfortunately some will not. 

If your business ever gets tagged by one of these pages, report the page and the post, and then block the page.

Phishing scams can sometimes be difficult to spot, but there are some telltale signs, such as:

1. Email address - the domain name is incorrect - look out for slight differences that could fool you
2. Typos and grammatical errors,
3. The message is written poorly; and
4. The use of generic greetings like "Dear Customer" in emails. 

If you receive a suspicious email or text message claiming to be from Facebook do not click on any links or open any attachments and delete the email - all important messages from Facebook will be delivered to you via email AND within the Facebook App.

If you are tagged in a post by a fake Facebook page, report the page and the post to Facebook then block the account.

Most importantly, always err on the side of caution when receiving messages, or notifications especially if they: 

1. Demand money
2. Threaten to delete or ban your Facebook account
3. Request that you log in to verify your account

Always check the email address of any email you get - Facebook emails about your account always come from one of the emails listed below.  Just double click on the email address and it will open it up so you can see the full email address.  

1. xxx@fb.com
   
2. xxx@facebook.com
3. xxx@facebookmail.com
4. xxx@support.facebook.com

Facebook will always send you a notification for important messages - so visit www.facebook.com or open your Facebook app.