Beware the FAKE Facebook “Your Account Will Be Blocked” Scam
Written by: Thomas Orsolya
Published on:
Facebook users beware – there is a new phishing scam making the rounds that tries to trick you into handing over your login credentials. Scammers are sending Facebook page admins fraudulent messages claiming that their account is about to be blocked due to violations of Facebook’s terms of service. If you receive one of these messages, do not click on any links or provide any personal information. Read on to learn more about how this scam works and what you should do if you are targeted.
Overview of the Scam
This phishing campaign targets Facebook page admins with an alarming message stating that their account or page is about to be banned for violating Facebook’s Community Guidelines. The message claims that if the recipient believes this is an error, they can submit a review request within 24 hours through a link provided in the message. If no action is taken, the message claims the account will be permanently disabled.
Of course, this is not actually a message from Facebook, but rather a scam designed to steal login credentials and take over Facebook accounts. The scam message is typically sent via Facebook Messenger to page admins. The language and formatting used closely resembles official Facebook communications, making the message seem legitimate on the surface.
Once users click on the phishing link, they are redirected to a fake Facebook login page that clones the real Facebook website. On this scam website, users are prompted to enter their Facebook login email and password to supposedly submit an appeal and unlock their account. However, in reality, any information entered is sent directly to the scammers behind the phishing attack.
Armed with stolen Facebook credentials, attackers can gain full access to compromised accounts. They often use these hijacked accounts to spread more phishing links or spam to the victim’s friends list. Stolen accounts can also be used to post clickbait links and scammy ads, which allows scammers to generate fraudulent revenue. Even worse, access to a page admin account gives scammers control over any linked Facebook Pages the victim manages. This allows them to post dangerous malware or inappropriate content under the guise of a legitimate Facebook Page.
Overall, this scam is quite devious, as it takes advantage of users’ fear of losing access to their account. The carefully crafted message tricks targets into handing over their login info without thinking twice. All it takes is entering your password once into the fake login page, and your account security is compromised. That’s why it’s critical that Facebook users learn to recognize and avoid this scam.
How the Scam Works
Here is a step-by-step breakdown of exactly how the “Your Account Will Be Blocked” Facebook scam operates:
1. Scammers Send Phishing Message
The scam campaign begins with scammers acquiring or purchasing lists of Facebook user IDs connected to page admin accounts. They target these page admin accounts because compromised pages can be abused to spread more scam links.
Using this list of target accounts, scammers craft a phishing message warning that the user’s Facebook account or page is about to be blocked for policy violations. The message is made to look like official communication from Facebook Support. The scam message will typically say that the account will be permanently disabled within 24 hours unless the recipient appeals by clicking a provided link.
2. Victim Clicks Link to Fake Facebook Site
If the recipient is fooled into thinking the message is real, they will likely click the link out of panic about losing their account. The phishing link redirects to a fake Facebook login page that mimics the design of the real Facebook site. This helps reinforce the illusion that they are on a legitimate Facebook support page.
3. User Attempts Login to Fake Page
On the fake Facebook page, victims are prompted to login to their account by entering their Facebook email and password. This is supposedly to submit an appeal and unlock the account before it is disabled. Unfortunately, any login credentials entered are sent directly to the scammers to be used however they want.
4. Scammers Gain Access to Compromised Accounts
Once scammers have successfully phished the victim’s login info, they gain full access to the compromised Facebook account. With this access, the scammers are free to leverage the account however they please.
They typically start by using the account to send more of the same phishing scam messages to the victim’s friends and network. This allows them to phish even more accounts and grow their scam. They may also post questionable links, content, and spam using the victim’s profile or any linked Pages they now control.
5. Account Owner Loses Control
Meanwhile, the real account owner will find they are locked out of their own Facebook account. With the scammers now controlling it, they have no way to regain access. The only option is to go through Facebook’s account recovery process. However, this can be difficult, especially if the scammers change login details like the password or linked email.
