Uncovering the “We Added a Restriction” Facebook Scam
Written by: Stelian Pilici
Published on:
Social media scams are becoming increasingly common, with fraudsters looking to take advantage of unsuspecting users on platforms like Facebook and Instagram. One such scam that has been making the rounds recently is the “We Added a Restriction to Your Account” phishing scam.
This scam aims to trick users into providing personal information or payment details by posing as an official notice from Meta, the parent company of Facebook and Instagram. Scammers create fake profiles or pages with names like “We Added a Restriction to Your Account” and use official branding elements to make them seem legitimate.
While it may look real at first glance, this scam is completely fake and has nothing to do with Meta or your social media accounts. If you receive a message about account restrictions, it’s important not to fall for it.
In this comprehensive guide, we’ll explain exactly how the “We Added a Restriction to Your Account” scam works, provide tips on how to spot and avoid it, and detail what to do if you accidentally fell victim.
This Article Contains:
Scam Overview
The “We Added a Restriction to Your Account” scam has been actively targeting Facebook and Instagram users since around July 2022.
Scammers create fake Facebook or Instagram profiles, often using names like “We Added a Restriction to Your Account” or “Your Account was Restricted”. The profile picture is changed to a fake warning or error symbol.
The “We Added a Restriction to Your Account” scam has two main goals:
Trick users into providing sensitive personal information like passwords or credit card details
Get users to pay fake “unlock” fees to regain account access
To accomplish this, scammers use sophisticated social engineering techniques to make their messages seem real. Here’s a quick rundown of how the scam typically works:
A fake profile or page is created with Meta branding and messaging about account restrictions.
The page sends users direct messages or posts claiming their account has been restricted.
Reasons given for the restriction include adult content, copyrighted material, abuse/harassment, etc.
Users are instructed to click a link and provide personal details to “unlock” their account.
The link leads to a phishing site asking for login credentials, payment info, etc.
Users who comply compromise their personal information and may have money stolen.
This scam preys on people’s fear of losing access to their social media accounts. By posing as Meta and claiming there is a restriction, scammers know worried users will be more likely to provide the info they ask for.
But the messaging is completely false and part of an elaborate ploy to steal personal data. Your account is not actually at risk in this scam.
The scammers target users by sending them direct messages or leaving comments claiming that restrictions have been added to their account. The messages look convincing, designed to instill fear that your access will be revoked if you don’t take action.
Here are some examples of the messaging used:
“Your account is breaking our terms and conditions around abusive content. A restriction has been added. Submit a review request to regain access.”
“We have added a restriction to your account for violations around copyrighted material. Complete the form to request reinstatement.”
“A permanent restriction has been added to your account. Provide your username and password via the link below to unlock your access.”
The messages include links to fake Facebook or Instagram account review forms on fraudulent websites controlled by the scammers. The websites are designed to mimic the real platforms.
If you visit the fake review websites and submit your details, the scammers can steal your login credentials, personal information, and even payment information.
In some cases, you may be redirected to real Facebook and Instagram account review forms after submitting on the fake sites. This is to avoid raising suspicions. However your details have still been compromised.
Some other indications that it’s the “We Added a Restriction to Your Account” scam:
The messages are not in the official Facebook/Instagram messaging apps. They will be in your general inbox or social media notifications.
The profile sending them has zero friends/followers or was only recently created.
There are spelling and grammar errors in the messages.
You have not actually violated any terms and conditions.
How the “We Added a Restriction” Scam Works
To pull off this scam, fraudsters have to carefully plan and execute a number of steps. Here is a more in-depth look at exactly how the “We Added a Restriction to Your Account” phishing scam works at each stage:
Step 1. Setting Up Fake Profiles/Pages
The first thing scammers have to do is set up one or more profiles or pages that can be used for the scam. They put a lot of work into making these accounts seem real and official.
Some techniques they use include:
Naming accounts something like “We Added a Restriction to Your Account” or “Instagram Account Restriction” to pose as Meta.
