Facebook is home to over 2.9 billion active users, making it the biggest social media platform in the world. With such a massive userbase, Facebook unfortunately also attracts a lot of scammers looking to take advantage of unsuspecting users.
One scam that has been making the rounds recently is the “Online Community Manager” scam. This cleverly designed scam targets Facebook page administrators by posing as Facebook support and claiming the recipient’s account is at risk of being deactivated.
In this comprehensive guide, we will break down exactly how the “Online Community Manager” Facebook scam works, who it targets, and most importantly, how you can avoid falling victim to it.
Overview of the Scam
The “Online Community Manager” scam is designed to steal login credentials and hijack Facebook pages from their rightful administrators. It starts with the scammers sending an ominous message claiming to be from Facebook’s support team or copyright division.
The message uses scare tactics such as warning the recipient their account is violating Facebook’s terms or is at risk of being deactivated. To “resolve” this fictitious violation or deactivate risk, the message provides a link for the recipient to “verify” their account.
However, this link does not lead to Facebook, but rather a fake login page controlled by the scammers. Once the recipient enters their username and password, the scammers gain access and can fully compromise both their personal profile and any Facebook pages they manage.
Who Does This Scam Target?
This scam predominantly targets two groups:
- Administrators of popular Facebook pages – The scammers are hoping to hijack pages with large followings so they can use the brand and reach to run additional scams. A page with an established audience is very valuable to them.
- Everyday Facebook users – While not the primary target, regular Facebook users could also receive these scam messages. The scammers likely mass message users hoping some will fall for it. They will take over any account they can compromise.
Where Are the Scam Messages Coming From?
The messages appear to come from an account named “Online Community Manager”. This name is designed to sound vaguely like a real Facebook service or department.
The account uses Facebook’s logo and images to appear more legitimate. However, it is not actually associated with Facebook in any way. Any message from this account should be considered extremely suspicious.
How the “Online Community Manager” Scam Works
The “Online Community Manager” Facebook scam can be broken down into several meticulously planned steps designed to steal login credentials under the guise of account verification.
Understanding each phase of this process is crucial to recognizing and avoiding this scam. Here is a detailed, step-by-step overview of how this phishing technique unfolds:
1. Receiving the Initial Scam Message
The scam starts with an unsolicited Facebook message sent to the target’s inbox. The message appears to come from an account called “Online Community Manager”.
The account name, profile image of the Facebook logo, and use of terms like “Copyright Violation” or “Community Standards Violation” in the subject line are all carefully crafted to seem official.
However, this message is in no way associated with or sent by Facebook itself. Any communication from “Online Community Manager” should be considered highly suspicious.
Here is how a scam message may look:
Dear admin page!
POLICY PAGE!
Your Page has infringed copyright information!
Your account has been detected in violation of our current copyright policy. For security reasons. and To prevent permanent deactivation of your account, follow these steps. In more serious cases, we will cancel your report immediately. if you do not confirm, our system will automatically block your account.
Verify these related accounts: http://facebook-help.us/XKupsnaU/zBYoCTsJo3XXP.html
Thank you for helping us improve our account services.
FB copyright team integration.
The pages marked below are copyright infringers.
2. Threat of Account Deactivation
The content of the message is designed to instill fear that your account is at risk. The scam message may claim something like:
- Your account has been flagged for violating Facebook’s terms or community standards
- You have shared prohibited copyrighted content
- You recently posted offensive or dangerous content
- Your account is scheduled for deactivation within 24 hours
Of course, you have not actually done anything to warrant deactivation, but this threat is used to scare you into handing over your login credentials.
3. Providing a Link to “Verify Your Account”
After stating your account is in jeopardy, the scam message provides a link supposedly to verify or validate your account with Facebook.
Some example text used in the message is:
- Click here immediately to confirm your account ownership
- This verification link must be used to avoid deactivation
- Follow this link and login to confirm your account status
However, this link does not lead to Facebook or any real account verification. It is a malicious phishing link controlled by the scammers.
4. Redirecting Users to a Fake Facebook Login Page
Once you click the link, it redirects to a webpage styled to look exactly like Facebook’s real login page.
Everything from the design, logo, dashboard image, and wording are copied to seem legitimate. However, the URL will clearly show this is not actually Facebook.