Overall, this scam succeeds by taking advantage of people’s fear of losing their social media presence. The threatening message triggers an emotional response that overrides logical skepticism about the legitimacy of the links and sites. Before they know it, victims have handed over the keys to their account to scammers.
What to Do If You Have Fallen Victim to This Scam
If you inadvertently clicked on a “Your Account Will Be Blocked” Facebook phishing link and entered your login credentials, here are the steps you should take right away:
Change your Facebook password immediately. This locks the scammers out and prevents further access to your account. Use a strong, unique password that isn’t used on any other sites.
Turn on login approvals. Under Facebook settings, enable login approvals, which require you to enter a security code sent to your phone on every login attempt. This adds an extra layer of security.
Check privacy settings. Review all your privacy and account settings to see if the scammers changed anything. Revert any unknown changes.
Remove unknown apps or browsers. Check for any unfamiliar apps or browsers linked to your Facebook account that the scammers may have added and remove them.
Review recent posts and messages. Scan your recent Facebook activity for any spam, inappropriate posts, or phishing links shared from your account while compromised. Delete these.
Warn friends and followers. Let your Facebook friends know your account was compromised in case they received any suspicious messages during the hijack.
Run antivirus software. Run a scan using updated antivirus software to check for any malware that may have been installed during the phishing attack.
Contact Facebook. Use Facebook’s account recovery options to report the hack. You may need to submit ID to prove account ownership if login details were changed.
Monitor activity. Keep a close eye on your Facebook account over the next few weeks to spot any unusual behavior that could indicate further misuse.
Catching and addressing a Facebook phishing attack quickly can help limit the damage. But move fast, or the scammers may do lasting harm to your account reputation or security before you regain control.
Is Your Device Infected? Run a Free Malware Scan
Slow performance, constant pop-ups, or strange behavior? These are classic signs of a malware infection. The fastest way to find out is to scan your device with Malwarebytes Anti-Malware Free — one of the most trusted malware removal tools available.
The free version detects and removes the most common threats, including:
Adware — the cause of those annoying pop-ups
Browser hijackers — unwanted redirects and changed homepages
Trojans and spyware — hidden programs stealing your data
Potentially unwanted programs (PUPs) — software you never asked for
👉 Select your device below — Windows, Mac, or Android — then follow the simple steps to download Malwarebytes, scan your system, and remove any threats it finds. The whole process takes about 5 minutes.
Malwarebytes for WindowsMalwarebytes for MacMalwarebytes for Android
Run a Malware Scan with Malwarebytes for Windows
Malwarebytes is one of the most popular and trusted anti-malware tools for Windows — and it’s completely free for removing infections. It catches threats that many antivirus programs miss, including adware, browser hijackers, and trojans. Follow the steps below to scan and clean your PC in just a few minutes.
Download Malwarebytes
Click the button below to download the latest version of Malwarebytes for Windows from the official source. The free version is all you need — it will scan your computer and remove adware, browser hijackers, and other malicious software at no cost.
(The link opens in a new page where your download will start)
Install Malwarebytes
When the download finishes, open your Downloads folder and double-click the MBSetup file. If Windows shows a User Account Control pop-up, click “Yes” to allow the installation.
Follow the On-Screen Prompts to Install Malwarebytes
The setup wizard will walk you through a few quick screens:
Choose where you’re installing the program — “Personal Computer” or “Work Computer” — then click Next.
Malwarebytes will now install on your device. This usually takes under a minute.
When installation is complete, the “Welcome to Malwarebytes” screen will open automatically.
On the final screen, click Open Malwarebytes to launch the program.
Enable “Scan for Rootkits”
Before scanning, turn on rootkit detection so Malwarebytes can find even the most hidden threats. Click the Settings gear icon on the left side of the screen.
In the settings menu, find “Scan for rootkits” and click the toggle so it turns blue.
Done? Click “Dashboard” in the left pane to return to the main screen.
Start the Scan
Click the blue Scan button. Malwarebytes will automatically update its virus database and start checking your computer for malware.
Wait for the Scan to Finish
The scan checks your entire system for browser hijackers and other malicious programs, so it can take several minutes. Feel free to do something else — just check back occasionally to see the progress.
