Debunking the Viral “Meta Business Support” Phishing Scam

Photo of author

Written by: Thomas Orsolya

Published on:

The internet is rife with scams and frauds looking to take advantage of unsuspecting victims. One such scam that has recently emerged targets Facebook/Meta page owners and admins with deceptive messages about alleged violations that could result in their page being disabled. This scam is colloquially referred to as the “Meta Business Support Scam” or “I.N.C. International Concepts Alert”.

Meta Business Support Scam for 'INC International Concepts

Scam Overview

The scam begins with the recipient getting an unsolicited message claiming to be from “Meta Business Support”. The message alleges that the recipient’s Facebook/Meta page has been reported for certain violations such as using someone else’s name or photos or sharing misleading content. It claims that this is not the first warning and immediate action needs to be taken to avoid the page being disabled permanently.

The message then provides a link to a fake Facebook page asking the recipient to “Confirm your account” within 24 hours. This phishing page is designed to harvest personal information and login credentials or spread malware to the victim’s device.

The scam message is carefully crafted to cause panic and urge urgent action from the recipient. It uses the names of legitimate platforms like Meta and incorporates official-sounding language related to intellectual property violations. This is done to exploit the trust users have in Facebook/Meta and their fear of losing access to their page which often represents a business asset.

How the Scam Works

Here is a step-by-step breakdown of how the “Meta Business Support” phishing scam operates:

1. Unsolicited Message

The scam starts with an unsolicited message sent to the victim’s Facebook inbox. The sender name is shown as “Meta Business Support” to appear credible.

A sample message reads:

Sender: Meta Business Support,

Your Page Has Been Disabled.
I.N.C. International Concepts has reported that your article:
1. Using someone else’s fake name/photo.
2. Share content that misleads other users.
We’ve warned in the past that if you continue to post content on your page that infringes someone else’s intellectual property rights, your Page will be disabled. If you believe this is an error in our system, please verify your
account at the link below. Account Confirmation: https://mfb.social/p/help/
Confirm your account within the next 24 hours otherwise our your Page may be permanently disabled. Meta Security Team.

The message uses scare tactics like mentioning past warnings and the impending permanent disablement of the page. This is done to create a sense of urgency.

2. Phishing Link

The message includes a link to a fake domain “mfb.social” which has no connection to the official facebook.com or meta.com.

This deceptive link directs to a phishing page masquerading as a Facebook account verification page. The look and feel of this page are very similar to real Facebook, including the company logo and branding.

3. Submit Credentials

Once on the phishing page, the user is asked to verify their account by submitting their login credentials and personal information. These details are then harvested by the scam operators.

In some cases, the page may contain a malware file disguised as an update that infects the victim’s device when downloaded.

4. Account Compromised

With the user’s login details, the scammers can now access their Facebook account and page. They use this to send more phishing messages to the victim’s friends and contacts, thereby spreading the scam further.

The account access also allows them to post spam content or malicious links using the victim’s identity. They may even attempt to extort money from the victim by threatening to disable their page.

This can result in the legitimate account being disabled by Facebook/Meta for suspicious activity. The victim may also suffer financial loss and identity theft if sensitive information was shared.

What to Do If You Get This Message

If you receive a suspicious message claiming to be from Meta Business Support or mentioning the I.N.C. International Concepts complaint:

  • Do not click on any links provided in the message. They will direct to a fake website intended to steal your information.
  • Check the sender’s email address. Scam messages usually come from non-official email IDs. Meta/Facebook will never email you from addresses like @outlook.com or @gmail.com.
  • Look for spelling/grammar mistakes. Legitimate messages from Meta are professionally written and free of errors. Scams tend to have typos, awkward phrasings and incorrect grammar.
  • Verify directly with Meta. If concerned, log into your Facebook account and check for any notifications about your page being at risk. Contact Meta Business Support through official channels like live chat for confirmation.
  • Report the message. Use Facebook/Meta’s reporting tools to flag the scam message as fraudulent so they can address it. This helps protect other users.
  • Change account passwords. If you shared personal info, immediately change your Facebook, email and other account passwords. Enable two-factor authentication for added security.
  • Scan devices for malware. If you downloaded any files, get your devices scanned by antivirus software to remove any potential malware or spyware.

What to Do If You Already Submitted Your Info

If you already provided your login credentials or personal information through the phishing site before realizing it’s a scam, take these steps right away:

  • Secure your accounts. Change the passwords for your Facebook/Meta account, email, and any other accounts using the same credentials. Enable login approvals/multi-factor authentication wherever possible.
  • Check for unauthorized access. Review all recent posts and activity on your Facebook page to see if the scammers have accessed your account already. Check connected apps and remove anything suspicious.
  • Report compromised account. Use Facebook/Meta’s account recovery and hacking reporting process to get help securing and recovering your account.
  • Contact banks/credit bureaus. If banking information or government IDs were shared, notify your financial institutions and credit bureaus to watch for suspicious activity.
  • Monitor accounts and credit reports. Be vigilant about checking bank statements, credit reports and account activity over the next few months for any signs of misuse of your personal information.