Using Meta’s logo, font, branding colors, and messaging in the profile photo, bio, etc.
Having a username that looks like it could be an official Meta account.
Filling out the profile with fake business info to look legit.
Crafting the page carefully to mimic official communication styles Meta uses.
These small details are easy to miss, so the profiles can appear very convincing at first glance. But looking closer reveals small mistakes that expose them as fake.
Step 2. Targeting Specific Users
Once the profiles are set up, scammers shift their focus to targeting. They use a few methods to find and contact specific users, including:
Searching hashtags and keywords to find users interested in certain topics.
Using bots to automatically follow/message a massive number of random accounts.
Purchasing lists of profiles from the dark web to target.
Going after users who recently posted about account issues.
Targeting is important so scammers can maximize their response rate. They focus on users more likely to believe the restriction scam and engage with the fake profiles.
Step 3. Sending Phishing Messages
The next stage involves actively contacting users and sending phishing messages about account restrictions.
These messages may be sent via:
Direct messaging users.
Commenting on posts with warnings about restrictions.
Creating fake posts and tagging users to notify them.
The messages claim the user’s account has been restricted for violations like adult content, copyright issues, abusive behavior, impersonation, etc.
Official-sounding language is used to cite policies and tell users to take action to remove the restriction. Links are included to guide users through the process.
Of course, none of this is true – the scammers simply pick random violation reasons to scare users. But the messages can seem legitimate if you don’t realize the source is fake.
Step 4. Getting Users to Click
Getting users to actually click on the links is the next crucial step. Different tactics are used to increase clicks, such as:
Using language like “urgent action required” so users feel rushed.
Warning the account will be deleted if action isn’t taken quickly.
Threatening permanent disabling of accounts that don’t comply.
Promising quick removal of restrictions if users follow instructions.
These tactics instill fear and give users a false sense of urgency to click without thinking. The scammers know that panicking users are much more likely to click on links and provide information.
Step 5. Sending Users to Phishing Sites
The links embedded in the messages take users to fake phishing sites designed to mimic Facebook and Instagram login screens. These sites capture any information entered by users.
On the phishing sites, users are prompted to:
Enter their username and password to “confirm” their identity.
Provide additional personal details like address, DOB, etc.
Submit credit card information to pay an “unlock” fee.
The scammers will harvest any data entered on these sites. Even vigilante users might accidentally give away some information just trying to figure out if the sites are real.
Step 6. Stealing User Data
If all goes according to plan for the scammers, they are now in possession of users’ login credentials, personal info, and possibly even financial data. There are a few things they may do next:
Access and take over the user’s actual social media account.
Use credentials try logging into other sites if password reuse is suspected.
Put stolen credit cards to use for purchases and cash withdrawals.
Sell user data bundles on the dark web to other scammers.
Hold accounts hostage until the user pays a ransom fee.
Either way, the users’ info is now compromised. Once in the hands of scammers, personal data can be used in many more criminal ways.
Who is Behind the Scam?
The scammers orchestrating this scam appear to be individuals or small groups rather than an organized cybercrime network. However, their techniques are sophisticated, signaling some expertise.
They hide their real locations and identities using VPNs and proxy servers. Most of the fake sites and social media accounts linked to this scam originate from countries like Russia, Indonesia, Brazil, and Mexico.
The ultimate goal is to steal personal information and credentials to access accounts, or make money through fraudulent payments and advertising revenue from their fake sites.
Scam Prevalence
This scam started emerging around July 2022 but has rapidly accelerated in scope. Based on third-party data, over 60,000 Facebook users engaged with fake “account restriction” profiles in a single week of September 2022.
Hundreds of mirror sites have been set up to mimic Facebook and Instagram and steal users’ information. The scam relentlessly targets users, with some individuals receiving messages daily across multiple platforms.
Without sufficient awareness, millions of social media users are at risk of falling for this scam. Financial losses may also occur from those tricked into making payments to remove fake restrictions.
What to do if you have fallen victim
If you suspect you have fallen prey to the “We Added a Restriction to Your Account” scam, swift action is required to secure your accounts and information.