Quarantine the Detected Threats
When the scan is done, you’ll see a list of everything Malwarebytes found — malware, adware, and potentially unwanted programs. Click the “Quarantine” button to remove all of them at once.
Malwarebytes will now remove the malicious files and registry entries and move them safely into quarantine.
Restart Your Computer
Some threats can only be fully removed after a reboot. If Malwarebytes asks you to restart, click Yes. Once you’re logged back in, your PC is clean and you can continue with the next steps in this guide.
When the scan finishes, click Quarantine to remove everything Malwarebytes found. That’s it — your Windows PC is now clean of trojans, adware, and other malware, and should be back to running smoothly.
If your current antivirus allowed this malicious program on your computer, you may want to consider purchasing Malwarebytes Premium to protect against these types of threats in the future. If you are still having problems with your computer after completing these instructions, then please follow one of the steps:
Malwarebytes for Mac is a free on-demand scanner that removes the malware other security software tends to miss — adware, browser hijackers, and unwanted programs included. Cleaning an infected Mac with Malwarebytes has always been completely free, and it’s our go-to recommendation. Follow the steps below to scan and clean your Mac in just a few minutes.
Download Malwarebytes for Mac
Click the button below to download the latest version of Malwarebytes for Mac.
When the download finishes, open your Downloads folder and double-click the setup file to begin the installation.
Follow the On-Screen Prompts to Install Malwarebytes
The Malwarebytes for Mac Installer will guide you through a few quick screens. Click “Continue” and keep following the prompts until the installation completes.
When the installation is complete, Malwarebytes opens to the Welcome to Malwarebytes screen. Click “Get started“.
Select “Personal Computer” or “Work Computer”
Malwarebytes will ask what type of computer you’re installing it on. Click either Personal Computer or Work Computer, whichever applies.
Start the Scan
Click the “Scan” button. Malwarebytes will automatically update its detection database and begin checking your Mac for malware.
Wait for the Scan to Finish
Malwarebytes will scan your Mac for adware, browser hijackers, and other malicious programs. This can take a few minutes, so feel free to do something else — just check back occasionally to see the progress.
Quarantine the Detected Threats
When the scan is done, you’ll see a list of everything Malwarebytes found. Click the “Quarantine” button to remove all the threats at once.
Restart Your Mac
Malwarebytes will now remove all the malicious files it found. Some threats can only be fully removed after a reboot — if Malwarebytes asks you to restart, allow it. Once you’re logged back in, your Mac is clean.
Once the scan is done, remove every threat it detected. Your Mac is now free of adware, rogue browser extensions, and other potentially harmful software.
If your current antivirus allowed a malicious program on your computer, you might want to consider purchasing the full-featured version of Malwarebytes Anti-Malware to protect against these types of threats in the future. If you are still experiencing problems while trying to remove a malicious program from your computer, please ask for help in our Mac Malware Removal Help & Support forum.
Run a Malware Scan with Malwarebytes for Android
Malwarebytes for Android automatically detects and removes dangerous threats like malware and ransomware so you don’t have to worry about your most-used device being compromised. Aggressive detection of adware and potentially unwanted programs keeps your Android phone or tablet running smooth.
Download Malwarebytes for Android.
You can download Malwarebytes for Android by clicking the link below.
In the Google Play Store, tap “Install” to install Malwarebytes for Android on your device.
When the installation process has finished, tap “Open” to begin using Malwarebytes for Android. You can also open Malwarebytes by tapping on its icon in your phone menu or home screen.
Follow the on-screen prompts to complete the setup process
When Malwarebytes will open, you will see the Malwarebytes Setup Wizard which will guide you through a series of permissions and other setup options. This is the first of two screens that explain the difference between the Premium and Free versions. Swipe this screen to continue. Tap on “Got it” to proceed to the next step. Malwarebytes for Android will now ask for a set of permissions that are required to scan your device and protect it from malware. Tap on “Give permission” to continue. Tap on “Allow” to permit Malwarebytes to access the files on your phone.
