Facebook phishing scam scares page owners into sharing their passwords.

The latest social media scam is another phishing scheme that scares Facebook users into sharing their login credentials. Here’s how to spot the fraud and protect your account from hackers.

How this scam works

You receive an email that appears to come from Facebook and says something like this: “Recently, we discovered a breach of our Facebook Community Standards on your page. Your page has been disabled due to a violation of Facebook Terms. If you believe the decision is incorrect, you can request a review and file an appeal using the link below.” The message may also state that if you don’t act in the next 24 hours, Facebook will delete your account permanently.

The email includes a link that appears to lead to Facebook.com. Because you want to keep your account, you may think about clicking – however, you must stay calm and take a closer look. On closer inspection, you’ll likely find signs of a scam. These include typos, email sender addresses that aren’t related to Facebook, and, if you hover over the link in the email (without clicking on it), you will discover that it doesn’t point to Facebook’s website.

Another version of this Facebook phishing scam targets Facebook business pages, threatening to deactivate the account due to a Terms of Service or Community Standard violation. The message appears to come from Meta Business Support and requires the administrator to confirm the account by clicking a link, or it will be permanently deleted.

If you click the link, they will likely take you to an official-looking page and prompt you to complete a form to appeal the policy violation. They’ll ask for your login email, phone number, name, and other details. The page will ask you to confirm your password when you hit submit. If you do, scammers will have all the information they need to hack your account.

How to avoid similar scams 

• Don’t panic. Always read suspicious emails carefully, looking for signs of a scam, before you act. Remember that scammers love to target social media accounts, so fake alerts aren’t uncommon.
• Verify the claims. Log into your Facebook account directly to verify there is a problem before deciding how to proceed.
• Always log into your account directly. Even if you think an alert is authentic, use your social media app to log in or enter the URL in the browser bar by typing it, not by clicking on a link sent to you.
• Guard your login credentials carefully. Never enter your login information on a third-party website or a page other than the official Facebook website. Never send your login information to someone via email or Facebook Messenger. Change your password immediately if you entered your login credentials into a fake form.

Read the full alert for more tips. 

For more information

Read more about how phishing scams work. Learn more on BBB.org about protecting your verified social media account and spotting fake social media accounts. Check out these tips from Facebook about keeping your account secure. 

If you spot a social media scam, report it to BBB.org/ScamTracker. Your reports help us build community awareness about common scam tactics.