If you get a message saying your Facebook account has been blocked for policy violations, don’t worry. It’s most likely just another phishing scam. It seems that a new scam is making the rounds that targets Facebook accounts. Users are receiving mass notifications threatening bans for copyright violations.

Did I do something wrong?

You might have seen a message on your email account recently that says something like: “We regret to inform you that your Facebook account has been disabled. If you believe that this is a mistake, please contact our customer care team.”

The mention of a message like this makes you feel that you’ve unknowingly done something wrong. You must be thinking about the video you saw last year where people were dancing to a hit song. This can be seen as an act of music copyright infringement, so the report must be accurate, right? Keep reading so we can look at how the scammer comes into play!

How does the scam work?

After the scammer tells you that your account has or will be disabled, they will try to trick you into clicking a link. The address of the page is fakebook’s own, and on this page, you’ll see a notification with an appeal form link which you are likely to click.

At this point, your mind will believe everything is plausible. The screen will prompt you to enter your username, which you may do. The last thing to do is input your password. Criminals at this point are hiding in the background waiting for you to enter your password. Be careful! The moment you press the submit button, you are giving them free access to your account.

Be wary of spam emails. Even savvy users can find themselves fooled by an email that looks like it’s from a genuine source, containing what looks like a good link, and seems legitimate.

How did they disguise themselves?

On second glance, this scam isn’t that tricky after all. You can stay on the ball and avoid being tricked by looking out for the warning signs. It’s easy enough to stay calm and keep an eye out, too. Panic is never a good idea – it can lead even the most cautious person down the wrong path.

First, the text of the email itself is what stands out as suspicious. Although it’s not riddled with grammatical errors like we see in traditional spam, it just doesn’t seem like a Facebook email. They may also include typos deliberately to trick any spam filters in place on your email. A common example of this is where they use a capital I instead of L. If your email client uses a serif font, it’s easy to spot.

The next clue is the senders address, although it says ‘Facebook’ at the start of the email, the second part of the email might not be. E.g., Facebook@JobApplyDirect.com would indicate that the actual email is from an external website other than Facebook.

The link that you click on after reading the fake email takes you to Facebook’s website. This means that if you missed the previous tricks, then it looks like an authentic page from Facebook about your account.

However, upon further inspection the page does not contain an official notice; it’s a note. Facebook Notes used to be simple to create until last October, but as of this article’s writing the feature has been disabled (However, old notes are available to view). The scammer tends to place a ‘Case number’ in the header of the notes page in order to make it look even more plausible.

On this notes page, will be another link which looks something like ‘facebook.com/appeal/100000’, upon clicking this you will see that it redirects from Facebook to an outside website. This has been shortened by a tool such as using Bitly.

This link opens a form that asks for the email or phone number associated with your Facebook account. This is where the hackers have completed what they need from you to take full control of your account.

How to protect your Facebook account from scammers

A lot of people think that phishing is only a problem on Facebook, but it can happen anywhere. The good news is that there are ways to protect yourself. Here’s how.

  • Be sure to always check your emails and links before you open them when online, in case the person sending it turns out to be a scammer.
  • Do not panic if you think you are a target of a scam link, just ignore it and delete.
  • Before clicking on links in e-mails, make sure the sender is what you expect it to be. For example, Facebook notifications are unlikely if a non-Facebook mail domain was used for e-mail delivery.
  • Lots of people write in their emails so sometimes errors happen or there might be a strange typography. It’s possible that an email contains errors if it seems suspicious.
  • ALWAYS log in to your account by logging in through the app or entering the URL in the browser’s address bar. Even if you think it’s phishing, do not click on any links from the message.
  • As a rule, try to avoid entering your login details on external sources. If you do need to do it just make sure not to enter any sensitive information like your banking details. In the rare event that this does happen, contact support immediately.