Update database and run a scan with Malwarebytes for Android
You will now be prompted to update the Malwarebytes database and run a full system scan.
Click on “Update database” to update the Malwarebytes for Android definitions to the latest version, then click on “Run full scan” to perform a system scan.
Wait for the Malwarebytes scan to complete.
Malwarebytes will now start scanning your phone for adware and other malicious apps. This process can take a few minutes, so we suggest you do something else and periodically check on the status of the scan to see when it is finished.
Click on “Remove Selected”.
When the scan has been completed, you will be presented with a screen showing the malware infections that Malwarebytes for Android has detected. To remove the malicious apps that Malwarebytes has found, tap on the “Remove Selected” button.
Restart your phone.
Malwarebytes for Android will now remove all the malicious apps that it has found. To complete the malware removal process, Malwarebytes may ask you to restart your device.
After the scan, tap Remove Selected to delete all detected threats. Your Android phone is now clean — no more malicious apps, adware, or browser redirects.
If your current antivirus allowed a malicious app on your phone, you may want to consider purchasing the full-featured version of Malwarebytes to protect against these types of threats in the future. If you are still having problems with your phone after completing these instructions, then please follow one of the steps:
Restore your phone to factory settings by going to Settings > General management > Reset > Factory data reset.
Now that your device is clean, keep it that way. Most infections start with a malicious ad or a fake download button — so blocking them at the source is your best defense.
We recommend AdGuard, which blocks malicious ads, phishing pages, and dangerous redirects before they can reach you.
The “Your Account Will Be Blocked” phishing scam targeting Facebook users is on the rise. Scammers send fake violation warnings telling recipients to click a link to avoid an account blocking. The link leads to a convincing but fake Facebook login page designed to steal credentials. Armed with a victim’s username and password, scammers can take over accounts and use them to spread more scams.
If you receive an unsolicited message about your Facebook account being disabled, exercise extreme caution. Do not click any links or provide personal information. Check Facebook directly to verify an account violation before taking any action. Be very wary of links promising to resolve account issues, as they are likely phishing attempts. Avoiding traps like this requires always thinking twice before clicking. With awareness and vigilance, Facebook users can protect their accounts from these insidious phishing scams.
FAQ
Is this Facebook blocking message real or a scam?
This is a scam. Facebook does not send out messages threatening to disable accounts and directing users to appeal via questionable links. Any message claiming your account is about to be blocked is likely a phishing scam.
How do I report a Facebook phishing scam?
Forward the scam message to phish@fb.com. You can also report phishing posts by clicking the three dots in the top right corner and selecting “Find support or report post.”
What happens if scammers take over my Facebook account?
They may post spam links or inappropriate content, message your friends with more scams, access personal info in your profile, and link unfamiliar apps or browsers. Move quickly to change your password and secure the account.
Can I get my account back if I entered my Facebook login on a scam page?
Yes, you can recover your account by resetting the password and following Facebook’s hacked account process. But act fast before they change login details or do more damage.
How can I improve Facebook security to avoid scams?
Turn on login approvals, use strong unique passwords, remove unrecognized linked apps, be wary of suspicious messages/links, and enable Facebook protective features like two-factor authentication. Avoid clicking questionable links, even if they seem to come from friends. And never provide your login info unless on the real Facebook website.
What are signs of a Facebook phishing scam page?
Fake Facebook pages used for phishing may have a slightly different URL, missing verification checkmarks, spelling errors, or different fonts/formatting. The page may ask you to log in or enter personal info in a way that the real Facebook would not. Always check the URL and closely examine any login page.
Should I click Facebook appeal links to unlock my account?
No, any links claiming your account is disabled and offering an appeal process are scams trying to phish your password. Facebook does not disable accounts without notice and provide links for appeals. If your account is ever disabled, log into Facebook directly to submit an appeal.
What precautions can Facebook Page admins take against phishing?
Use strong unique passwords, limit admin roles, be extra cautious of odd messages, avoid clicking unverified links, secure accounts with two-factor authentication, monitor activity logs for unauthorized access, and contact Facebook if you suspect your account has been compromised.