FAQ About the Meta Business Support Scam

Is this a legitimate message from Meta?

No, this is a phishing scam intended to steal information. Meta will never disable your page without prior notice and due process.

How did the scammers get my contact info?

Scammers use email harvesting bots and buy hacked account data from the dark web. Anyone with a public Facebook page/profile is vulnerable.

I shared my login details, what should I do now?

Immediately change your password and enable two-factor authentication. Check for unauthorized access to your account. Report the compromised account to Meta.

Can this hacking permanently damage my Facebook page?

It can if the scammers post malicious content that gets your page banned. Or if Meta disables your account for suspicious activity after it gets hacked.

Should I click the link to confirm my account?

Absolutely not. The confirmation link goes to a fake phishing site designed solely to steal your personal information.

How can I report this message to Meta?

Forward the scam email to phish@fb.com. Report the message within Facebook using the “Find Support” option.

How do I contact Meta Business support?

Reach out to Meta Business support via the “Manage Support Inbox” option on your Facebook page. Or use their live chat/contact form on the official Meta for Business site.

Why is my account at risk if I never violated any policies?

The disabling notice is a deceptive tactic used in the phishing scam message. Your account is not really at risk of being disabled.

In Conclusion

The “Meta Business Support” scam is an attempt to misuse the Meta brand to deceive page owners into compromising their account security and personal data. Always verify unfamiliar messages before acting. Use official Meta channels for any account-related issues. Be vigilant about phishing risks to protect yourself and your audience on social media.

How to Stay Safe Online

Here are 10 basic security tips to help you avoid malware and protect your device:

  1. Use a good antivirus and keep it up-to-date.

    Shield Guide

    It's essential to use a good quality antivirus and keep it up-to-date to stay ahead of the latest cyber threats. We are huge fans of Malwarebytes Premium and use it on all of our devices, including Windows and Mac computers as well as our mobile devices. Malwarebytes sits beside your traditional antivirus, filling in any gaps in its defenses, and providing extra protection against sneakier security threats.

  2. Keep software and operating systems up-to-date.

    updates-guide

    Keep your operating system and apps up to date. Whenever an update is released for your device, download and install it right away. These updates often include security fixes, vulnerability patches, and other necessary maintenance.

  3. Be careful when installing programs and apps.

    install guide

    Pay close attention to installation screens and license agreements when installing software. Custom or advanced installation options will often disclose any third-party software that is also being installed. Take great care in every stage of the process and make sure you know what it is you're agreeing to before you click "Next."

  4. Install an ad blocker.

    Ad Blocker

    Use a browser-based content blocker, like AdGuard. Content blockers help stop malicious ads, Trojans, phishing, and other undesirable content that an antivirus product alone may not stop.

  5. Be careful what you download.

    Trojan Horse

    A top goal of cybercriminals is to trick you into downloading malware—programs or apps that carry malware or try to steal information. This malware can be disguised as an app: anything from a popular game to something that checks traffic or the weather.

  6. Be alert for people trying to trick you.

    warning sign

    Whether it's your email, phone, messenger, or other applications, always be alert and on guard for someone trying to trick you into clicking on links or replying to messages. Remember that it's easy to spoof phone numbers, so a familiar name or number doesn't make messages more trustworthy.

  7. Back up your data.

    backup sign

    Back up your data frequently and check that your backup data can be restored. You can do this manually on an external HDD/USB stick, or automatically using backup software. This is also the best way to counter ransomware. Never connect the backup drive to a computer if you suspect that the computer is infected with malware.

  8. Choose strong passwords.

    lock sign

    Use strong and unique passwords for each of your accounts. Avoid using personal information or easily guessable words in your passwords. Enable two-factor authentication (2FA) on your accounts whenever possible.

  9. Be careful where you click.

    cursor sign

    Be cautious when clicking on links or downloading attachments from unknown sources. These could potentially contain malware or phishing scams.

  10. Don't use pirated software.

    Shady Guide

    Avoid using Peer-to-Peer (P2P) file-sharing programs, keygens, cracks, and other pirated software that can often compromise your data, privacy, or both.

To avoid potential dangers on the internet, it's important to follow these 10 basic safety rules. By doing so, you can protect yourself from many of the unpleasant surprises that can arise when using the web.

Previous

Beware of Fake Swiss Luxury Watch Websites Scamming Shoppers

Next

Beware of Fake “Your Page Has Been Disabled” Facebook Messages