For better or worse, we put a lot of ourselves and our lives into social media.
Social media is a hub not just for engaging with friends, but it’s a core promotional tool for businesses, it’s a connection to family, and it is a place that we store both personal and financial information.
In short, it’s a major part of both our personal and professional lives.
However, that central location makes it both devastating to lose and a tempting target for those who want to misuse it.
Those scammers have been increasingly using copyright, or rather the fear of a copyright notice, as a tool to get people to click scam links and give up their Facebook or Instagram credentials.
Though Facebook copyright scams have been around for a very long time, they seem to have grown drastically since roughly the start of the pandemic, with 2023 being, most likely, the busiest year yet.
Though the scam has definitely ensnared more than a few users, including many who are savvy, the scam itself is pretty easy to spot and avoid if you know what to look for. One just needs to be aware that this is a common vector for a scam and use appropriate precautions.
To that end, we’ll take a look at how the scam works, what you should look for and how to protect yourself. We’ll also take a look at a few other common scams that Facebook users may run into.
Who is Being Targeted?
Anyone with a Facebook account is a potential target. In that regard, it’s no different from any other phishing attack. However, this specific attack seems to be targeted more at administrators of Facebook Pages, in particular for businesses.
In fact, as I learned over haunt season, one way to virtually guarantee a flood of these scams is to run even a small advertising campaign on Facebook. Not only does this get your page in front of the eyes of the scammers, but it tells the scammers that you have financial information tied to your account.
Regardless, anyone on Facebook can and will likely see one of these scams. But the lion’s share appears to target Page (and some group) administrators, especially those with financial information tied to their account.
How Does the Scam Work?
The scam is actually a subset of a larger group of scams where scammers impersonate officials at Meta, pretending to alert the user of some issue with their page or account. Those can include alleged violations of copyright, community guideline violations, or simply that an account was locked for security reasons.
The messages come in various ways, including via email to the administrators or even a scam phone call. However, the most common is either through direct messaging to the page or by tagging the page in a separate post. In either case, the scammers will create a fake but convincing-looking account impersonating officials at Meta and send a letter threatening some kind of action, such as shutting down the page or locking the account, unless the admin immediately resolves the issue.
That required action, inevitably, involves clicking on a phishing link that, while looking very much like a Facebook or an Instagram page, is actually on a server hosted by the scammer. There, they collect your login credentials, sometimes including your two-factor authentication, and access your account.
What they do from there depends on the scammer. Some will simply hold the account for ransom, others will use it to post and distribute spam/scam links, some will attempt to access financial information and the list goes on. Regardless of the end goal, the user ends up locked out of their Facebook account, including any pages connected with it.
How to Avoid the Scam
Most of avoiding the scam is simply knowing that this is now a common vector of attack. It really relies on users not being aware that some scammers will feign a copyright infringement notice.
That said, there are several things that you can and should do to both spot and avoid these scams.
- Look for Vague Claims/Information: An actual copyright infringement notice will (or at least should) have a wide range of details, including specifically which post was infringing, what the alleged infringed work is and who is claiming the infringement (along with their information). Any claim without details is immediately suspicious.
- Check URLs: Ideally, you should never click on URLs in an email or in a direct message. Instead, hover over the URL and make sure that it actually points to Facebook, Instagram or another Meta site. Please remember that, just because a site has a green lock, does not mean that it is actually the site it claims to be. It just means that the connection with that server has been secured.
- Ignore Urgent Threats: If the notice wants you to do something immediately or urgently, that is another red flag. Most copyright notices are informative, letting you know that a work was removed with no further action is usually needed on your part, especially if it’s the first such report.
- Check Official Sources: Log into your Facebook or Instagram account (typing the URL yourself) and check to see if Facebook has sent you an official alert. This will not be an alert in your messages, but in your settings for your profile or page. You can also contact Meta directly if you are unsure.
- Multiple Recipients: Often times, when sending emails or using tags, scammers will send a message to dozens or hundreds of recipients at once. That is a clear sign that the notice is fake. A copyright infringement notice, the same as any other community guidelines violation, should be sent only to the person that it’s about.
All in all, once you know that this is a common vector for targeting Facebook and Instagram accounts, it becomes easy to avoid it. Awareness really is the best defense.
Variations on the Scam
Though most of the fake Facebook/Instagram copyright scams appear to be phishing scams and offshoots of other Meta impersonation scams, there are variations of the scam that can take slightly different approaches.
- The Speculative Invoicing Scam: Speculative invoicing is a copyright protection approach that involves detecting alleged infringements and sending notices to the infringers demanding a small fee to settle the case. However, some scammers have seized upon the practice and are filing similar demands for images or content that they don’t own. These scams will not appear to come from Meta, but instead will impersonate the rightsholder directly. Beware any demand for payment that wants it in gift cards, cryptocurrency, wire transfer or other difficult to trace format.
- The Fixer Scam: Here’s the scammer will say that the copyright issue (or other community guideline issue) has caused your account to be locked and demand that you pay them a certain amount to get it unlocked. In these scams, the message does appear to come from Meta (or someone who works with Meta) but is not. Once again, beware any demand for payment that comes in a format that is difficult to track.
- The Copyright Strike Scam: This one is less of a scam and more of a blackmail. Here, the scammer threatens to send real copyright notices to get an account locked if they aren’t paid. This often comes after one or two real takedown notices. This approach is more common on YouTube than Facebook or Instagram. The best thing to do is file counternotices against false takedowns and make sure that Meta is aware of the threat against you.
All in all, these are just some of the variations of this scam. This is by no means a complete list.
The important thing is to be aware that these scams do exist and to not panic when you receive a copyright infringement notification. It’s rarely worth panicking about, even if it is real, but stressing about it too much too quickly can lead you to ignore red flags that should make it clear the message isn’t authentic.
One of the challenges in writing this post is that there is no singular “Facebook/Instagram Copyright Scam”. Instead, it’s actually a group of scams that all use a fake copyright infringement notice as a vector.
As such, the most important thing is to be aware that these scams do exist and that, if you get a “copyright infringement notice” you need to make sure it is legitimate.
To that end, it makes sense to take all the regular precautions that are recommended, including having two-factor authentication, ensuring that all the administrators of your pages and groups are aware of this scam and locking down access and permissions as much as possible.
There’s nothing particularly special or specific about avoiding this scam versus similar ones that target community guideline violations, security notices and other “infractions”. It’s just a matter of knowing that the scams exist, not panicking when you see a notice and thoroughly checking everything before taking any action.