Uncovering the “Your Account Has Been Reported” Facebook Scam 

Photo of author

Written by: Stelian Pilici

Published on:

Facebook has over 3 billion active users worldwide, making it the most popular social media platform today. With such a massive userbase, scammers and cybercriminals are always looking for ways to exploit unsuspecting Facebook users. One prevalent scam tactic that has been circulating for years is the ‘Your account has been reported’ phishing scam.

Flat hacker with laptop stealing personal data in internet

Overview of the Scam

This scam starts with the victim receiving a message in their Facebook inbox stating that their account or page has been reported numerous times for policy violations. The message will typically say something like:

“Your page has been reported 7 times. We have temporarily suspended your page because you have violated our terms and conditions.”

The message then urges the recipient to click on a link to ‘verify their account’ and avoid suspension. However, this link leads to a fake Facebook log-in page designed to steal login credentials and account access.

This deceptive tactic preys on people’s fear of losing access to their Facebook account. By claiming the account is at risk of being suspended, many panic and click the link without thinking. Once your login details are harvested, the scammers can fully compromise your account.

How Did My Account Get ‘Reported’?

Firstly, it’s important to understand that your account has not been reported. The message you received is entirely fake and sent by scammers to many other unsuspecting users. There are no actual policy violations or user reports against your account.

The scammers obtained your contact information through various illicit means. Most likely your email or phone number was part of a data breach, purchased on the dark web, or scraped from other websites by bots.

With access to your contact info, the criminals crafted a personalized message pretending to be from Facebook. The goal is to trick you into thinking your account is in jeopardy, so you act impulsively to ‘save’ it.

What’s the Endgame for Scammers?

Their aim is to steal your Facebook login credentials and account access. Once a scammer gains access to your account, the possibilities for exploitation are endless.

They can steal your personal information and photos, impersonate you to scam your friends, post dangerous misinformation, hijack or delete your Facebook groups and pages if you run any, and more.

In essence, access to your account allows them to steal your online identity. Your account is a gateway to compromising your security and privacy in devastating ways.

This highlights why it’s so important to recognize this scam and avoid falling for it. No genuine Facebook notification will ever ask you to enter your password or sensitive information through an external link.

Step-by-Step: How the ‘Account Reported’ Scam Works

To fully understand this scam, let’s break down the exact steps a criminal will take to try and steal your Facebook account credentials:

1. You Receive a Fake ‘Account Reported’ Message

The first contact will come via a message in your Facebook inbox from an unknown sender. The message will claim that violations have been reported on your account by other users.

It will typically say your account, page or group has been reported up to 7 times, resulting in a temporary suspension. This tactic mirrors Facebook’s official account restriction policy for multiple violations.

The message will urge you to ‘confirm your account’ through an attached link to avoid permanent suspension. Of course, there are no actual reports or restrictions on your real account.

Support 87279

2. The Link Goes to a Fake Facebook Login Page

If you click the ‘Confirm Account’ link, it will open what appears to be the Facebook login page. However, the URL will clearly show it is not Facebook.com.

Common fake URLs used include:

  • account-confirmation.facebook.com
  • facebook.violations-on-page.support
  • violation-appeal.fbaccounts.com

While the page looks convincingly like Facebook, it is a phishing site hosted by the scammers. Their goal is to deceive you into entering your login info here.

3. You Enter Your Login Details on the Phishing Page

Once you land on the fake login page, you’ll be prompted to enter your email and Facebook password to ‘confirm your account’.

Since the page looks visually similar to the real Facebook site, you may be tricked into entering your details without realizing it’s a scam.

4. Scammers Gain Access and Takeover Your Account

Armed with your login credentials, the criminals can now access and take full control of your real Facebook account. They don’t need to verify anything or respond to your ‘reports’.

Once in your account, scammers can post content, message friends, access private info, take over Groups/Pages you manage, and potentially lock you out.