Here are the steps to take if you shared your login details, personal information or made payments:
1. Reset your account password and security options
If you entered your Facebook or Instagram login details into a fake site, immediately change your password. Enable two-factor authentication if it is not already on.
Remove any unfamiliar linked accounts or devices and deauthorize any approved applications you don’t recognize. This will revoke access to scammers.
2. Check connections for compromised accounts
Check your friend/follower lists for any recently added accounts. Remove accounts you don’t know.
Scammers sometimes use compromised connections to spread scams. Check any odd messages sent from friends. Their accounts may be hacked.
3. Monitor account activity
Carefully review your account activity for any posts, messages or actions you didn’t make. Delete anything suspicious.
Turn on login notifications if available. You’ll then be alerted whenever your account is accessed.
4. Scan devices for malware
If you clicked any links, downloaded files or entered details into fake sites, scan your devices for malware with Malwarebytes. Keyloggers or info-stealing programs may have been installed.
Update your device security software and run full system scans. An infected device means your new password isn’t safe.
5. Contact relevant institutions
If you made any payments via credit card or other methods, contact those companies immediately. Alert them to the scam and have the transactions reversed or cards cancelled.
If you have other compromised personal information, consider notifying relevant institutions you work or bank with to flag potential identity theft issues. Place warnings on your credit reports.
6. Report fake profiles and sites
Collect any details about fake profiles and fraudulent sites you encountered. Include links, usernames, screenshots and site addresses.
Report them thoroughly to Facebook, Instagram and relevant cybercrime authorities in your region. Your reports can help get fake profiles removed and sites shut down.
7. Reset all account passwords
To be safe, reset the passwords for all your online accounts. Use unique, complex passwords for each account saved in a password manager. Enabling two-factor authentication provides an extra layer of security as well.
Cybercriminals sometimes use credentials stolen on one site to access other linked accounts. Resetting all passwords limits this opportunity.
How to Avoid the “We Added a Restriction to Your Account” Scam
While no one can have perfect immunity from cyber scams, there are important measures you can take to avoid falling victim and protect your accounts:
Be skeptical of unsolicited messages
Don’t trust random messages you receive claiming there are access restrictions on your accounts. Verify directly with the official platform if you have any doubts.
Official notifications will be sent from established accounts through the app itself, not general messaging channels.
Check sender profiles
Clicking on social media profiles sending you notifications often reveals red flags like zero friends/followers, recently created or location set to somewhere obscure.
Consult platforms like Facebook and Instagram for verified account badges and indicators. Avoid trusting unverified profiles.
Watch for phishing techniques
Phishing links may be embedded in messages to lure you to fake sites. Hover over links to reveal the real website address.
Spelling and grammar errors are also telltale signs of scams. Slow down and read carefully rather than rushing through ominous messages.
Never share your password
Your social media passwords should never be entered anywhere except the legitimate login page of the respective site.
Any external site or message asking for your password is extremely suspicious and should be avoided.
Use login notifications
Turn on login notifications which alert you of logins from new devices. This lets you identify any unauthorized access attempts and quickly change your password.
Enable two-factor authentication
Two-factor authentication adds an extra step to logging in by requiring a secondary one-time code. This prevents criminals accessing your account even if they have your password.
Avoid account review services
Outside services offering to review and restore disabled social media accounts are risky. They may steal your details or get your accounts banned through botting.
Is Your Device Infected? Check for Malware
If your device is running slowly or acting suspicious, it may be infected with malware. Malwarebytes Anti-Malware Free is a great option for scanning your device and detecting potential malware or viruses. The free version can efficiently check for and remove many common infections.
Malwarebytes can run on Windows, Mac, and Android devices. Depending on which operating system is installed on the device you’re trying to run a Malwarebytes scan, please click on the tab below and follow the displayed steps.
