DSB Creative clients are seeing an influx of phishing emails being sent to them that look like they come directly from Facebook. These emails are fake and need to be ignored. Their goal is to send you to a fake website where you will give away your data.
We’ve gotten a few emails recently from our clients worried that their Facebook ad accounts have been reported for something.
Luckily, they are forwarding these emails to us so we can educate them on how these are fake emails and everything is okay with their accounts.
We also make sure they understand not to click the links or enter any information on the websites these emails send them to.
These emails are known as Phishing Scams. The purpose of these emails is to send you to a website that looks identical to the real, more well-known, or popular website that you’re used to seeing, to get you to enter your login information.
When you enter the information and click enter, the website will kick it back and tell you that its incorrect, or will simply refresh the page. Whatever the page is directed to do, what’s really happening is that your information is being sent to a scammer who will then use it on the real site it's meant for.
In our clients’ cases, it’s Facebook. Specifically, Meta Business, which includes access to our clients’ credit card information and more.
Luckily, these emails are normally easy to spot by the fake email address the scammers use to send it, the greeting used in the beginning of the email, or story they try to tell in the email (click here to read how the FTC says you can spot them).
Here’s an example we got from one of our clients:
As you can clearly see in the above email, the “From” email address is not from Facebook.com, which is a first sign.
Secondly, we see the subject line is clearly not written in a proper way, “Your ads has been reported” instead of “Your Ads Have Been Reported”.
We notice the opening of the email only says “Dear”, but does not include a name. If Meta was contacting you, they would certainly have your name.
We notice the third sentence asks our client to appeal, versus informing them that they can. Meta/Facebook will not ask you to appeal their decisions.
Finally, we also notice in the last sentence, “This could cause to your account to be disabled”. Again, this is not proper English.
For all of these reasons, we could clearly see this was a scam. Luckily, our client figured it out and didn’t get roped into anything as far as we know, but if you’re going through an email quickly and see something like this, we can see how you might just click without double checking.
To learn more about Phishing Scams, you can check out the following resources:
Spoofing and Phishing - Federal Bureau of Investigation