Scammers pretending to be Facebook are nothing new, but we’re seeing an increase lately in emails to our clients masquerading as Facebook or Meta. It’s important to be aware of these phishing emails, and know how to tell if an email is from Facebook or a scammer.
While there are many variations, the most common we’ve seen recently is from the email address ‘messaging-service@post.xero.com’. This is actually the legitimate email address that’s used if invoices are sent via Xero, but in this case, from the sender ‘Facebook’ or ‘Facebook Service’, with the subject ‘Meta Policy Infringement’.
Here’s an example:
These emails are designed to prompt receivers to click a link in the body of the email, to capture your login details and compromise your Facebook account. However, there are a several red flags in this email that show it’s from a scammer:
How to tell if an email is from Facebook or a scammer
- Facebook never sends emails via a third party (e.g. Xero).
- The email this was sent to is the publicly viewable email address for the business, but not for any of the admins on the Facebook business account.
- Facebook never refers to pages as ‘fanpages’.
- Often, poor grammar is used, and the email starts with ‘Greetings [page name]’ instead of your first name, or ‘Hello dear’.
If you’re ever unsure if these emails are genuine or not, the safest way to check is to see if there are any notifications or alerts on your actual Facebook account.
You can check this via your personal profile’s notifications, or in your business account. Navigate to ‘All tools’ and then ‘Account quality’, as shown below:
What to do if you clicked a Facebook scam link
If you HAVE clicked the link in an email like this, it will have likely taken you to a page that looks like Facebook. Usually, a popup or prompt will appear asking for your password.
If you entered your password, it’s important to change your password immediately. Make sure you have 2-factor authentication turned on. You can also check that no one else is logged in to your Facebook account, and if they are, you can follow Facebook’s steps to log them out.
Be aware of this and other phishing attempts, and keep your Facebook account secure.
Would you like a dedicated team to manage your Facebook Ads and liaise directly with Facebook? Get in touch to arrange a free strategy call. We’re here to help!