Malwarebytes For WindowsMalwarebytes For MacMalwarebytes For Android
Scan your computer with Malwarebytes for Windows to remove malware
Malwarebytes is one of the most popular and most used anti-malware software for Windows, and for good reasons. It is able to destroy many types of malware that other software tends to miss, without costing you absolutely nothing. When it comes to cleaning up an infected device, Malwarebytes has always been free and we recommend it as an essential tool in the fight against malware.
Download Malwarebytes for Windows.
You can download Malwarebytes by clicking the link below.
When Malwarebytes has finished downloading, double-click on the MBSetup file to install Malwarebytes on your computer. In most cases, downloaded files are saved to the Downloads folder.
You may be presented with a User Account Control pop-up asking if you want to allow Malwarebytes to make changes to your device. If this happens, you should click “Yes” to continue with the Malwarebytes installation.
Follow the on-screen prompts to install Malwarebytes.
When the Malwarebytes installation begins, you will see the Malwarebytes setup wizard which will guide you through the installation process. The Malwarebytes installer will first ask you what type of computer are you installing this program on, click either Personal Computer or Work Computer.
On the next screen, click “Install” to install Malwarebytes on your computer.
When your Malwarebytes installation completes, the program opens the Welcome to Malwarebytes screen.
Click on “Scan”.
Malwarebytes is now installed on your computer, to start a scan click on the “Scan” button. Malwarebytes will automatically update the antivirus database and start scanning your computer for malicious programs.
Wait for the Malwarebytes scan to complete.
Malwarebytes will now scan your computer for browser hijackers and other malicious programs. This process can take a few minutes, so we suggest you do something else and periodically check on the status of the scan to see when it is finished.
Click on “Quarantine”.
When the Malwarebytes scan is finished scanning it will show a screen that displays any malware, adware, or potentially unwanted programs that it has detected. To remove the adware and other malicious programs that Malwarebytes has found, click on the “Quarantine” button.
Restart computer.
Malwarebytes will now remove all the malicious files and registry keys that it has found. To complete the malware removal process, Malwarebytes may ask you to restart your computer.
Your computer should now be free of trojans, adware, browser hijackers, and other malware.
If your current antivirus allowed this malicious program on your computer, you may want to consider purchasing Malwarebytes Premium to protect against these types of threats in the future. If you are still having problems with your computer after completing these instructions, then please follow one of the steps:
Scan your computer with Malwarebytes for Mac to remove malware
Malwarebytes for Mac is an on-demand scanner that can destroy many types of malware that other software tends to miss without costing you absolutely anything. When it comes to cleaning up an infected device, Malwarebytes has always been free, and we recommend it as an essential tool in the fight against malware.
Download Malwarebytes for Mac.
You can download Malwarebytes for Mac by clicking the link below.
When Malwarebytes has finished downloading, double-click on the setup file to install Malwarebytes on your computer. In most cases, downloaded files are saved to the Downloads folder.
Follow the on-screen prompts to install Malwarebytes.
When the Malwarebytes installation begins, you will see the Malwarebytes for Mac Installer which will guide you through the installation process. Click “Continue“, then keep following the prompts to continue with the installation process.
When your Malwarebytes installation completes, the program opens to the Welcome to Malwarebytes screen. Click the “Get started” button.
Select “Personal Computer” or “Work Computer”.
The Malwarebytes Welcome screen will first ask you what type of computer are you installing this program, click either Personal Computer or Work Computer.
Click on “Scan”.
To scan your computer with Malwarebytes, click on the “Scan” button. Malwarebytes for Mac will automatically update the antivirus database and start scanning your computer for malware.
Wait for the Malwarebytes scan to complete.
Malwarebytes will scan your computer for adware, browser hijackers, and other malicious programs. This process can take a few minutes, so we suggest you do something else and periodically check on the status of the scan to see when it is finished.
Click on “Quarantine”.
When the scan has been completed, you will be presented with a screen showing the malware infections that Malwarebytes has detected. To remove the malware that Malwarebytes has found, click on the “Quarantine” button.
Restart computer.
Malwarebytes will now remove all the malicious files that it has found. To complete the malware removal process, Malwarebytes may ask you to restart your computer.
