The latest Facebook scam is designed to trick page admins and other users into sharing their login credentials with scammers. For schools and school districts, the impact of losing admin control of your account can have serious ramifications. These types of phishing scams certainly aren’t new, but this one is particularly tricky. Here’s everything you need to know to spot it and protect your accounts.
How It Works
You receive a notification that appears to be from Facebook (Meta) indicating your page is disabled (something along the lines of: “Your Page Has Been Disabled”). When you click on it, you get an explanation about why this may have happened, including notes about sharing misleading content, using photos that are not yours, or sharing offensive content.
When you take a closer look, you’ll notice what appears to be a notification is actually a post from a Facebook page created with the name: Your Page Has Been Disabled. The post is either posted to your page by a hacked or nefarious profile or posted elsewhere tagging you personally or tagging your school or district. The tag makes it appear in your notifications (or in the Social tab of the Class Intercom app). When you click the notification, you’re taken to a post that actually looks like it could be a notification directly from Facebook/Meta–making this scam especially tricky.
The post includes a link to a page that asks for some of your personal information in an interface that closely mimics Facebook’s colors and design, so you think you’re providing your info to Facebook. The prompted information typically includes your account’s login information, but can also include personal data, passwords, and other sensitive info.
If you click on the name of the page, which in this case is usually phrased as a notification might be, you’ll find an actual page that’s been set up under that name. The profile picture is a common flag or warning icon. You can see other posts that the fake account has published tagging other individuals or organizations similarly.
How You Know It’s a Scam
1. It’s not actually a communication from Facebook.
Look closely and you’ll see that you’ve actually been tagged in a post, not that you’re receiving a notification. The name of the account tagging you is posing as verbiage for a notification.
2. You’re tagged.
Facebook/Meta will use a standard notification window to inform you of something like account status–not a post–which means you won’t be tagged. Other people/organizations will also not be tagged.
3. Typos, incorrect grammar, and awkward language.
Regardless of platform (social, text, email), typos and spelling/grammar errors are a huge red flag that you may be being targeted by a scammer. Proceed with caution.
4. Urgency.
In addition to incorrect language and conventions, urgency is another red flag. Scammers often create urgency that forces you to make a decision or click on something quickly in hopes that you will act without thinking things through.
5. Links that aren’t quite right.
Note that Facebook will typically use buttons to prompt users to click something as opposed to imbedding links. Look very very closely at links and avoid clicking them as a general rule. Scammers often use links that inverse a couple letters or are just slightly off so you think they are legitimate.
It’s important to note that Facebook/Meta sometimes does disable accounts, namely those acting in violation of the platform’s Community Standards. When this happens, users will see an in-app or in-platform notification like these.
What To Do
First, avoid clicking or following any links. Second, untag yourself or your organization from the post. Third, report the post as spam and ask other members of your team to do the same. To do so, simply click the flag icon at the bottom of the post and follow the prompts. Note that more reports on a post increases the likelihood that Facebook will respond to the nefarious activity.
Protect Yourself
As a best practice, it’s important to consider the access provided to users creating, submitting, and approving social media content within your school or school district. Securing your accounts with systems and processes that relegate access permissions through a central platform can help ensure that students and staff have only the access level they need–keeping your accounts inherently safer. Class Intercom is designed to do exactly that, providing the appropriate level of access needed to everyone from student users to district-level PR professionals at the individual school level or the district level.
Interested in learning more about how Class Intercom can help secure and centralize access to your school’s social media channels? Reach out to info@classintercom.com or follow the link below to schedule a demo.