What’s going on?
We’re seeing a marked increase in spam and phishing messages from scammers that look like legitimate users or Meta representatives. The messages allege platform violations like trademark infringement, ad account violations, and/or page verification requests, with links to fake Meta help websites in the hopes of obtaining sensitive login information.
Where is this coming from?
Based on our research, recon, and communication with other social media managers, who are all experiencing the same thing, this is systemwide and is not focused on a specific page type. Pages of all sizes are being targeted and we anticipate this type of activity throughout the year, especially as election season ramps up.
How can I tell if the message is coming from a legitimate source?
Per Meta, “Emails from Instagram or Facebook about your account will only come from @mail.instagram.com or @facebookmail.com” so all other (non-personal) messages should be considered suspicious.
Why would scammers want to access social accounts?
- Access to network of friends/followers to further spread spam and malware
- Access to sensitive financial information and ad accounts to purchase fraudulent ads
What is talkStrategy doing about it?
As accounts are inundated with these messages, it’s important to know that we’re aware and are actively addressing. Our Digital Team manages digital accounts for our clients, and tackles these incoming messages on a daily basis, reporting as spam and blocking accounts when possible. In addition, we report fraudulent websites and emails to local, state, and federal agencies. We also monitor constantly for new features to further safeguard against new scam attempts.
How should I proceed?
- Do let us know if you’re seeing these messages in your inbox, so we can address properly on your behalf
- Do explore two-factor authentication on your social accounts, if not already setup, to further secure your accounts from phishing attempts
- Don’t click on or open suspicious messages
- Don’t click on the links provided in these messages
- Don’t provide sensitive information in messages, including login, financial, and social security information.