Your Mac should now be free of adware, browser hijackers, and other malware.
If your current antivirus allowed a malicious program on your computer, you might want to consider purchasing the full-featured version of Malwarebytes Anti-Malware to protect against these types of threats in the future. If you are still experiencing problems while trying to remove a malicious program from your computer, please ask for help in our Mac Malware Removal Help & Support forum.
Scan your phone with Malwarebytes for Android to remove malware
Malwarebytes for Android automatically detects and removes dangerous threats like malware and ransomware so you don’t have to worry about your most-used device being compromised. Aggressive detection of adware and potentially unwanted programs keeps your Android phone or tablet running smooth.
Download Malwarebytes for Android.
You can download Malwarebytes for Android by clicking the link below.
In the Google Play Store, tap “Install” to install Malwarebytes for Android on your device.
When the installation process has finished, tap “Open” to begin using Malwarebytes for Android. You can also open Malwarebytes by tapping on its icon in your phone menu or home screen.
Follow the on-screen prompts to complete the setup process
When Malwarebytes will open, you will see the Malwarebytes Setup Wizard which will guide you through a series of permissions and other setup options. This is the first of two screens that explain the difference between the Premium and Free versions. Swipe this screen to continue. Tap on “Got it” to proceed to the next step. Malwarebytes for Android will now ask for a set of permissions that are required to scan your device and protect it from malware. Tap on “Give permission” to continue. Tap on “Allow” to permit Malwarebytes to access the files on your phone.
Update database and run a scan with Malwarebytes for Android
You will now be prompted to update the Malwarebytes database and run a full system scan.
Click on “Update database” to update the Malwarebytes for Android definitions to the latest version, then click on “Run full scan” to perform a system scan.
Wait for the Malwarebytes scan to complete.
Malwarebytes will now start scanning your phone for adware and other malicious apps. This process can take a few minutes, so we suggest you do something else and periodically check on the status of the scan to see when it is finished.
Click on “Remove Selected”.
When the scan has been completed, you will be presented with a screen showing the malware infections that Malwarebytes for Android has detected. To remove the malicious apps that Malwarebytes has found, tap on the “Remove Selected” button.
Restart your phone.
Malwarebytes for Android will now remove all the malicious apps that it has found. To complete the malware removal process, Malwarebytes may ask you to restart your device.
Your phone should now be free of adware, browser hijackers, and other malware.
If your current antivirus allowed a malicious app on your phone, you may want to consider purchasing the full-featured version of Malwarebytes to protect against these types of threats in the future. If you are still having problems with your phone after completing these instructions, then please follow one of the steps:
Restore your phone to factory settings by going to Settings > General management > Reset > Factory data reset.
Frequently Asked Questions about the “We Added a Restriction” scam
What is the “We Added a Restriction” scam?
This is a phishing scam where scammers impersonate social media platforms like Facebook and Instagram. They send fake messages claiming your account has been restricted and directing you to a phishing site to unlock it. The goal is to steal login credentials and personal information.
How do I recognize this scam?
Warning signs include:
Messages coming from profiles with slight differences from real account names.
Claims your account was restricted for violations without details.
Threats to delete your account if you don’t act quickly.
Links to unusual domains instead of official sites.
Messages eliciting fear or urgency.
Why would scammers restrict my social media account?
They won’t actually restrict your account – the messages are totally fake. Scammers just claim your account is restricted to trick you into giving them your password and details.
What happens if I click the links?
The links take you to convincing phishing sites to steal any information you enter. Usernames, passwords, addresses, etc. may be harvested and used to access your accounts.
Should I pay any requested unlock fees?
No, never pay the phishing sites. It’s just another way for scammers to take your money. Legit companies will not ask for payment via unsolicited messages.
How do I unlock my account if it’s really restricted?
Real account restrictions can only be appealed through official channels like Facebook/Instagram support. Random messages with links are always scams, even if your account was actually restricted coincidentally.
What should I do if I gave the scammers my information?
