Don’t Fall for the “Business Services” Facebook Scam

Facebook is home to over 2.9 billion active users, making it the biggest social media platform in the world. With such a massive userbase, Facebook unfortunately also attracts a lot of scammers looking to take advantage of unsuspecting users.

One scam that has been making the rounds recently is the “Business Services” scam. This cleverly designed scam targets Facebook page administrators by posing as Facebook support and claiming the recipient’s account is at risk of being deactivated.

In this comprehensive guide, we will break down exactly how the “Business Services” Facebook scam works, who it targets, and most importantly, how you can avoid falling victim to it.

Business Services

Facebook Scam 2

Overview of the Scam

The “Business Services” scam is designed to steal login credentials and hijack Facebook pages from their rightful administrators. It starts with the scammers sending an ominous message claiming to be from Facebook’s support team or copyright division.

The message uses scare tactics such as warning the recipient their account is violating Facebook’s terms or is at risk of being deactivated. To “resolve” this fictitious violation or deactivate risk, the message provides a link for the recipient to “verify” their account.

However, this link does not lead to Facebook, but rather a fake login page controlled by the scammers. Once the recipient enters their username and password, the scammers gain access and can fully compromise both their personal profile and any Facebook pages they manage.

Who Does This Scam Target?

This scam predominantly targets two groups:

  • Administrators of popular Facebook pages – The scammers are hoping to hijack pages with large followings so they can use the brand and reach to run additional scams. A page with an established audience is very valuable to them.
  • Everyday Facebook users – While not the primary target, regular Facebook users could also receive these scam messages. The scammers likely mass message users hoping some will fall for it. They will take over any account they can compromise.

Where Are the Scam Messages Coming From?

The messages appear to come from an account named “Business Services”. This name is designed to sound vaguely like a real Facebook service or department.

The account uses Facebook’s logo and images to appear more legitimate. However, it is not actually associated with Facebook in any way. Any message from this account should be considered extremely suspicious.

How the “Business Services” Scam Works

The “Business Services” Facebook scam can be broken down into several meticulously planned steps designed to steal login credentials under the guise of account verification.

Understanding each phase of this process is crucial to recognizing and avoiding this scam. Here is a detailed, step-by-step overview of how this phishing technique unfolds:

1. Receiving the Initial Scam Message

The scam starts with an unsolicited Facebook message sent to the target’s inbox. The message appears to come from an account called “Business Services”.

The account name, profile image of the Facebook logo, and use of terms like “Copyright Violation” or “Community Standards Violation” in the subject line are all carefully crafted to seem official.

However, this message is in no way associated with or sent by Facebook itself. Any communication from “Business Services” should be considered highly suspicious.

Here is how a scam message may look:

Dear admin page!

POLICY PAGE!

Your Page has infringed copyright information!

Your account has been detected in violation of our current copyright policy. For security reasons. and To prevent permanent deactivation of your account, follow these steps. In more serious cases, we will cancel your report immediately. if you do not confirm, our system will automatically block your account.

Verify these related accounts: http://facebook-help.us/XKupsnaU/zBYoCTsJo3XXP.html

Thank you for helping us improve our account services.

FB copyright team integration.

The pages marked below are copyright infringers.

2. Threat of Account Deactivation

The content of the message is designed to instill fear that your account is at risk. The scam message may claim something like:

  • Your account has been flagged for violating Facebook’s terms or community standards
  • You have shared prohibited copyrighted content
  • You recently posted offensive or dangerous content
  • Your account is scheduled for deactivation within 24 hours

Of course, you have not actually done anything to warrant deactivation, but this threat is used to scare you into handing over your login credentials.

3. Providing a Link to “Verify Your Account”

After stating your account is in jeopardy, the scam message provides a link supposedly to verify or validate your account with Facebook.

Some example text used in the message is:

  • Click here immediately to confirm your account ownership
  • This verification link must be used to avoid deactivation
  • Follow this link and login to confirm your account status

However, this link does not lead to Facebook or any real account verification. It is a malicious phishing link controlled by the scammers.

4. Redirecting Users to a Fake Facebook Login Page

Once you click the link, it redirects to a webpage styled to look exactly like Facebook’s real login page.

Everything from the design, logo, dashboard image, and wording are copied to seem legitimate. However, the URL will clearly show this is not actually Facebook.

The page asks you to enter your username and password “to confirm your account”. In reality, any details entered are delivered directly to the scammers.

5. Unknowingly Providing Your Login Credentials

Because the fake Facebook login page looks so real, most users will instinctively enter their information when prompted without thinking anything is wrong.

Since people log into Facebook regularly, this is a highly effective technique for capturing credentials. After you enter your username and password, they are transmitted to the scammers.

6. Scammers Gain Full Access to Your Account

Armed with your username and password, the scammers can now access your Facebook account as if they were you. They have all the keys needed to impersonate you online.

Any personal data, messages, connected accounts, friends list, and especially access to any Facebook pages you administer are now under the scammers’ control. This allows them to reach a wide audience under your identity.

7. Changing Account Details to Lock You Out

Once inside your compromised account, the first thing scammers will do is change key details like your password, contact email address, and security settings.

