Con artists are once again on the prowl and trying to find a hole in Facebook and Google’s new ad policies. The Better Business Bureau (BBB) reports that there has been an uptick in fake email messages sent to business owners in an attempt to gain access to restricted information.
There are several red flags that people should look out for. Most are your standard issue warnings, but scammers are always looking for new ways to trip people up. It’s important you have everything covered and stay vigilant about any new angle scammers are trying to work.
Here’s how the scam plays out:
The scam starts out by you receiving an authentic-looking email that appears to come from Facebook or Google with the proper logos and professional-sounding language you’d expect from either tech company.
The next thing to look for is verbiage telling you that your ad account hasn’t been following the rules and that it’s either been deactivated or is about to be deactivated. If you don’t have an ad account with either Facebook or Google (or any other platform), then you should stop right there.
The next trigger point is the most important one. The email says that if you want to find out more about the situation and reactivate your account, all you have to do is click on a link.
Stop right there and don’t click on anything. The BBB says that no matter how convincing that email seems, don’t click the link! If you do, then malware could be downloaded onto your computer and access your personal information. The bureau reports that the link in the email leads to a fake login page in some cases. In that scenario, if you enter your login ID and password, scammers will have gained access to your account.
Keep your guard up on all email
Scammers are getting smarter and sharpening all their digital skills -- better design, better grammar, correct spelling, etc. The BBB lays out five very simple rules everyone should use when opening any email:
Verify your account. “Verify the status of your account before you act. Even if an email looks convincing, visit the official website and try logging into your account before you click on any link in an email or reply with your personal information,” cautions the BBB. “If your ‘deactivated’ account is still up and running, the email is a scam.”
Never click on links in unsolicited emails. Like we said, hoaxers make links and web pages that appear to be real, but even an official looking webpage could be lying in wait to infect your computer with malware. The bottom line is that you should never click on links in unsolicited messages.
Watch out for shortened links. A new angle scammers are playing is trying to get potential victims to click on shortened links, such as Bit.ly, Ow.ly, or Goo.gl. The problem is that it’s impossible to know where this kind of link will lead because of the masquerade that using a “URL shortener” can perform.
Two years ago, Google saw the problems its URL shortener Goo.gl could cause and put tripwires in place to stop anonymous and first-time users from creating new short links via the goo.gl console. But there might still be phishers who had access to Google’s URL shortener before the new rules were put in place, and they might still try to work that ploy.
Take advantage of Facebook security features. Facebook has security features that allow users to see if security related messages they’ve received are legitimate or fake. Facebook asks users to report any fake messages they come across.
Don’t be hasty because of an “urgent” message. Scammers love urgent messages like the “Hey, grandma, I’m in jail” or “I’m in a foreign country and lost my wallet” trick -- anything the scammer can spin to make their victim think it’s a serious situation that requires immediate action.
“Even if a message claims your account is about to be deactivated or your password is being reset, don’t panic. If it seems unlikely, use caution and verify the claims before you act,” urges the BBB.