Facebook Ads Scam
If you run ads, or pay to boost posts on your Facebook (business) pages, you may have received an email with a subject similar to these:
- Your ad does not meet Facebook's advertising standards.
- Your ad will be suspended and your ad account will be restricted
- Your Ads Account Has Been Disabled Due To Violation Of Community Standards
The email claims to come from Meta Business, or Meta for Business, and that's what most email clients will show in the From field. The message body contains wording similar to this:
Hello, (your Facebook "page" name)
We officially inform you that your advertising account has been found in violatin our ads policies. We ensure to take the safety of our user seriously, and we request all advertisers to follow our guidelines.
We've decided to permanently restrict your account. If you think this decision is incorrect you can appeal below:
SUBMIT
After you request a reconsideration, you usually have to wait 48 hours to get a different decision. Before new results are available, your account will be in a "pending review" status.
The Meta for Business Team,
Meta Platforms, Inc., Attention: Community Support, 1 Facebook Way, Menlo Park, CA 54902
My initial reaction to receiving the first of 4 such messages in 3 days was apprehension. So, I checked my ad campaign and found that it was up and running just fine. There were no notifications about any violations, or pausing of the ad account. The first thing you should do if you get a similar email notice is to go to your Meta business page and see if there are any warnings.
Another giveaway that this is a scam is the poor grammar and misspellings in the message body text. No real company would put out an important email message like that with misspellings and bad grammar. I suspect that the author is not an English speaker primarily, or that they composed it in their own language then translated it into "Engrish.".
Once I saw that my ad was still running, I opened the email's source code in MailWasher Pro. This is a spam screening program that I've been using for a couple of decades now. It is similar to a standard email client, but is geared toward classifying emails as good or bad before you download them to your actual email "client" An email "client" is a program or app that downloads and opens emails, and lets you compose and respond to those emails. It also saves your incoming and outgoing messages if you set it up to do that.
Back to the email source code. MailWasher Pro has a link on the Inbox page labeled: Show Email Info. Clicking it opens three tabs, labeled: General, Source, and Spam Tools. Clicking on the General displays some basic hidden information, like the actual email address and reply to address. In the case of my email claiming to come from Meta for Business, this is what I saw as the sender's address: Meta for Business ([email protected]). Meta and Facebook own their own email domains. They have no reason to use Microsoft's Outlook email system when they have their own! So, what about the return path? Here it is: no-reply-fb-restriction-casee-a32=outlook.com__@0-3sh32vu9ab0v1s.xxf8bx4kgfiw6jfb.6hzk6epted9r2ycq.hxft089.2t-ieheeak.ap12.bnc.salesforce.com. The domain salesforce.com has nothing to do with Meta or Facebook. The scammers behind this ploy have compromised email accounts belonging to Salesforce employees who do use Outlook as their email client.
The second tab is labeled: Source. When I click on that tab the email's entire source code is revealed. Much of it is normally hidden headers that can be used to trace the actual location of the sender. In fact, I traced the sending computer's ip address to Haneda, Kumamoto, Japan! Further down I found the URL contained in the SUBMIT button. It goes to a domain named "web.app." The landing page immediately redirects you to a Google hosted page where the scam begins. However, thanks to reports from me and others to Spamcop, that phishing page has been removed.
I have little doubt that this scam will re-emerge sometime soon. Keeps your wits about you when you see alarming subjects in your email inbox! Scam emails are designed to cause panic and solicit the desired action before one thinks it through. If you get a lot of spam and scam email, consider buying into MailWasher Pro to filter out the crap before you download it to you email client and possibly get tricked into clicking through to somewhere you shouldn't have gone.
Aside: If you're curious about what else MailWasher can do to identify spam, it allows users to create spam filters that match words, phrases, or regular expressions, as well as checking databases from spam reporting services, like SpamCop. I have already written an effective filter that positively identifies this particular scam. Contact me if you want my parameters to use in your own copy of MailWasher Pro.