Logo - Pack The Mats

Are These Facebook Emails & Messages Legit?

If you manage a Facebook page for your martial arts school, there’s a 100% chance that you’ve recently received messages, comments, and/or spammy emails saying your page is being suspended. 

These messages are almost always phishing attempts to get you to click a link that could compromise your profile or accounts. But how do you know if these messages are real or an attempt to compromise your account?

Here’s my top tip for determining whether an email or message is real/legitimate.  

Top tip for determining whether an email or message is real

Always check the “from” email or profile of the sender to determine if an email is legitimate. 

When dealing with unsolicited messages, links, or emails, you’ll first want to confirm the legitimacy of the sender. Recently, for some reason Facebook has been allowing fake pages and profiles that look like “Meta Security” or similar name to send spammy messages. These messages can be ignored every time unless you recently contacted Meta Support and were waiting for a response. 

If you haven’t contacted Meta / Facebook Support then they won’t reach out to you via messenger. Meta may, however, email you with important account updates. 

When receiving emails from Meta / Facebook, it’s important to check the email address of the sender, NOT THE NAME of the sender. Always check the full email address of the sender to determine legitimacy. Use the image below as a reference and note the email address underlined in red. The name looks fine but the email is a red flag. This email is 100% spam and can be marked as spam in your inbox.

a spam email attempting to look like Facebook / Meta support

However, if you receive an email from an email address that ends in @facebookmail.com, it is likely a real email. See the example below of what a legitimate email from Meta looks like.

a look at a real email from Facebookmail.com email address

Not sure if an email or message is legitimate? Feel free to message our team and we’ll be happy to assist. While waiting for a response, do NOT click on any links. If you do happen to accidentally or inadvertently click on a link, follow the tips below for securing your profiles and accounts.

Tips for securing your profiles and accounts

Hackers and spammers continue to get creative in their attempts to access our profiles so its important to secure your account. If they do get ahold of your profile, they can lock you out, steal from or spam your friends and contacts, and even take over your ad accounts and run up tens of thousands of dollars in ad spend before you notice. We’ve heard some horror stories so its important to secure your account. 

Here’s how:

1. Make sure your Password is Secure

    You’ll want to have a secure password with numbers, letters, and special characters. Don’t use the same password as you use on other accounts. If you haven’t reset your password in a long time (more than 1 year ago) then it might be time to update it. 

    2. Implement Two-Factor Authentication (2FA)

      Setup 2FA for your profile. Here’s an article about how two-factor authentication works on Facebook and it explains how to set it up. It’s important to know that text messages and SMS codes are a step up from just having secure password, but it’s not the best option and you can still get hacked. 

      We recommend adding a third-party authentication app to your phone. This additional layer of security helps protect your accounts from unauthorized access. Your phone number can be spoofed but with a third-party app, the hacker would need to have access to your phone in order to get into your account. 

      3. Implement Two-Factor Authentication (2FA) for all Business Manager Users

        If you have a Meta Business Manager, which you should if you manage a page and run ads, then you must ensure that all individuals with access to your Business Manager not only have 2FA enabled but also use a third-party authentication app. 

        Make this mandatory for all other owners, employees, or agencies with access to your Business Manager.

        4. Thoroughly Investigate Hacks

          If you suspect any unauthorized activity in your accounts, the first step is to reset your password. 

          Next, you’ll want to review the Users and Partners in your Business Manager to ensure nobody has been added without your permission. 

          Then, you’ll want to check your ad accounts to ensure no new ads have been created. If you notice any suspicious ads, turn them off immediately. Also, check any ad rules to make sure there aren’t any ad rules created to automatically turn the ads back on – as I said, these hackers are getting smarter.

          While your instinct may be to delete affected ad campaigns, it’s essential to preserve any evidence in case further investigation is required, especially when dealing with potential security breaches.

          Follow these steps to maintain a secure Facebook profile and Business Manager, and feel free to reach out if you have any questions.

          Leave a Comment