July 9, 2023

Facebook Ads Scam

If you run ads, or pay to boost posts on your Facebook (business) pages, you may have received an email with a subject similar to these:


  • Your ad does not meet Facebook's advertising standards.

  • Your ad will be suspended and your ad account will be restricted

  • Your Ads Account Has Been Disabled Due To Violation Of Community Standards


The email claims to come from Meta Business, or Meta for Business, and that's what most email clients will show in the From field. The message body contains wording similar to this:

Hello, (your Facebook "page" name)

We officially inform you that your advertising account has been found in violatin our ads policies. We ensure to take the safety of our user seriously, and we request all advertisers to follow our guidelines.

We've decided to permanently restrict your account. If you think this decision is incorrect you can appeal below:

SUBMIT

After you request a reconsideration, you usually have to wait 48 hours to get a different decision. Before new results are available, your account will be in a "pending review" status.

The Meta for Business Team,

Meta Platforms, Inc., Attention: Community Support, 1 Facebook Way, Menlo Park, CA 54902

My initial reaction to receiving the first of 4 such messages in 3 days was apprehension. So, I checked my ad campaign and found that it was up and running just fine. There were no notifications about any violations, or pausing of the ad account. The first thing you should do if you get a similar email notice is to go to your Meta business page and see if there are any warnings.

Another giveaway that this is a scam is the poor grammar and misspellings in the message body text. No real company would put out an important email message like that with misspellings and bad grammar. I suspect that the author is not an English speaker primarily, or that they composed it in their own language then translated it into "Engrish.".

Once I saw that my ad was still running, I opened the email's source code in MailWasher Pro. This is a spam screening program that I've been using for a couple of decades now. It is similar to a standard email client, but is geared toward classifying emails as good or bad before you download them to your actual email "client" An email "client" is a program or app that downloads and opens emails, and lets you compose and respond to those emails. It also saves your incoming and outgoing messages if you set it up to do that.

Back to the email source code. MailWasher Pro has a link on the Inbox page labeled: Show Email Info. Clicking it opens three tabs, labeled: General, Source, and Spam Tools. Clicking on the General displays some basic hidden information, like the actual email address and reply to address. In the case of my email claiming to come from Meta for Business, this is what I saw as the sender's address: Meta for Business ([email protected]). Meta and Facebook own their own email domains. They have no reason to use Microsoft's Outlook email system when they have their own! So, what about the return path? Here it is: no-reply-fb-restriction-casee-a32=outlook.com__@0-3sh32vu9ab0v1s.xxf8bx4kgfiw6jfb.6hzk6epted9r2ycq.hxft089.2t-ieheeak.ap12.bnc.salesforce.com. The domain salesforce.com has nothing to do with Meta or Facebook. The scammers behind this ploy have compromised email accounts belonging to Salesforce employees who do use Outlook as their email client.

The second tab is labeled: Source. When I click on that tab the email's entire source code is revealed. Much of it is normally hidden headers that can be used to trace the actual location of the sender. In fact, I traced the sending computer's ip address to Haneda, Kumamoto, Japan! Further down I found the URL contained in the SUBMIT button. It goes to a domain named "web.app." The landing page immediately redirects you to a Google hosted page where the scam begins. However, thanks to reports from me and others to Spamcop, that phishing page has been removed.

I have little doubt that this scam will re-emerge sometime soon. Keeps your wits about you when you see alarming subjects in your email inbox! Scam emails are designed to cause panic and solicit the desired action before one thinks it through. If you get a lot of spam and scam email, consider buying into MailWasher Pro to filter out the crap before you download it to you email client and possibly get tricked into clicking through to somewhere you shouldn't have gone.

Aside: If you're curious about what else MailWasher can do to identify spam, it allows users to create spam filters that match words, phrases, or regular expressions, as well as checking databases from spam reporting services, like SpamCop. I have already written an effective filter that positively identifies this particular scam. Contact me if you want my parameters to use in your own copy of MailWasher Pro.

Posted by Wiz at 11:19 AM |

Facebook Twitter LinkedIn Pinterest Instapaper Google+ Addthis

back to top ^

Blog Links

Sponsored Message

I recommend Malwarebytes to protect your computers and Android devices from malicious code attacks. Malwarebytes detects and blocks spyware, viruses and ransomware, as well as rootkits. It removes malware from an already infected device. Get an 18 month subscription to Malwarebytes here.

If you're a fan of Robert Jordan's novels, you can buy boxed sets of The Wheel Of Time, here.

As an Amazon and Google Associate, I earn commissions from qualifying purchases.

CIDR to IPv4 Address Range Utility Tool | IPAddressGuide
CIDR to IPv4 Conversion



Search


About the author
Wiz FeinbergWiz's Blog is written by Bob "Wiz" Feinberg, an experienced freelance computer consultant, troubleshooter and webmaster. Wiz's specialty is in computer and website security. Wizcrafts Computer Services was established in 1996.

I produce this blog and website at my own expense. If you find this information valuable please consider making a donation via PayPal.

Follow @Wizcrafts on Twitter, where I post short updates on security issues, spam trends and things that just eat at my craw.

Follow Wizcrafts on Twitter

Malwarebytes' Anti-Malware is the most frequently recommended malware removal tool in malware removal forums, like Bleeping Computers. It is extremely effective for removing fake/rogue security alerts, Bots, Spyware and the most prevalent and current malware threats in the wild. Learn about Malwarebytes Anti-Malware.

MailWasher Pro is an effective spam filter that protects your desktop email client. Using a combination of blacklists and built-in and user configurable filters, MailWasher Pro recognizes and deletes spam before you download it. MailWasher Pro reveals the actual URL of any links in a message, which protects you from most Phishing scams. Try it free for 30 days.

Categories

Tag Cloud

Recent Posts

Popular Posts

Archives

Subscribe to this blog's feed
Creative Commons License This weblog is licensed under a Creative Commons License.
The content on this blog may be reprinted provided you do not modify the content and that you give credit to Wizcrafts and provide a link back to the blog home page, or individual blog articles you wish to reprint. Commercial use, or derivative work requires written permission from the author.
Powered by Movable Type

back to top ^