Social Media Marketing
facebook logo

Scammers Posing as Meta are Emailing Facebook Page Admins Claiming Their Page Uploaded Content That Violates Guidelines

By Joe Youngblood

NOTE: This article is about a scam where the scammers sent emails to random email addresses claiming to be Meta. For our article on the scam where they send messages on Facebook from Pages pretending to be Meta Business Suite, Meta Security, or some alert notification see this article: Someone is Messaging Facebook Pages Claiming They Have Violated Facebook’s Content Policy – It Is A Scam

Scammers are sending phishing emails out scaring small business owners and then stealing their Facebook login information and Facebook / Meta is not taking action on this latest scam. We’ve already had several clients get these emails as have several colleagues. Hopefully this article keeps you from falling prey to this until Meta decides to actually take action and protect users.

If you are getting an email with a link that takes you to a Facebook Page / account called “Restriction Alert” or “Restriction Details” it is a scam. DO NOT TAKE ANY ACTION THE HACKERS WILL TAKE OVER YOUR ACCOUNT.

There are a few versions of this scam going around. The first version claims the emails are coming from Facebook (not Meta) and specifiy copyright infringement. Here is how one of those reads:

Dear,

We just received a report from a third party that the content you posted infringes or otherwise violates their rights.

Accordingly, your account has been repeating these actions, this means your Facebook Account might be disabled, and your page might be removed.

If you believe these reports are not being made in good faith or are inaccurate, please click the link below:

https://www.facebook.com/5142623199132977

We are glad to help you,
Facebook Team

And here is how another one, this time claiming to be from Meta, reads: 

Hi [Name],

We've received numerous reports about the content on your account. This is a serious problem that goes against our standards. Please keep in mind that we reserve the right to change, suspend, or revoke your access at any time. We've prepared a case for you to appeal and resolve the matter effective immediately.

https://www.facebook.com/142676918297856/

Please keep in mind that if we do not receive an appeal from your account we have to respect the decision mentioned above.


Sincerely,
Facebook Support.

These scams look legitimate because they use a post on a Facebook Page as the landing page for the email phishing scam, which then redirects users to another site. Shoutout to Gyi Tsakalakis for posting these screenshots on Twitter.

All of the Pages / hacked accounts used in this scam are titled “Restriction Alert” or have the name “Restriction Details” most of them we have seen so far have the logo / profile photo of a blue-ish colored shield. The pages often have no other posts, no cover photo, and the post you are given a link to can’t be found from their main page. This is likely why when reported to Facebook neither the page or the posts are taken down. The accounts will have a mixture of old posts and photos from the actual account owner and newer posts about the scam.

Screenshot of a Restriction Alert scam Page on Facebook:

facebook restriction alert page scam
A screenshot of one of the Restriction Alert scam pages on Facebook.

Screenshots from a Restriction Details hacked scam account on Facebook:

restriction details hacked facebook account scam
Here is a personal account that has been hacked with their personal name changed to “Restriction Details”
restriction details scam account with real friends from hacked user
Here we see the friends this once real user had on Facebook before the account was hacked by the scammer.
facebook restriction details scam account photos
This hacked account used to be a mother posting photos of her and her baby. The scammer never took down the photos.

The scammers use a multitude of hosting / domain registrar resources. For example the above mentioned scam page uses Namecheap for the domain registrar and for hosting using the domain “502619802.com”. The scam account that comes from a hacked user is using Google’s Firebase Hosting for the hosting on the top level domain “Web.app” which is owned by Google. There are likely dozens more variations floating around out there, designed to mitigate risk when Meta’s security team actually starts to care about this or when a hosting / domain regsitrar catches wind of their system being used for the scam.

whois data for the domain 502619802.com used to scam Facebook users

whois data for the domain web.app used to scam Facebook usersfs

Facebook is not the hottest social media website right now, but it is still a main staple of nearly every business on the planet. That is a bad combination because it often means less attention is being paid to Facebook than a newer platform like TikTok – which means when an email like this comes in it might get a less logical review and a more emotional response from whoever runs the social media for a business / brand.