This is done to deny you access, cement their control, and prevent you from quickly recovering your account. They essentially block you out of your own account.

8. Using Your Identity and Connections for Further Scams

With your account hijacked and tailored to suit them, the scammers can now carry out additional scams by impersonating you.

They have access to an established network of your friends and followers. Some examples of what they may do next:

  • Spread dangerous links that download malware or capture even more data
  • Run phishing scams by impersonating you and targeting your connections
  • Post inappropriate content to damage your reputation
  • Use your pages and identity to scam your followers and spreads misinformation
  • Access connected accounts like email or financial accounts for identity theft

As you can see, the “Business Services” scam is painstakingly designed to prey on people’s fear of losing their Facebook account. If you are not aware it is a scam, it can be easy to fall for. Now that you know how it works, you can identify these messages and avoid the trap.

How to Spot This Scam on Facebook

Knowing exactly what to look out for is key to identifying and avoiding the “Business Services” Facebook scam. Here are the telltale signs that a message is part of this phishing campaign:

Sender Name of “Business Services”

Messages from this fabricated account name are the hallmark of this scam. Legitimate Facebook emails and messages will come from “Facebook” or specific support teams. Be wary of any unsolicited messages from this suspicious account name.

Threats of Account Deactivation

Scam messages will nearly always claim your account is violating Facebook policies or is at risk of being disabled. This is a fear-based tactic to spur users to hand over their login information. Facebook does not typically threaten account deletion without ongoing communication and providing a way to resolve issues first.

Links to Verify Accounts

Messages will contain a link supposedly for you to verify or validate your account with Facebook to avoid the supposed deletion. The link goes to a fake Facebook login page controlled by scammers to capture your credentials when you attempt to log in.

Login Pages with Slightly Off URLs

The link in the messages leads to login pages styled exactly like the real Facebook site, but upon closer inspection the URL will clearly show it is not actually Facebook. Look for minor differences or misspellings.

Requests to Login or Enter Credentials

Facebook would never message you out of the blue requiring you to login or asking for your password or other credentials. Any unsolicited messages of this nature are highly suspicious, even if styled to look official. Err strongly on the side of caution if being prompted to login.

Poor Spelling and Grammar

While not a guarantee, scam messages often contain typos, spelling errors, strange phrasing, and broken grammar. The scams originate overseas. While not definitive proof, odd writing can be a red flag.

Stay vigilant for any communications from “Business Services” or containing these traits. Never login or share your credentials unless you initiated the login process yourself via Facebook’s actual app or website. If in doubt, contact Facebook Support directly to confirm any messages before taking action. Protect your account!

What to Do If You Have Fallen Victim to This Scam

If you unfortunately entered your Facebook login details into the fake verification page, the scammers now have control of your account. Here are the steps you should take immediately:

1. Use Another Device to Change Your Password

The first priority is changing your password as soon as possible before the scammers do. Do not try to change the password from the same device you entered it on, as it could already be compromised. Use a secondary device like a phone, work computer, or friend’s device.

Change your password to something completely new that the scammers could not guess. Enable two-factor authentication for an extra layer of security.

2. Check Connected Apps and Remove Anything Suspicious

In your Facebook settings, look at the list of apps and websites connected to your account. The scammers may have linked tools to maintain access. Remove anything unfamiliar.

Revoke access for any apps you think are suspicious. This cuts off a potential backdoor into your account.

3. Scan Your Computer for Malware

The fake Facebook verification page you visited could have downloaded malware onto your computer without you realizing. Download Malwarebytes and perform a full system scan to check for anything malicious.

Removing any malware found can stop the scammers from monitoring you or accessing your new password.

4. Contact Facebook to Report the Scam

Facebook has a form to report hacked or compromised accounts. Provide details on how your account was scammed so Facebook can investigate and strengthen protections.

You may also want to proactively reach out to Facebook support via chat or email to expedite recovering your account.

5. Check Other Accounts Linked to Your Facebook

Chances are your Facebook was connected in some way to accounts like email, Instagram, Amazon, etc. The scammers could leverage this to compromise your other accounts.

To be safe, change the passwords for any accounts linked to your Facebook that the scammers may have gained access to. Enable two-factor authentication wherever possible.

6. Use Facebook’s Account Recovery Steps

If the scammers changed your password and took over your account before you could recover it, Facebook has an account recovery process.

You will need to provide info only the legitimate account holder would know, like email addresses used, phone numbers, locations where you logged in from, etc. Facebook should be able to confirm you are the valid account owner.

7. Warn Friends and Followers

Let your Facebook friends list and any followers of your pages know that your account was compromised. Tell them to be wary of any odd messages or posts made after the scam, as those did not come from you.

Suggest they tighten security settings and watch for suspicious login activity on their own accounts. The scammers may target more people you know.

Frequently Asked Questions About the “Business Services” Scam

This Facebook phishing scam has many users concerned and needing answers. Here are comprehensive responses to some frequently asked questions regarding the “Business Services” con to help you protect yourself:

What is the “Business Services” Scam?

This scam uses fake security warnings purportedly from Facebook Support to trick users into providing their Facebook login credentials. Scammers send messages warning your account will be deleted unless you “verify” it through a provided phishing link.