In essence, compromising your login details hands over the keys to your online identity. Criminals can use this to steal personal data, scam your network, distribute malware, and cause other forms of devastation.

This is why it’s critical to never enter your password on third-party sites, no matter how genuine they appear. Facebook will only ever direct you to Facebook.com for login purposes.

Identifying This Scam on Facebook – Warning Signs and Examples

Spotting phishing attempts and online scams takes vigilance. When it comes to the prevalent “Your account has been reported” Facebook scam, there are key indicators to recognize as red flags. Being able to identify these signs means you can avoid being tricked into compromising your account.

Suspicious Sender

Scam messages often come from random accounts you don’t recognize or have no connections with. For example, the sender may be named something generic like “Support Agent” or include a series of random numbers in the profile name.

Legitimate notifications from Facebook only ever come directly from an official Facebook channel, rather than unverified profiles.

Links Leading Outside of Facebook

One of the clearest giveaways is any link in the message bringing you outside of Facebook.com. Scammers use misleading URLs that at first glance appear to be Facebook or Instagram.

Examples include sites like “account-support.fb” or “facebook-violations.com”. However, checking the actual URL will reveal it is not an official Facebook domain. Genuine login links will only ever bring you to Facebook.com.

Aggressive Tone and Sense of Urgency

Scare tactics are commonly used in these phishing attempts. The messages tend to have an aggressive, threatening tone, warning your account will be deleted if you don’t act quickly.

Phrases like “Login NOW to avoid suspension” or “You have 24 hours to verify your account” aim to pressure you into clicking without thinking first. Facebook would never message you in this forceful, intimidating manner.

Poor Spelling and Grammar

Often the scam messages contain typos, grammatical errors, awkward phrasing, or are generally written in broken English.

If you notice obvious spelling mistakes or sentences that don’t make sense, it’s likely an unauthorized message. Facebook’s official notifications are professionally translated and edited.

Requests for Login Details

A huge red flag is any message asking you to provide your Facebook login details or password. Facebook will never send you to an external website and ask you to enter this sensitive information.

Only submitting your login credentials directly through Facebook.com can be considered secure. Messages claiming you must “verify” or “validate” your account elsewhere are always a scam.

Keeping these warning signs in mind helps protect you when using Facebook. Take time to scrutinize any messages about your account’s standing and be on high alert for these indicators of a scam attempt.

What to do if You Fall Victim to This Scam

If you mistakenly clicked the phishing link and entered your Facebook login information, don’t panic. Here are the steps you should take right away to secure your account:

Step 1: Reset Your Facebook Password

The first thing you need to do is reset your Facebook password. This instantly revokes access from the scammers who now have your current login details.

To reset the password:

  • Go directly to Facebook.com and click ‘Forgot Password’
  • Enter your email address and complete email/text verification step
  • Create a new, strong password that’s unique from other accounts

Reset your password as soon as possible before criminals cause too much damage.

Step 2: Enable Login Approvals

Once you reset your password, add an extra layer of security by turning on Login Approvals under Facebook Settings.

This requires you to enter a special security code each time someone logs into your account from an unrecognized device. The code can be sent via text, email or authenticator app.

Having a login approval code will thwart any further unauthorized logins even if the scammer has your new password.

Step 3: Check Login Activity

Head to Settings > Security > Login Activity and review recent logins to your account. Check for any unfamiliar locations or IP addresses accessing your profile.

If you see suspicious activity, you can take steps like forcing logout of active sessions or restricting logins to only your trusted devices.

Step 4: Scan for Suspicious Posts, Messages or Changes

Conduct a thorough check of your Facebook account for any unusual posts, messages, friend requests or other red flag activity.

Look for things like:

  • Strange messages sent to your friends list
  • posts promoting spam/malware
  • joined groups or pages you didn’t authorize
  • new friend requests from people you don’t know
  • changes to your profile information or settings

Removing concerning posts and messages can help limit the damage. You may also have to message contacts explaining your account was hacked.