When our clients get the email they freak out and almost immeditely try to take action, but thankfully all of them have asked us first and we have been able to stop them.

For those who are not aware, Facebook has a “Quality” section for each page where issues are likely to be reported. You can find it at this URL: https://www.facebook.com/[page]/quality

If there are content issues with your page they should be listed here.

Facebook / Meta is also likely to sign you out of your account and force you to sign back in if you have a copyright infringement claim against your Page.

This is not the first scam similar to this using Facebook Pages to appear authentically as Facebook or Meta in some fashion and then using that to phish for passwords either throuh email or via Messenger messages to the Page. They go back at least to 2019 when I wrote about a different version of this scam and might be even older.

Here’s my advice to avoid getting scammed out of your Facebook / Meta login:
1. Never click on a link from an email or message to your Page / account claiming to be Facebook or Meta.

2. If you have a Facebook Management agency, Facebook Ads agency, or social media consultant you trust forward any messages to them and ask if they are authentic.

3. Check your Page, Business Manager, or Ads Manager for any notes from Meta or Facebook staff directly. When it comes to Pages these issues are almost always located inside of the Page Quality section.

4. You should also be aware that Facebook has atrocious support for all users, so be on gaurd about any claims from someone from Meta or Facebook trying to be proactive about any issue. Never ever give someone your user name and password, even if you think that person is from Facebook.

What happens if you have already fallen prey to this scam?
1. The hackers stole your personal account, Page(s), Group(s), and Ad Account already.

2. To evade Facebook’s security measures they might have already changed your profile photo, deleted all of your photos and posts, unfriended your friends, changed your email, changed your phone number, and changed your password on your personal account.

At least one of these is typically needed for Facebook’s ‘hacked’ security team to alow you back in. The hacked security team is capable of reversing most or all of these issues, but it is at best sporadic. It is highly possible that they reset your account but do not allow you to login to your account. When this happens it becomes impossible to regain your account.

3. Hackers might try and blackmail you to regain access to your account / page / ad account etc… especially if they see value in some of them. The price will be high, we have seen requests up to $50,000 USD. Do not ever pay for a Facebook account or page that has been hacked as the hacker is likely just scamming you a second time.

4. Hackers will either use your account to spam your friends (if they didn’t unfriend them), add it to their scam operation (see above), or sell your account and assets on a marketplace somewhere. It will be nearly impossible to find these since the names / content has likely been changed to something completely different.

5. Scammers on Twitter, Instagram, and Reddit will claim they can hack your account and get you back in. This is a tier 2 scam that builds on the first one, often ran by the same scamemrs or those who are intimately familiar with the first group of scammers tactics.

If you fell prey to the “Restriction Alert” Page scam and your account has been hacked your best and only real option is to report this to Facebook here: https://www.facebook.com/hacked

Wondering how prolific this scam is? Here are all of the hacked pages/accounts Facebook would show me for each search.

Hacked accounts renamed “Restriction Details”
hacked accounts on facebook renamed to restriction details

Hacked accounts renamed to “Restriction Alert”
hacked accounts on facebook renamed to restriction alert

Hacked pages renamed to “Restriction Details”
hacked pages renamed to restriction details

There a lot more that are for one reason or another hidden from my account’s view, but hopefully this shows the scale of the problem is rather large.

Need a reliable Facebook marketing agency? Want to get the most out of Facebook and other social media networks while building a great brand and community? Hey, we’re experts at that. Reach out and tell us what your needs are and we’ll tell you how our services can help achieve your goals.

Joe Youngblood

view all posts

Joe Youngblood is a top Dallas SEO, Digital Marketer, and Marketing Theorist. When he's not working with clients or writing about marketing he spends time supporting local non-profits and taking his dogs to various parks.

14COMMENTS Join the Conversation →