How to Recognize Scams on Social Media
In this day and age, maintaining an active social media presence is an important part of any comprehensive marketing plan for plastic surgeons and dentists. Indeed, in addition to helping raise brand awareness and attract new patients, there is even evidence that social media can positively affect SEO.
However, while social media marketing is a valuable tool for promoting your practice, it is also important to maintain good account security habits. One major element of staying safe online is being able to spot—and avoid—common social media scams.
- What Are Social Media Scams?
- How Social Media Scammers Target Businesses
- How to Identify a Scam Email or Direct Message
- New Phishing Scheme: Event-Based Scam on Meta
What Are Social Media Scams?
Simply put, the term “social media scam” refers to a broad range of fraudulent activities perpetrated on social media websites—usually with the goal of tricking users into giving up either money or personal information. In some cases, scammers will solicit funds or financial information directly, often under the guise of raising money for charitable causes or providing users with investment opportunities. In general, you should never provide your financial information over social media, and you should be exceedingly wary of requests for payment using “untraceable” methods, such as gift cards, cryptocurrency, or wire transfers.
Alternatively, some scams may aim to harvest personal information—which can then be used to “hack” your social media accounts or even steal your identity. This can be a particularly alarming prospect for business accounts, since scammers can then use your platform to distribute malicious links or solicit money and information from your followers.
How Do Social Media Scammers Target Businesses?
“Phishing scams” represent one of the most common tactics used to target businesses on social media. The United States Federal Trade Commission (FTC) explains: “Phishing is a type of online scam that targets consumers by sending them an e-mail that appears to be from a well-known source… It asks the consumer to provide personal identifying information.” In particular, scammers often impersonate Facebook and Instagram—or their parent company, Meta—in order to gain access to user accounts.
These fake communications from scammers will often take the form of an account security notice, a Digital Millennium Copyright Act (DMCA) takedown notice, a policy violation notice, or some other pressing issue. In some cases, scammers will even create misleading event-based messages designed to appear as though Meta is informing you that your account will be deleted or has violated a policy.
Phishing emails or messages are usually urgent in tone, encouraging the recipient to take immediate action without considering the situation thoroughly. They will also typically include some kind of link, attachment, or other directive to “verify” account details or dispute the alleged violation. It is strongly advised that you do not click on any links, images, or attachments in suspicious messages. They may infect your device with malware or lead to “dummy” login pages designed to steal your personal information.
Below, the social media experts at Rosemont Media have outlined some “red flags” to look for when you receive a suspicious email or direct message about your social media account.
How to Identify a Scam Email or Direct Message
1. Check the Sender’s Email Address or Profile
One of the simplest ways to identify a scam is to check the sender’s email address or profile. According to the Meta team, the following email addresses are affiliated with the company:
- notification@facebookmail.com
- noreply@facebookmail.com
- @business.fb.com
- @support.facebook.com
- @fb.com
- @meta.com
- advertise-noreply@facebookmail.com
- update@em.facebookmail.com
- @mediapartnerships.fb.com
- @support.instagram.com
- @mail.instagram.com
While some scammers will set their display name to something like “Meta Team” (see the graphic below), a quick look at the actual email address behind the display will often reveal the truth. Similarly, many scammers on Instagram will look legitimate at first glance. However, many of these accounts will be newly made, with a low follower count and posts dating back only a few days or weeks. If the email references an event, be cautious, as Meta does not use events to notify users of policy violations.ccounts will be newly made, with a low follower count and posts dating back only a few days or weeks.
2. Take Note of Spelling, Grammar, and Formatting
Another useful tip for identifying scams is to check for poor grammar, spelling errors, strange formatting, or awkward language. In general, communications from Meta will contain consistent branding and clean, concise copy that is free of errors.
3. Evaluate the Purpose of the Email or Direct Message
Some scammers utilize tags, mentions, or events to try to make their communications seem more legitimate, since email notifications for these actions are sent from an official Meta-affiliated address. However, according to their Help Center, Meta will never notify you of any issues with your Facebook or Instagram account by tagging you in a post or inviting you to an event. Similarly, Instagram’s Help Center asserts that Meta will never contact users about account issues via direct message; instead, official correspondence will be sent via email, and users can review recent emails sent by Instagram in their settings menu.
4. Check Your Notification Feed
Official Meta emails (such as the one pictured below) will typically direct the user back to either Facebook or Instagram in order to resolve any account-related issues. If you receive a suspicious email or DM, do not click any links or reply to the message. Instead, the best way to verify the information is to open the website or app directly and review your notification feed for any alerts.
New Phishing Scheme: Event-Based Scam on Meta
A newer phishing tactic targeting Meta platform users takes advantage of the “event” feature. Scammers create events with misleading titles that appear as though your account will be deleted or has violated a policy. This new method preys on users who have email notifications enabled, as the email will come from a legitimate Meta-affiliated address, but it is only notifying you of the event invitation.
The event description is often designed to prompt users to click on a shortened link, threatening that if the user doesn’t fill out an “appeal form,” their account will be deleted or suspended. These forms are used to collect personal information.
To recognize this scam, pay close attention to the invitation’s language. You will notice the email says “Meta has invited you to” an event, and there will be RSVP options such as “Going,” “Maybe,” and “Can’t Go”—clear indicators that this is an event, not an official Meta policy notice. If you receive such a message, do not interact with the links or event. Instead, review your account notifications directly on the Meta platform to verify if there are any legitimate issues with your account.
Rosemont Media Is Here to Help
While scams can certainly be a scary prospect, our team of specialists is here to ensure your accounts stay secure while you make the most of everything social media has to offer. Contact Rosemont Media today to learn more about how we can boost your digital presence and take your content marketing strategy to the next level!