Cybercriminals Pose As Facebook And Instagram Support: How To Protect Your Private Information From
Updated: Jul 14
Another day, another scam! A new wave of social media scams has emerged, targeting unsuspecting Facebook and Instagram users. Whether you use your page for personal or business use, this new con could affect you. In this article, you'll discover what this scam is, how to detect if hackers are targeting you, and how to avoid falling for it and potentially leaking your private information.
If you're a social media user, you may have noticed that in recent years, both platforms are quick to hand out page violations. An inappropriate comment or post can land you in "Facebook jail" or with a 30-day suspension for repeated offenses. Facebook’s goal appears noble – keep these platforms a positive, kind place for all users.
To help identify these comments, the platforms have developed a sophisticated bot that can read the posts and detect "flagged" phrases that the platform has deemed inappropriate. Typically, they remove the inappropriate content and notify the user that the post was flagged and warn if they continue posting similar content a ban can occur.
However, this robotic peacekeeper is not perfect. It has a reputation for flagging ordinary content because of key trigger words and banning unoffending accounts. This situation is frustrating for users who don't want to lose access to their social media platforms for an offense they didn't commit or are worried that years' worth of memories they've accumulated on their account could disappear if their account is wrongfully deleted.
Cybercriminals saw their opportunity and went for it. Hackers pose as support agents from Facebook or Instagram, contacting users via direct message on the platforms saying there has been a policy violation and they'll help the user resolve it by filling out a simple form that gives them the information they need to make this digital slap on the wrist go away. The alarming twist? Once users submit their information, it falls directly into these skilled hackers' hands, who can use it for who knows what.
If you want to protect yourself from this scam, you must first be able to recognize it. If you receive a message like the one below – don't panic. Cybercriminals want you to be worried, so you slip up and make a mistake. Remember, a Facebook agent will never directly contact you unless you go through the support chat first. The platforms have in-app notifications about banned or flagged content that you will see first, and they will follow up via email.
The image below features an actual screenshot of this scam in action and points out other factors to notice when determining the legitimacy of a violation.
We didn't request the form to see what information it collects (and neither should you), but we can guess. Facebook has developed strict verification processes for confirming identities to reduce the number of imposters on Facebook and determine the rightful ownership of accounts in hacking situations. The platform will request proof of identity with a photo of your ID or sometimes even business documents proving ownership. Cybercriminals will likely request this information but may take it further by asking to confirm your password, social security number, and more.
This deceptive tactic highlights the ever-evolving nature of cybercrime. Just as we've seen with the rise of AI-powered tools used in voice cloning scams, these hackers are becoming increasingly creative and sophisticated in their efforts to manipulate social media users. They are watching what's happening and adapting their tactics accordingly. The stakes are high, and so is the potential damage to individuals and businesses.
To safeguard yourself and your business from such threats, it's crucial to remain vigilant and informed. Here are a few practical tips to help you stay protected:
Always verify the authenticity of messages received from social media platforms. Support does not contact you via message unless you request chat support, and they will never ask you to provide sensitive information through direct messages.
Be cautious of unsolicited messages requesting you to click a link or fill out a form. Instead of clicking the link, visit the platform's help center or contact support directly to inquire about the issue.
Strengthen your account security by enabling two-factor authentication, regularly updating your passwords, and using unique, complex combinations of characters.
Provide regular security awareness training to your employees. Share articles like this one that shed light on emerging scams and engage in ongoing education to ensure your team remains alert and prepared.
Collaborate with your IT service provider to implement robust cybersecurity measures and disaster recovery protocols. Investing in comprehensive protection is essential in minimizing the risk of falling victim to these sophisticated attacks.
Remember, prevention is critical. Don't wait until it's too late to take action. If you're concerned about the security measures your IT service provider has in place, click here to request a Microsoft 365 Secure Score review. This review will give you a clear understanding of your current security stance and whether you're well-equipped to handle a cyber-attack.