Recently, we have been receiving many emails from panicked clients asking if an email from Meta is legit. More often than not, these are scam or phishing emails.
Scammers are becoming more sophisticated with their tactics; making it harder for individuals and businesses to spot a scam email. Upon an initial skim read – it is easy to mistake the scam from a real business
In more recent months, there has been a rise in scams targeting digital marketing clients, with hackers posing as legitimate companies, such as Meta, in an attempt to steal personal information, money, and locking the owners out of their Facebook business accounts.
Wait.. did that just happen?
Last week, we had one of our clients send us this email, querying if it was really from Meta, and were her ad accounts really disabled?
This was from a scammer – and from the outset, it looks legit. It says it is from Meta For Business, and it uses the same headline that Meta sends.
But upon closer inspection, we can see that they are using the wrong email address – it doesn’t even show a Meta or Facebook email address.
It doesn’t address a person, but rather the business type.
The last telling sign is that it asks for someone to click a link to resolve the issue nor does it have the correct footer that Meta has at the bottom of all their official correspondence.
Here’s what a real email from Meta looks like by comparison.
When an email comes from Facebook, it will say Meta For Business or Facebook Ads Team and the email address is always <firstname.lastname@example.org>
Facebook typically tells you which ad account was declined (along with the ID number) and it tells you how to fix it. In this case, the ad account was disabled because the invoice had not been paid, so to rectify it, the bill needed to be paid and the ads would be reinstated. Notice there’s no threat of cancelling your account in 24 hours and there is a proper CTA button that will take you to the correct page to pay.
If your account had a serious violation, Facebook wouldn’t warn you – they would immediately disable the account. Lastly, the footer will always state who it was sent to, the offer to unsubscribe, and Facebook’s address.
Here’s another example:
Like the other email, it has the correct email address, and in this case, the ad account was running an advert that triggered a mild violation (failed to comply with policies). This violation is fixable, and Facebook provides the buttons to take you to the correct pages to fix it.
There are links, but they are directing someone to their policies, so that you can read in more depth (if you so choose) about why your ad was flagged as a violation. Notice that the links are for information, not to take action. All actions have a proper button.
And lastly, it has the same footer as the other email.
How to distinguish fake from real?
If you have received a scam email, it is important to take immediate action to protect yourself and your business. The first thing you should do is not to click on any links or provide any personal information in the email. Scammers often use links in scam emails to direct individuals to fake websites, where they will be prompted to enter personal information, such as login credentials or credit card numbers.
To determine if an email is legitimate, there are a few key things you should look for. One of the most important is the email address of the sender. Legitimate companies will typically use an email address that is associated with their domain name, such as “email@example.com”. If the email address appears to be from a free email service, such as Gmail or Yahoo, it is likely to be a scam.
Another important factor to look for is the use of correct punctuation and grammar. Scammers often make mistakes in their emails, which can be a clear indication that the email is not legitimate. Look for spelling errors, poor grammar, and incorrect punctuation.
TL;DR: Look for:
- Correct grammar. Typically, scam emails are poorly written so they often do not make sense grammatically, and lack proper punctuation.
- The email address. Double check that the email address is correct. When in doubt, contact the company directly (not from the email).
- Do not click on any of the links provided. It is always easier to create a new account than it is to retrieve an account from hackers.
Is there a way I can make my account bulletproof?
In order to prevent your accounts from being hacked, we highly recommend enabling two-factor authentication. This is an extra layer of security that requires a code to be sent to your mobile phone in order to log in to your account. This makes it much more difficult for hackers to gain access to your account, even if they do manage to steal your login credentials.
You can read our step by step guide here.
If you have already fallen for a scam and need some help sorting things out, get in touch with us immediately. We can assist you in identifying the scam, taking steps to protect your personal information, and helping you to regain control of your account.
If you would like more information about scams, Facebook has a good source on how to distinguish spams from genuine.