Australian technology news, reviews, and guides to help you
Australian technology news, reviews, and guides to help you

Meta page scams make it through the inbox, how to tell

Having a page on Facebook can be a great way to sell yourself and an idea, but scammers are making pages awkward with messages going through to the inbox.

When scams get picked up by the spam filters in our mailboxes, life is that little bit easier. For just a moment, you don’t have to worry about clicking on the wrong message.

Of course it’s not always like that. Sometimes scams make it through what little defence we have, and lately, it seems to be happening more and more.

If you happen to have a Facebook page, you might be seeing more of it, as scammers target email addresses associated with them, some of which are seeing surprisingly solid recreations.

Regular inbox notifications worded around your page being shut down for intellectual property violations seem to be frequent these days, as scammers send “important notices” that mail systems seem to believe are real, at least for a few minutes.

Come back later and Gmail may correctly classify a scam, but it doesn’t always get it right. Those minutes could be enough to trap you, and it might take Google even longer to work it out.

So how do you know? And what happens if you click: how do Facebook page scams work?

Meta page scam
This alert from Meta may look real, but it’s not. It’s just another scam.

How you can identify a Facebook page scam

Identifying a Facebook page scam is important, and the first lesson is much like any other email scam: look at the actual email address.

In the several Meta page scams we’ve seen, the email address has absolutely nothing to do with Meta or Facebook, and instead comes from what seems like a super long and likely disposable email from another company or service.

Check the email first, because that can help determine its authenticity, though it’s not the only thing.

While scammers are getting better with writing English, likely thanks in part to all the AI systems out there helping them along, there’s always a telltale sign: the links they want you to click.

You don’t have to click them, but you can right click to copy that link, and paste it into a text editor, where viewing the link would be mostly harmless.

If you’re on a computer, this is as simple as a right click, while phones will likely need to hold and copy, pasting the link into your text editor. Try not to open the link at all, because we just want to view it.

In the case of the dodgy Meta page scam we were using for this article, the link didn’t go to Facebook or Meta, but instead a random link for web.app, a platform for building websites and web-based apps by Google. For this example, this isn’t Google’s fault, and it is being used as a service, but you can clearly see the link isn’t from Facebook or Meta, and can be ignored.

But what if you did click the scam link, and accidentally started falling through the phishing abyss that is a scammer’s journey to convince you of the email’s legitimacy.

We turned to a different browser with some extra protections in its privacy mode to find out.

Testing this link with Brave’s Private Window mode, we quickly see a fake Meta support inbox where you haven’t logged in, even if the screen is designed to make you think you have.

An initial glance could fool someone, but there are giveaways that show a scammer hasn’t made this a complete site, and these are things you can check.

Take the links at the bottom of the page, which in this scam are all just text with no links. That’s not unusual in a scam, and clearly the same is true in this one.

If you click the “Submit appeal” button without thinking, you’ll be led to a form, asking for your name, email, and phone number, plus some irrelevant fields.

They’re all irrelevant, but part of the act, and important because once you hit submit, not only will the form take some time to complete, but you’ll likely get a phone call from someone purporting to be from Meta.

The links to Meta’s Terms, Data Policy, and Cookies Policy also don’t work.

Essentially, that’s how this scam works: by giving your real details, you encourage a scammer to call you. If you try to counter with the idea that the caller is a scammer, they can attempt deception by saying you contacted them, thus tricking you.

It’s a complex trick, but that’s all it is, as scammers move beyond cold calling and pretending to be from the NBN, and instead find ways to get you to start the process, which is what we’re seeing from other scams.

This screen will never finish, but you will get a call.

Scams like this are picked up regularly, but new ones arrive quickly

The good news is that scams like this are often shut down pretty quickly, though it’s not unusual to see new ones arrive not long after.

The problem with scams like this is that they’re easy to engineer, easy to setup, and often have an outcome that can give a criminal your details out of desperation. A reward for a scammer in this instance could be something like your Facebook login details or other aspects of your identity, or if they’re using it for immediate monetary gain, credit card and bank details.

As with most scams, make sure to check what you can, such as the email and copying a link out, doing what you can to determine whether an email is legitimate.

In the case of Meta and Facebook pages, you have one more way to determine whether an email is legitimate or not: logging into Facebook. You’ll quickly find out whether a warning on a page is real because Facebook will tell you there first, rather than solely over email.

Read next