How to avoid 'Your account has been reported' Facebook scam

In an era dominated by the digital realm, the ubiquity of social media platforms has ushered in a new age of connectivity and communication. However, with the widespread adoption of these platforms comes a growing and insidious trend: phishing attempts. One example of such malicious scams that have recently become quite common is the 'Violations detected on your page' or 'Your account has been reported' fake message on Facebook, which to this day deceives users all around the world into giving away their valuable and sensitive personal information. Here is a quick guide on what this scam is and how you can avoid it. 

How does this scam begin?

You will know when you are being targeted by this scam when you receive a message saying that there have been some sort of violations on your Facebook page or that your account or page has been reported by someone. The message usually begins with these lines: "Your page has been reported seven times. We have temporarily suspended your page because you have violated our terms and conditions." 

To note, the 'seven times report' or 'seven times strike' is important here, as, according to Facebook's official rules, an account or page that has received seven strikes will receive a 1-day restriction from posting, commenting, or creating a new page. The severity of the penalties increases with more strikes, with 10+ strikes resulting in a 30-day restriction.

The aforementioned notification will typically have some additional lines, something like: "If you believe this is an error, please verify your account at the link below." A sentence like this will be followed by an external link, adding that you need to confirm your account within 24 hours, or similar claims meant to force an unsuspecting user to click the link. 

What happens if I click on the link?

The link in the fake notification will show a domain name that seems authentic at first glance, with some common examples being 'account-confirmation.facebook.com' or 'facebook.violations-on-page.support'. When you click on such a link, you will be directed to an external web page that looks similar to Facebook. From there, you will be asked to enter your email ID and password to 'confirm your account'. 

This is where the scam takes place. The external web page, despite looking similar to Facebook in design, is actually a phishing site that will harvest your personal information. If you have entered your password, malicious hackers will be able to use that to compromise your Facebook account. As such, they can now steal your identity and post, message, or access personal data using your account. If you are the owner of a Facebook page or group, the scammer can add/remove admins and members, and even delete or sell the page.

How can I avoid this scam?

According to Facebook's official help centre, Facebook will never ask for your password in an email or send you a password as an attachment. So, whenever you spot a Facebook message that prompts you to enter your password, you can reliably pass it off as a scam. 

Aside from this, some patterns are usually noticeable in such scam messages, such as grammatical errors (which will never be in an official Facebook notification) and generic greetings like 'Dear user' (Facebook will always address you by your name).  

You should also keep an eye out for any suspicious links or embedded URLs that you do not immediately recognise. Usually, there are extra alphabets or misspelled words in such links - a dead giveaway that it is a fake website.

I have come across this scam. What should I do?

The first thing you should do is not click on any links or provide your personal information. Facebook has officially stated that if a user comes across any message or email that seems strange, they should report it to phish@fb.com immediately. 

In case you think you have been compromised, you should log out of all active sessions. You can do this by going to the Accounts Center, clicking on 'Password and security' under 'Account settings', and checking 'Where you're logged in'. From there, you can manually check which devices are currently using your account, with the option to log out from any of the devices if needed.

When it comes to avoiding phishing, a bit of vigilance can go a long way. Carefully check each new link you are sent from someone you don't know, and don't ever immediately click on an external site or a message you don't recognise.