Will Facebook compensate me if my account is hacked due to a phishing scam?
No, Facebook is not liable for damages caused by phishing scams or account hijacking. All users are responsible for properly securing their own accounts and avoiding phishing links. Make sure to follow Facebook security best practices.
In summary, be vigilant against any Facebook message that seems suspicious. Look out for scam warning signs, enable protective account features, and think twice before clicking links or entering login credentials. With proper precautions, you can protect your Facebook account and avoid surrendering it to phishing scammers.
10 Rules to Avoid Online Scams
Here are 10 practical safety rules to help you avoid malware, online shopping scams, crypto scams, and other online fraud. Each tip includes a quick “if you already got hit” action.
Stop and verify before you click, log in, download, or pay.
Most scams win by creating urgency. Verify using a trusted method: type the website address yourself, use the official app, or call a known number (not the one in the message).
If you already clicked: close the page, do not enter passwords, and run a malware scan.
Keep your operating system, browser, and apps updated.
Updates patch security holes used by malware and malicious ads. Turn on automatic updates where possible.
If you saw a scary “update now” pop-up: close it and update only through your device settings or the official app store.
Use layered protection: antivirus plus an ad blocker.
Antivirus helps block malware. An ad blocker reduces scam redirects, phishing pages, and malvertising.
If your browser is acting weird: remove unknown extensions, reset the browser, then run a full scan.
Install apps, software, and extensions only from official sources.
Avoid cracked software, “keygens,” and random downloads. During installs, choose Custom/Advanced and decline bundled offers you do not recognize.
If you already installed something suspicious: uninstall it, restart, and scan again.
Treat links and attachments as untrusted by default.
Phishing often impersonates delivery services, banks, and popular brands. If it is unexpected, do not open attachments or log in through the message.
If you entered credentials: change the password immediately and enable 2FA.
Shop safely: research the store, then pay with protection.
Be cautious with brand-new stores, “closing sale” stories, and prices that make no sense. Prefer credit cards or PayPal for dispute options. Avoid wire transfers, gift cards, and crypto payments.
If you already paid: contact your card issuer or PayPal quickly to dispute the transaction.
Crypto rule: never pay a “fee” to withdraw or recover money.
Common patterns include fake profits, then “tax,” “gas,” or “verification” fees. Another is a “recovery agent” who demands upfront crypto.
If you already sent crypto: stop paying, save evidence (wallet addresses, TXIDs, chats), and report the scam to the platform used.
Secure your accounts with unique passwords and 2FA (start with email).
Use a password manager and unique passwords for every account. Enable 2FA using an authenticator app when possible.
If you suspect an account takeover: change passwords, sign out of all devices, and review recent logins and recovery settings.
Back up important files and keep one backup offline.
Backups protect you from ransomware and device failure. Keep at least one backup on an external drive that is not always connected.
If you suspect infection: do not connect backup drives until the system is clean.
If you think you are a victim: stop losses, document evidence, and escalate fast.
Move quickly. Speed matters for disputes, account recovery, and limiting damage.
Stop payments and contact: do not send more money or respond to the scammer.
Call your bank or card issuer: block transactions, replace the card if needed, and start a dispute or chargeback.
Secure your email first: change the email password, enable 2FA, and remove unfamiliar recovery options.
Secure other accounts: change passwords, enable 2FA, and log out of all sessions.
Scan your device: remove suspicious apps or extensions, then run a full malware scan.
Save evidence: screenshots, emails, order pages, tracking pages, wallet addresses, TXIDs, and chat logs.
Report it: to the payment provider, marketplace, social platform, exchange, or wallet service involved.
These rules are intentionally simple. Most online losses happen when decisions are rushed. Slow down, verify independently, and use payment methods and account controls that give you recourse.
Thomas is an expert at uncovering scams and providing in-depth reporting on cyber threats and online fraud. As an editor, he is dedicated to keeping readers informed on the latest developments in cybersecurity and tech.