The page asks you to enter your username and password “to confirm your account”. In reality, any details entered are delivered directly to the scammers.
5. Unknowingly Providing Your Login Credentials
Because the fake Facebook login page looks so real, most users will instinctively enter their information when prompted without thinking anything is wrong.
Since people log into Facebook regularly, this is a highly effective technique for capturing credentials. After you enter your username and password, they are transmitted to the scammers.
6. Scammers Gain Full Access to Your Account
Armed with your username and password, the scammers can now access your Facebook account as if they were you. They have all the keys needed to impersonate you online.
Any personal data, messages, connected accounts, friends list, and especially access to any Facebook pages you administer are now under the scammers’ control. This allows them to reach a wide audience under your identity.
7. Changing Account Details to Lock You Out
Once inside your compromised account, the first thing scammers will do is change key details like your password, contact email address, and security settings.
This is done to deny you access, cement their control, and prevent you from quickly recovering your account. They essentially block you out of your own account.
8. Using Your Identity and Connections for Further Scams
With your account hijacked and tailored to suit them, the scammers can now carry out additional scams by impersonating you.
They have access to an established network of your friends and followers. Some examples of what they may do next:
- Spread dangerous links that download malware or capture even more data
- Run phishing scams by impersonating you and targeting your connections
- Post inappropriate content to damage your reputation
- Use your pages and identity to scam your followers and spreads misinformation
- Access connected accounts like email or financial accounts for identity theft
As you can see, the “Online Community Manager” scam is painstakingly designed to prey on people’s fear of losing their Facebook account. If you are not aware it is a scam, it can be easy to fall for. Now that you know how it works, you can identify these messages and avoid the trap.
How to Spot This Scam on Facebook
Knowing exactly what to look out for is key to identifying and avoiding the “Online Community Manager” Facebook scam. Here are the telltale signs that a message is part of this phishing campaign:
Sender Name of “Online Community Manager”
Messages from this fabricated account name are the hallmark of this scam. Legitimate Facebook emails and messages will come from “Facebook” or specific support teams. Be wary of any unsolicited messages from this suspicious account name.
Threats of Account Deactivation
Scam messages will nearly always claim your account is violating Facebook policies or is at risk of being disabled. This is a fear-based tactic to spur users to hand over their login information. Facebook does not typically threaten account deletion without ongoing communication and providing a way to resolve issues first.
Links to Verify Accounts
Messages will contain a link supposedly for you to verify or validate your account with Facebook to avoid the supposed deletion. The link goes to a fake Facebook login page controlled by scammers to capture your credentials when you attempt to log in.
Login Pages with Slightly Off URLs
The link in the messages leads to login pages styled exactly like the real Facebook site, but upon closer inspection the URL will clearly show it is not actually Facebook. Look for minor differences or misspellings.
Requests to Login or Enter Credentials
Facebook would never message you out of the blue requiring you to login or asking for your password or other credentials. Any unsolicited messages of this nature are highly suspicious, even if styled to look official. Err strongly on the side of caution if being prompted to login.
Poor Spelling and Grammar
While not a guarantee, scam messages often contain typos, spelling errors, strange phrasing, and broken grammar. The scams originate overseas. While not definitive proof, odd writing can be a red flag.
Stay vigilant for any communications from “Online Community Manager” or containing these traits. Never login or share your credentials unless you initiated the login process yourself via Facebook’s actual app or website. If in doubt, contact Facebook Support directly to confirm any messages before taking action. Protect your account!
What to Do If You Have Fallen Victim to This Scam
If you unfortunately entered your Facebook login details into the fake verification page, the scammers now have control of your account. Here are the steps you should take immediately:
1. Use Another Device to Change Your Password
The first priority is changing your password as soon as possible before the scammers do. Do not try to change the password from the same device you entered it on, as it could already be compromised. Use a secondary device like a phone, work computer, or friend’s device.
Change your password to something completely new that the scammers could not guess. Enable two-factor authentication for an extra layer of security.
2. Check Connected Apps and Remove Anything Suspicious
In your Facebook settings, look at the list of apps and websites connected to your account. The scammers may have linked tools to maintain access. Remove anything unfamiliar.
Revoke access for any apps you think are suspicious. This cuts off a potential backdoor into your account.