Step 5: Secure Other Linked Accounts

If your Facebook account was linked to other apps or sites, change your passwords there as well. Criminals could have access to your other online accounts too.

Prioritize any sites containing financial information or valuables like email, ecommerce sites, or cryptocurrency exchanges. Enable 2FA on these accounts if possible.

Step 6: Contact Facebook Support

If your account shows major signs of compromise, or you are locked out, submit a report directly to Facebook.

Explain your account was hacked and request help regaining access. Facebook can also remove fraudulent content and alert contacts their accounts may be at risk too.

While waiting for their response, continue securing your account by resetting passwords, enabling login approvals and removing suspicious activity.

How to Avoid Falling Victim in the First Place

While you can recover from this scam with the right response, it’s better to avoid being fooled entirely. Here are some tips to protect yourself:

  • Never click links in unsolicited messages – Genuine Facebook notifications will only ever direct you to Facebook.com. Anything redirecting you elsewhere is a scam.
  • Check the sender’s name – Scam messages usually come from random names or accounts, not ‘Facebook’. Verify you recognize the sender before clicking.
  • Review the message carefully – Poor grammar, threatening tone, or requests for login details are red flags of a phishing attempt.
  • Secure your account with 2FA – Having two-factor authentication enabled blocks criminals even if they have your password.
  • Be wary of text/email codes – If you receive a login code you didn’t request, it could be a hacker trying to access your account.
  • Keep software updated – Having the latest security patches prevents criminals from exploiting vulnerabilities to compromise your device or account.
  • Use unique passwords – Having different passwords for each account prevents crooks from accessing other services if one is breached. Consider a password manager.
  • Monitor login activity – Routinely check Settings > Security > Login Activity to watch for unfamiliar sessions.

Staying vigilant for common warning signs of phishing attempts is your best defense. Avoid acting out of haste or fear if your account appears at risk.

Frequently Asked Questions About the “Account Reported” Facebook Scam

This prevalent scam tricks many Facebook users. Here are answers to some commonly asked questions about how it works and how to avoid falling victim.

What is the “Your Account Has Been Reported” scam?

This is a phishing scam where targets receive a fake notification claiming their Facebook account has been reported and is at risk of being disabled. The message includes a link to “appeal” the violation by entering login credentials on an external site. In reality, it’s a ploy to steal Facebook account access.

Why do scammers want access to my Facebook account?

By gaining access to your account, scammers can steal personal information, hack connected apps or sites, impersonate you, post malicious links or misinformation, take over business pages you manage and more. Your account is a gateway to committing identity theft and spreading scams.

How does the scam message reach my Facebook inbox initially?

Scammers use bots and hacked databases to obtain inboxes and phone numbers of potential targets. They craft fake notifications and mass send them to unsuspecting users in hopes some will fall for the phishing attempt.

Are my Facebook friends involved in sending me this scam message?

No, your contacts are not involved in distributing these scam messages. The scammers spoof and disguise the messages to make them appear sent from your friends or followers. But in reality, your connections’ accounts have not been compromised.

What are some telltale signs identifying this as a scam?

Warning signs include suspicious links redirecting outside Facebook, threats of account suspension, poor grammar/spelling, urgent call to action, request for login credentials, unfamiliar sender, fake looking verification pages.

Should I click the link or provide any personal details?

Absolutely not. The links lead to phishing sites aimed at stealing your login info. Never enter your password or sensitive data anywhere except the official Facebook website. Report the message as spam immediately.

What happens if I did click the link and enter my password?

If you were tricked into providing your login credentials, you must take action quickly before your account is compromised. Immediately change your Facebook password and turn on two-factor authentication for added security against further unauthorized access.

How can I better protect myself from this scam in the future?

Always scrutinize messages carefully, watch for warning signs of phishing, avoid clicking unverified links, use strong unique passwords, enable two-factor authentication, and never provide sensitive data to third-party sites.