If you entered any details, change your passwords immediately. Check accounts for unauthorized access and monitor closely for suspicious activity. Contact banks if financial information was compromised.
How can I avoid this scam in the future?
Double check profiles, avoid clicking direct message links, use login notifications, and watch for attempts to incite panic or urgency. Only contact companies directly through official sites and numbers.
How do I report this scam?
Inform Facebook, Instagram, or the FTC by reporting the fake profiles, phishing links, and any details about the scam messages. This helps get fraudulent accounts removed and track down the scammers.
Conclusion
The “We Added a Restriction to Your Account” scam is a serious threat all social media users should be vigilant against in protecting their personal information. While the scam messages look authentic at first glance, learning to identify the red flags can keep you secure.
Never act in haste when receiving ominous notifications about account restrictions. Take time to independently verify messages through official channels before providing any information or payment.
With scam techniques constantly evolving, users should be proactive in securing accounts. Turn on login notifications, use strong unique passwords and enable two-factor authentication across all social platforms and linked services.
Being alert and following cybersecurity best practices makes you a much less attractive target to scammers. Share awareness of this scam with your social network as well. The more informed social media users are, the less effective these criminal campaigns will be. Stay safe online.
How to Stay Safe Online
Here are 10 basic security tips to help you avoid malware and protect your device:
Use a good antivirus and keep it up-to-date.
It's essential to use a good quality antivirus and keep it up-to-date to stay ahead of the latest cyber threats. We are huge fans of Malwarebytes Premium and use it on all of our devices, including Windows and Mac computers as well as our mobile devices. Malwarebytes sits beside your traditional antivirus, filling in any gaps in its defenses, and providing extra protection against sneakier security threats.
Keep software and operating systems up-to-date.
Keep your operating system and apps up to date. Whenever an update is released for your device, download and install it right away. These updates often include security fixes, vulnerability patches, and other necessary maintenance.
Be careful when installing programs and apps.
Pay close attention to installation screens and license agreements when installing software. Custom or advanced installation options will often disclose any third-party software that is also being installed. Take great care in every stage of the process and make sure you know what it is you're agreeing to before you click "Next."
Install an ad blocker.
Use a browser-based content blocker, like AdGuard. Content blockers help stop malicious ads, Trojans, phishing, and other undesirable content that an antivirus product alone may not stop.
Be careful what you download.
A top goal of cybercriminals is to trick you into downloading malware—programs or apps that carry malware or try to steal information. This malware can be disguised as an app: anything from a popular game to something that checks traffic or the weather.
Be alert for people trying to trick you.
Whether it's your email, phone, messenger, or other applications, always be alert and on guard for someone trying to trick you into clicking on links or replying to messages. Remember that it's easy to spoof phone numbers, so a familiar name or number doesn't make messages more trustworthy.
Back up your data.
Back up your data frequently and check that your backup data can be restored. You can do this manually on an external HDD/USB stick, or automatically using backup software. This is also the best way to counter ransomware. Never connect the backup drive to a computer if you suspect that the computer is infected with malware.
Choose strong passwords.
Use strong and unique passwords for each of your accounts. Avoid using personal information or easily guessable words in your passwords. Enable two-factor authentication (2FA) on your accounts whenever possible.
Be careful where you click.
Be cautious when clicking on links or downloading attachments from unknown sources. These could potentially contain malware or phishing scams.
Don't use pirated software.
Avoid using Peer-to-Peer (P2P) file-sharing programs, keygens, cracks, and other pirated software that can often compromise your data, privacy, or both.
To avoid potential dangers on the internet, it's important to follow these 10 basic safety rules. By doing so, you can protect yourself from many of the unpleasant surprises that can arise when using the web.
Leave a Comment
Meet Stelian Pilici
Stelian leverages over a decade of cybersecurity expertise to lead malware analysis and removal, uncover scams, and educate people. His experience provides insightful analysis and valuable perspective.
MALWAREBYTES FOR WINDOWS DOWNLOAD LINK
