The scam starts with a fake email that looks like it’s from Facebook. Spoiler: It’s not.

Facebook pages provide a place where businesses, brands, artists, public figures, nonprofits, and other groups can connect with fans or customers. Practically anyone can make a Facebook page, even especially cybercriminals.

Here’s how the scam works:

Cybercriminals create what appears to be an authentic email from Facebook which states that your Facebook page has been deactivated and will be deleted in 48 hours unless you click a link to verify your account. If you click the link, you’re taken to a real Facebook post from a page named “Page Support” that uses the Facebook logo and a message claiming the page has a “copyright violation.”

Because the cybercriminals use shortened URLs (which link to an actual Facebook post), these emails typically sneak past email security checkpoints and into your inbox.

The post then directs you to click another suspicious link that takes you to a fake login page such as such as hxxps://meta[.]forbusinessuser[.]xyz. If you enter your login credentials, you’ll give cybercriminals access to your Facebook profile and they are off to the races.

Don’t be fooled! Here are some tips to avoid these types of scams:

  • Always be on the lookout for a sense of urgency in emails. In this instance, they threatened to shutdown a Facebook page within 48 hours because they bank on impulsive actions.
  • Always think before you click. If it feels suspicious, it probably is. Always verify legitimacy. In this case, we would advise navigating to the Facebook page (or app) to view details. Odds are, if it were this imperative, you’d have a notification waiting for you upon logging in.
  • Remember that this isn’t exclusive to Facebook. We’ve seen similar scams from Amazon, TikTok and LinkedIn.