Facebook’s multi-front war on misinformation apparently has a new flank. While the firm wrestles with fake news and constant claims of censorship around the coronavirus, criminals are apparently trying to take advantage of the confusion.
Some Facebook Page users are being attacked by an official-looking “Policy Team Page” alert which appears to threaten page removal because a user was “reported by others about lying or fraud.” The attacks are particularly believable because the criminals manage to get priority placement in Facebook’s notifications alert area — at least, they did when targeting me this weekend.
My alert came from “Policy Team Pages Recovery Report Page,” complete with Facebook logo beside it. See the image above.
I was able to find a series of Facebook pages with similar names, all clearly designed for this type of attack. Reader Eileen Williamson pointed out to me that several of the pages I viewed had been seemingly harmless for many years — one was a cosmetics site for the past four years — but had their names changed recently, seemingly as part of a coordinated attack.
My warning came from a page that previously had a phone number for a business in Serbia. The cosmetics page appeared to originally be owned by a business in Romania. Like the page that attacked me, its name had been changed on Aug. 8. Another page I found appeared to belong to an artist in Greece. That page’s name had been changed only July 30.
All these rogue pages include posts with a warning that reads like this:
“Your page has been reported by others about lying or fraud, to prevent this we need to verify your account. We work hard to prevent actions that endanger all other Facebook users or security on Facebook. Please confirm the repair of your Facebook account. Follow the instructions for the link below…If you do not confirmation (sic), our system will automatically block your Facebook account and you will not be able to use it again. Thanks for helping improve our Facebook service.” What follows is a link that might be designed to steal user credentials or otherwise hijack accounts. I didn’t click on it.
By setting up a page and tagging users in a post, the rogue page manages to worm its way atop user notifications, making it more tempting for users to click — particularly users who might believably have been reported by others, such as those engaged in heated discussions about coronavirus. My incident happened days after I wrote a series of posts about controversial coronavirus cures. (You can read a robust reader discussion about the incident on my Facebook page.)
I asked Facebook about the legitimacy of the alert on Sunday and the firm did not respond. Earlier today, I sent the firm my additional research and asked more about the incident; I have not yet received a response. It’s possible journalists are being targeted, but that’s just speculation. It seems reasonable that users with sizable followings would be targeted. I’ll update the story when I know more.