Who is behind this scam?

This scam comes from an account named “Business Services” which pretends to be a real Facebook account security service. However, Facebook has confirmed it is unaffiliated. The identity of the actual scammers is unknown.

How does the scam work?

You receive a message claiming your account is at risk. It provides a “verification” link leading to a fake Facebook login page. Without realizing, you may enter your username and password, allowing scammers to steal your credentials and access your account.

What is the end goal of this scam?

The scammers aim to hijack valuable Facebook pages and accounts with large followings. This allows them to perpetrate additional scams leveraging the reach of these compromised accounts.

What damage can this scam cause?

This scam can allow takeover of both your personal profile and any Facebook pages you administer. The scammers can then destroy your reputation, spread malware, steal identities, and access connected accounts, amongst other damages.

How can I avoid falling for this scam?

Do not click any links in unsolicited messages claiming to be from Facebook Security teams. Log into Facebook directly through the app or website to check any account notifications. Enable two-factor authentication as well for enhanced security.

What should I do if I fell for this scam?

If you entered your login details, change your password immediately from a different device the scammers would not have access to. Also remove any unauthorized connected apps, run anti-virus scans, contact Facebook Support, and warn your friends not to interact with the compromised account.

How can I report this scam?

You can report any messages from “Business Services” to Facebook directly through their reporting forms. Submit details on the source account, content of scam messages, and any impacts the scam had on your accounts.

How can I help others avoid this scam?

Share warnings about this scam on your own social media accounts. Educate friends and family to be wary of messages from “Business Services”. Encourage them to use robust security settings for Facebook and other accounts.

The Bottom Line

The “Business Services” Facebook scam is an insidious phishing technique that can compromise both personal profiles and page accounts. The messages appear official but are simply a tactic to steal login credentials.

If you receive a message from “Business Services” or claiming your Facebook account is at risk, do not click any links. Report the message to Facebook immediately. Never login from an unsolicited link, no matter how legitimate it looks.

Should you fall victim and have your account hijacked, take swift action by changing passwords, removing connected apps, scanning for malware, and contacting Facebook support. Also warn your network of contacts about the scam to prevent further spread.

Stay vigilant against phishing attempts, implement robust security settings, and verify any communications purporting to be from Facebook’s teams. With awareness of how this scam operates, you can keep yourself and your account protected.

How to Stay Safe Online

Here are 10 basic security tips to help you avoid malware and protect your device:

  1. Use a good antivirus and keep it up-to-date.

    Shield Guide

    It's essential to use a good quality antivirus and keep it up-to-date to stay ahead of the latest cyber threats. We are huge fans of Malwarebytes Premium and use it on all of our devices, including Windows and Mac computers as well as our mobile devices. Malwarebytes sits beside your traditional antivirus, filling in any gaps in its defenses, and providing extra protection against sneakier security threats.

  2. Keep software and operating systems up-to-date.

    updates-guide

    Keep your operating system and apps up to date. Whenever an update is released for your device, download and install it right away. These updates often include security fixes, vulnerability patches, and other necessary maintenance.

  3. Be careful when installing programs and apps.

    install guide

    Pay close attention to installation screens and license agreements when installing software. Custom or advanced installation options will often disclose any third-party software that is also being installed. Take great care in every stage of the process and make sure you know what it is you're agreeing to before you click "Next."

  4. Install an ad blocker.

    Ad Blocker

    Use a browser-based content blocker, like AdGuard. Content blockers help stop malicious ads, Trojans, phishing, and other undesirable content that an antivirus product alone may not stop.

  5. Be careful what you download.

    Trojan Horse

    A top goal of cybercriminals is to trick you into downloading malware—programs or apps that carry malware or try to steal information. This malware can be disguised as an app: anything from a popular game to something that checks traffic or the weather.

  6. Be alert for people trying to trick you.

    warning sign

    Whether it's your email, phone, messenger, or other applications, always be alert and on guard for someone trying to trick you into clicking on links or replying to messages. Remember that it's easy to spoof phone numbers, so a familiar name or number doesn't make messages more trustworthy.

  7. Back up your data.

    backup sign

    Back up your data frequently and check that your backup data can be restored. You can do this manually on an external HDD/USB stick, or automatically using backup software. This is also the best way to counter ransomware. Never connect the backup drive to a computer if you suspect that the computer is infected with malware.

  8. Choose strong passwords.

    lock sign

    Use strong and unique passwords for each of your accounts. Avoid using personal information or easily guessable words in your passwords. Enable two-factor authentication (2FA) on your accounts whenever possible.

  9. Be careful where you click.

    cursor sign

    Be cautious when clicking on links or downloading attachments from unknown sources. These could potentially contain malware or phishing scams.

  10. Don't use pirated software.

    Shady Guide

    Avoid using Peer-to-Peer (P2P) file-sharing programs, keygens, cracks, and other pirated software that can often compromise your data, privacy, or both.

To avoid potential dangers on the internet, it's important to follow these 10 basic safety rules. By doing so, you can protect yourself from many of the unpleasant surprises that can arise when using the web.