What should I do if I continue receiving these scam messages?

Keep reporting the messages as spam/fraud directly to Facebook. You can also strengthen your account security settings, restrict messages to friends only, and be extra vigilant about links or requests for personal information. Enabling login approvals adds an extra barrier as well.

The Bottom Line

The ‘Your account has been reported’ tactic is one of the more common Facebook scams circulating today. It preys on people’s fear of losing access to trick them into compromising their account.

If you receive a message claiming policy violations or temporary suspension, exercise extreme caution. Never click links or provide login details to third-party sites, no matter how genuine they appear.

You can also deter this scam entirely by enabling login approvals and reviewing login activity routinely to catch unauthorized access quickly.

With awareness of how this scam operates, you can spot red flags early and take steps to lock down your account. Staying vigilant for phishing attempts protects you and your network from potential identity theft and financial fraud.

How to Stay Safe Online

Here are 10 basic security tips to help you avoid malware and protect your device:

  1. Use a good antivirus and keep it up-to-date.

    Shield Guide

    It's essential to use a good quality antivirus and keep it up-to-date to stay ahead of the latest cyber threats. We are huge fans of Malwarebytes Premium and use it on all of our devices, including Windows and Mac computers as well as our mobile devices. Malwarebytes sits beside your traditional antivirus, filling in any gaps in its defenses, and providing extra protection against sneakier security threats.

  2. Keep software and operating systems up-to-date.

    updates-guide

    Keep your operating system and apps up to date. Whenever an update is released for your device, download and install it right away. These updates often include security fixes, vulnerability patches, and other necessary maintenance.

  3. Be careful when installing programs and apps.

    install guide

    Pay close attention to installation screens and license agreements when installing software. Custom or advanced installation options will often disclose any third-party software that is also being installed. Take great care in every stage of the process and make sure you know what it is you're agreeing to before you click "Next."

  4. Install an ad blocker.

    Ad Blocker

    Use a browser-based content blocker, like AdGuard. Content blockers help stop malicious ads, Trojans, phishing, and other undesirable content that an antivirus product alone may not stop.

  5. Be careful what you download.

    Trojan Horse

    A top goal of cybercriminals is to trick you into downloading malware—programs or apps that carry malware or try to steal information. This malware can be disguised as an app: anything from a popular game to something that checks traffic or the weather.

  6. Be alert for people trying to trick you.

    warning sign

    Whether it's your email, phone, messenger, or other applications, always be alert and on guard for someone trying to trick you into clicking on links or replying to messages. Remember that it's easy to spoof phone numbers, so a familiar name or number doesn't make messages more trustworthy.

  7. Back up your data.

    backup sign

    Back up your data frequently and check that your backup data can be restored. You can do this manually on an external HDD/USB stick, or automatically using backup software. This is also the best way to counter ransomware. Never connect the backup drive to a computer if you suspect that the computer is infected with malware.

  8. Choose strong passwords.

    lock sign

    Use strong and unique passwords for each of your accounts. Avoid using personal information or easily guessable words in your passwords. Enable two-factor authentication (2FA) on your accounts whenever possible.

  9. Be careful where you click.

    cursor sign

    Be cautious when clicking on links or downloading attachments from unknown sources. These could potentially contain malware or phishing scams.

  10. Don't use pirated software.

    Shady Guide

    Avoid using Peer-to-Peer (P2P) file-sharing programs, keygens, cracks, and other pirated software that can often compromise your data, privacy, or both.

To avoid potential dangers on the internet, it's important to follow these 10 basic safety rules. By doing so, you can protect yourself from many of the unpleasant surprises that can arise when using the web.

Previous

Warning: Delete the Walmart “Answer & Win” Email Scam Now

Next

Paramount Plus Invoice Scam: Don’t Get Tricked by Fake Renewal Emails