3. Scan Your Computer for Malware
The fake Facebook verification page you visited could have downloaded malware onto your computer without you realizing. Download Malwarebytes and perform a full system scan to check for anything malicious.
Removing any malware found can stop the scammers from monitoring you or accessing your new password.
4. Contact Facebook to Report the Scam
Facebook has a form to report hacked or compromised accounts. Provide details on how your account was scammed so Facebook can investigate and strengthen protections.
You may also want to proactively reach out to Facebook support via chat or email to expedite recovering your account.
5. Check Other Accounts Linked to Your Facebook
Chances are your Facebook was connected in some way to accounts like email, Instagram, Amazon, etc. The scammers could leverage this to compromise your other accounts.
To be safe, change the passwords for any accounts linked to your Facebook that the scammers may have gained access to. Enable two-factor authentication wherever possible.
6. Use Facebook’s Account Recovery Steps
If the scammers changed your password and took over your account before you could recover it, Facebook has an account recovery process.
You will need to provide info only the legitimate account holder would know, like email addresses used, phone numbers, locations where you logged in from, etc. Facebook should be able to confirm you are the valid account owner.
7. Warn Friends and Followers
Let your Facebook friends list and any followers of your pages know that your account was compromised. Tell them to be wary of any odd messages or posts made after the scam, as those did not come from you.
Suggest they tighten security settings and watch for suspicious login activity on their own accounts. The scammers may target more people you know.
Frequently Asked Questions About the “Online Community Manager” Scam
This Facebook phishing scam has many users concerned and needing answers. Here are comprehensive responses to some frequently asked questions regarding the “Online Community Manager” con to help you protect yourself:
What is the “Online Community Manager” Scam?
This scam uses fake security warnings purportedly from Facebook Support to trick users into providing their Facebook login credentials. Scammers send messages warning your account will be deleted unless you “verify” it through a provided phishing link.
Who is behind this scam?
This scam comes from an account named “Online Community Manager” which pretends to be a real Facebook account security service. However, Facebook has confirmed it is unaffiliated. The identity of the actual scammers is unknown.
How does the scam work?
You receive a message claiming your account is at risk. It provides a “verification” link leading to a fake Facebook login page. Without realizing, you may enter your username and password, allowing scammers to steal your credentials and access your account.
What is the end goal of this scam?
The scammers aim to hijack valuable Facebook pages and accounts with large followings. This allows them to perpetrate additional scams leveraging the reach of these compromised accounts.
What damage can this scam cause?
This scam can allow takeover of both your personal profile and any Facebook pages you administer. The scammers can then destroy your reputation, spread malware, steal identities, and access connected accounts, amongst other damages.
How can I avoid falling for this scam?
Do not click any links in unsolicited messages claiming to be from Facebook Security teams. Log into Facebook directly through the app or website to check any account notifications. Enable two-factor authentication as well for enhanced security.
What should I do if I fell for this scam?
If you entered your login details, change your password immediately from a different device the scammers would not have access to. Also remove any unauthorized connected apps, run anti-virus scans, contact Facebook Support, and warn your friends not to interact with the compromised account.
How can I report this scam?
You can report any messages from “Online Community Manager” to Facebook directly through their reporting forms. Submit details on the source account, content of scam messages, and any impacts the scam had on your accounts.
How can I help others avoid this scam?
Share warnings about this scam on your own social media accounts. Educate friends and family to be wary of messages from “Online Community Manager”. Encourage them to use robust security settings for Facebook and other accounts.
The Bottom Line
The “Online Community Manager” Facebook scam is an insidious phishing technique that can compromise both personal profiles and page accounts. The messages appear official but are simply a tactic to steal login credentials.
If you receive a message from “Online Community Manager” or claiming your Facebook account is at risk, do not click any links. Report the message to Facebook immediately. Never login from an unsolicited link, no matter how legitimate it looks.
Should you fall victim and have your account hijacked, take swift action by changing passwords, removing connected apps, scanning for malware, and contacting Facebook support. Also warn your network of contacts about the scam to prevent further spread.
Stay vigilant against phishing attempts, implement robust security settings, and verify any communications purporting to be from Facebook’s teams. With awareness of how this scam operates, you can keep yourself and your account protected.