Top
Home / Cyber Security
Cyber Security

Defending your business against Meta DM scams

By

Unfortunately, social media continues to be a double-edged sword for businesses. While offering growth and connectivity, it also presents a growing surface for scammers. A recent Meta scam targeting Meta’s Business Support users illustrates just how adaptive cybercriminals have become. With sophisticated techniques and ways of exploiting common vulnerabilities, these scams are a wake-up call for every online business.

Trend Micro’s latest report highlights the rise of fraudulent attempts. Scammers impersonate Meta’s Business Support, using phishing emails and fake web pages to trick users into disclosing sensitive information. By exploiting users’ trust in official support channels, these attackers obtain credentials, access sensitive business data, and even gain control over advertising accounts.

The anatomy of the scam

The scam starts innocuously enough: an email appears to be from Meta, warning of some form of issue, perhaps a policy violation or an urgent request regarding account security. These emails are often written with alarming language to instil a sense of urgency. The recipient is then directed to a convincing imitation of Meta’s official business support page.

Once on the fake website, users are prompted to log in, handing over their credentials to the attackers. These scammers exploit business owners’ fear of losing access to their advertising accounts or their company’s online presence. The endgame can involve stealing funds from linked accounts, leveraging compromised accounts to target others or damaging business reputations.

Take a look at the following image, which shows a scam impersonating Meta’s support on Instagram. In this scam, users receive a direct message claiming that their Facebook pages linked to Instagram violate Meta’s intellectual property policy and will be removed. The message uses urgent and alarming language to pressure users into action. The message asks the recipient to dispute the decision to prevent their page from being deleted. This kind of tactic, often seen across social media platforms, relies on fear and urgency to manipulate users into clicking on malicious links or providing sensitive information.

More examples of direct message scams

Direct message scams are on the rise, targeting businesses and influencers across social media platforms. In addition to impersonating Meta’s support, scammers have devised several other DM scams that businesses should be aware of. One common approach is the impersonation of Instagram’s verification team. Users receive a message stating that their account is eligible for verification, complete with a blue checkmark. To complete the process, they are asked to click on a link and provide their login credentials. The link, of course, leads to a phishing site designed to harvest sensitive information.

Meta Support DM scam
Meta Support DM scam
Instagram DM scam
Instagram DM scam

Another variant involves the supposed violation of community standards. Businesses receive a message warning that their account will be deleted within 24 hours due to a breach of guidelines, such as copyright infringement or hate speech. The language is purposefully alarming, creating a sense of immediate danger. Users are provided with a link to appeal the decision, but clicking on it leads to a phishing site where login credentials are harvested. The attacker then gains control over the account, which can be used to spread further scams or request ransom from the original owner.

There is also the growing issue of fake copyright infringement claims. Users receive direct messages claiming that they have posted copyrighted content without permission and are asked to follow a link to resolve the matter. This link directs them to a fake page mimicking Instagram’s support, where users are prompted to provide login credentials. The fear of having posts removed or facing legal consequences often drives users to comply without verifying the message’s legitimacy.

What to do if you receive a suspicious message

If you receive a message like the one mentioned above, it is important to remain calm and vigilant. First, start by verifying the source. Scammers often use usernames similar to official accounts but include random numbers or slight misspellings. If the message is unsolicited and asks for sensitive information, it is likely a scam. Avoid clicking on any links in these messages, as they can lead to phishing sites designed to steal your information.

Always report the message through the platform’s built-in tools. For instance, Instagram allows users to report suspicious messages directly through the app. Reporting these scams helps the platform identify and remove malicious actors, protecting the broader community from similar attacks.

And remember, do not engage with the sender. Engaging can confirm to the scammer that your account is active, leading to further targeting. Instead, contact Meta’s official support channels if you are uncertain about the legitimacy of a message. It is always better to take the extra step of verifying through official means rather than risking compromise.

FB email phishing scam
FB email phishing scam example – credits to keyTech
Meta Fake page scam
Meta Fake page scam

Avoiding scams must be a community-wide effort

Addressing these challenges goes beyond individual awareness, it requires a community-wide approach. If your business falls victim to such a scam, reporting it immediately can prevent others from being targeted. Meta and other tech companies rely heavily on users flagging suspicious activities to help them close off vulnerabilities. The rise of these scams also underscores the importance of collaboration within the business community. Sharing experiences and warning others about emerging threats can significantly reduce the overall success rate of these scams. When businesses band together to share knowledge and resources, they create a more resilient community that is harder for cybercriminals to exploit.

The world of cyber scams is constantly evolving, and the recent rise of Meta Business Support impersonation scams is yet another reminder of the importance of staying vigilant. Businesses must understand the stakes of operating online, taking proactive measures to ensure they do not fall prey to these evolving threats. By fostering a culture of security awareness and leveraging community resources, businesses can protect themselves and their customers from the growing threat of digital scams.

Tags: ,
0

Kristi Shehu is a Cyber Security Engineer (Application Security) and Cyber Journalist based in Albania. She lives and breathes technology, specializing in crafting content on cyber news and the latest security trends, all through the eyes of a cyber professional. Kristi is passionate about sharing her thoughts and opinions on the exciting world of cyber security, from breakthrough emerging technologies to dynamic startups across the globe.

RELATED POSTS

News, Tech

Fatigue, impatience and regression. It sounds like the tale of an ancient world. However, it is actually a snapshot of contemporary society according to the words of the year given by the Oxford Dictionary and the Macquarie Dictionary. The former

Cyber Security

Meta, the owner of Facebook, Instagram, and WhatsApp, has removed more than two million accounts related to the scam known as “Pig Butchering” this year in collaboration with international police forces. The Pig Butchering scam is “one of the most egregious

News, Tech

Bluesky, the decentralized social platform founded by Twitter co-founder Jack Dorsey (who cut ties with the company earlier this year), has emerged as an alternative to Twitter. It is attracting both users and media organizations who are disillusioned with the

4i magazine was founded with the vision of enabling our readers to make sense of the modern world. Our mission is to provide our audience with the most important, cutting-edge tech news and insights. Today's media landscape features too much information and not enough knowledge. Our coverage aims to fix that, by focusing the spotlight on developing trends, up-and-coming talents, and news that's worth your attention.

info@4imag.com
jobs@4imag.com

© Copyright 4i Mag 2022 All Rights Reserved