Reading Time: 6 minutes

Scams are unfortunately a part of our increasingly digital world and they won’t be disappearing any time soon. While in the old days, many scams came in the form of typo-riddled emails, scammers have become much more creative and sophisticated in their activities.

If your school has a presence on Facebook, there is a good possibility that you or one of your colleagues will be (if it has not happened already) targeted by scammers. 

The general goal of these scams is to gain access to a school’s financial details or any credit cards on file which can then be filled with fraudulent charges. The way the scammers do so is often by tricking school administrators into divulging login information to then gain control of the accounts.

While it is fortunately possible to have these charges reversed in many cases through your bank, the hassle of having to deal with this can be a headache for smaller schools that do not have a dedicated financial team. As well, when things like this occur, it can also cause your school to lose access to its social media accounts, which may be needed for marketing.

In the post below, we’ll walk you through two of the common scams that we have seen targeting users associated with schools on Facebook in recent months. We will also provide tips for how to spot fraudulent messages and some suggestions for what to do next if this happens to your school.

The “Ad Account Disabled” Scam

In Q4 of 2022, Facebook updated its content moderation system which inadvertently led to numerous schools having their accounts erroneously disabled. Before Meta was able to remedy the matter, numerous scammers took advantage of the situation with widespread phishing messages. 

These messages informed users that their ad accounts were disabled and that the only way to recover them before they were permanently deleted was to click a link back to Facebook and submit information for an appeal. (see below).

Example of a Facebook scam email

For any user who followed the link, it did indeed return them to Facebook where they saw what looked like a help portal. However, the page was a fake that the scammers set up and used before the moderation teams could take them down. Any user who followed the instructions inevitably shared their payment information with fraudulent actors and likely had their accounts compromised quickly afterwards.

The reason this scam was so successful was that the scammers tied its release to a known and existing issue with Facebook. At the time, Meta was sending similar messages to these and often, one way to resolve the issue was to visit an official support page on Facebook. 

In any event, there are a few elements that give away that this is a scam:

  • Sender Address: Always check the email address of the sender. While it is possible to fake these, most scammers do not bother going through the trouble. In the case of this scam, we can see that it purportedly comes from “Meta Ads” but the email address is a long, nonsensical string that does not mention Facebook or Meta itself.
  • Time Limit: Scam messages frequently use pressure tactics to cause their victims to feel like they need to act right away. In the case of this email, it states that the user has 24 hours to respond. While Meta support often promises to respond in 24 hours to requests, they never impose arbitrary time limits on taking action. 
  • Severity of Message: While Meta typically bans first and lets users appeal later, they never use temporary bans to transition to deletion. When Meta decides to ban an account, they permanently ban the user with no chance of appeal (and this typically only happens in extreme cases). When a school has their assets legitimately flagged or temporarily banned, their status will remain unchanged until a legitimate appeal is made – whether it takes 24 hours or longer.

What to do if you receive a message like this?

If you or someone else at your school receives a message like this and you are not certain if it is legitimate or not, the first step should be to check your ad account. This can be accessed by going to https://business.facebook.com/settings/ad-accounts/ and then selecting the correct ad account. 

If your ads are all running, you will see the word “Active” with a green dot under the delivery tab.

If they are inactive or there is a red banner at the top of your screen stating that your account is paused, you can then click through to look into resolving the matter.

If you instead see that they are paused or have red notifications with the word “Error,” then there could be a real problem with your account. In such cases, contact Meta support from within the app.

The “Community Policy Violation” Scam

Facebook recently updated their community guidelines and, as a consequence, more posts have been flagged for potential violations than before. As such, another scam that was timed to coincide with changes taking place on the platform. 

As you can see from the example below, the scammers once again send out a message impersonating Meta. The difference with previous scam is that, in this case, it claims that the school’s page is no longer visible and that it was a community policy violation on the page that triggered the ban.

 

Also similar to before, it uses language that suggests the school’s assets might be permanently deleted if they do not take immediate action. This example also omits the time limit that other, earlier scams used, which in a sense makes it appear less urgent but also more realistic.

Fortunately, there are again elements that give this away as a scam:

  • Sender Address: This scam uses a very similar address as the previous one that is a mix of gibberish and a salesforce domain. And even though the two messages were different and different schools were targeted, it’s quite likely that it’s the same parties attempting to prey on institutions like yours.
  • Grammar and Punctuation: This example has a few mistakes in the text. Notably in the subject line, it contains a full stop after the school name and before the word “page” which doesn’t make sense grammatically. There is also inconsistent use of first letter capitalization to make some words seem more official and at times multiple spaces are used between words when one would have been suitable.

What to do if you receive a message like this?

Since this message claims that your school’s page has been disabled and is no longer visible, the easiest way to disprove it is to log onto Facebook and navigate to your page. If for any reason it is not visible, sign in to your business as an admin and review if there have been any notifications within the application or contact Meta support.

Keping Your School Safe Moving Forward

We suspect that moving forward, Facebook scams targeting schools will become harder and harder to identify. Scammers are likely to learn from their mistakes and become more sophisticated. In the two examples presented, each occurring just days after the other, the text in the message began to resemble more closely actual messages sent by Facebook and had fewer easy giveaways. 

In any event, if at any time you receive a message like this – and whether or not it appears to be legitimate – the best practice is to not click any links in the email. Rather, immediately investigate your accounts – if the issue is legitimate, you will find a notification in the app that will give you the steps to remediate it. It’s possible the email was legitimate, but if you are unable to tell then do not take the risk.

As a final reminder: never click on any link in any suspicious email. In the case of Facebook and Instagram warnings, always investigate first and contact Meta support for more information.