An email popped up in my inbox the other day from Threads HR. I was selected to be the Vice President of Social Media due to my amazing resume and qualifications.
I found this to be rather remarkable…because I NEVER applied for such a position. According to the email they “are genuinely excited about the possibility of (me) joining (their) team and contributing to the future of Threads.”
Then they give me directions on how to accept this amazing off: “Please let us know your thoughts on this opportunity by replying to this email. We would love to discuss how your vision and expertise can help shape our social media strategy and drive our brand forward.”
They even make me feel special – “Thank you for considering this exclusive invitation. We look forward to hearing from you soon!” See, it’s exclusive!
This particular email came from Threads Recruiting ([email protected]). The logo looked legit and if I didn’t know better and was looking for a job I might be tempted to reply just to learn more.
New Tactic, Same Scam
However, this is the second blog I have written on scams coming from those impersonating Facebook so I know the drill. (You can check out my first blog here) These emails are new but they are definitely part of a larger scam operation.
Every day my clients send me another notice that they have received on Facebook messenger or Instagram. My account is going to be deleted…AGAIN. Words are spelled wrong, the letter i and number ones are swapped. It’s clear that English if often not their native language as well. The words are choppy and the sentence structure is rough to say the least.
This is actually what gave me pause when I received that email the other day. It was very well written! It was rather convincing and I can absolutely see where it could lead someone astray.
As I said, this isn’t the only email I have gotten recently. I was also being recruited by WhatsApp as well. I’m very popular lately.
This email was similar in nature – WhatsApp has an amazing opportunity for me and they can’t wait for me to jump at the offer. This time it was the role of Senior Social Media Manager of WhatsApp. Again, the language was very smooth, the bullet points were something crafted from ChatGPT, and clearly the intent was to persuade me to respond.
Yet, they made a critical error. The logo gave the game away. A B instead of a phone is not the WhatsApp logo. And the email came from [email protected]. Not even close to a Meta email address.
How do you know if it’s a Fake Email or Real?
I had a client ask me if an email she received was fake or real from Instagram. The main concern here is that the email was coming from an email that is known to be from Meta. I asked if she got an additional notice through messenger. When she said no, I concluded that it was more than likely fake.
But how do you really know?
Because of the insane amount of phishing scams that are happening, Facebook and Instagram actually have help pages designed to tell you just this.
On Instagram you will need to go to your profile (business or personal, it’s the same steps) and click on Security or Password and Security.
Then go to Recent Emails.
Once you are in recent emails you can choose SECURITY or OTHER. These are emails that have been sent to you over the past 14 days. SECURITY emails are the ones that talk about new logins, passwords changes, etc. The OTHER tab has all other emails that have been sent to you that may deal with a variety of issues with your account.
Facebook Check – How do you know?
Facebook is a bit harder to navigate for a business. For a personal profile the steps are initially the same. Here is the link that can guide you through it.
The other big thing that can be duplicated but often is the best sign that the email is a scam is to check the email address. Here are a list of legit email addresses the Facebook has provided at the link I pasted above:
- meta.com (including account.meta.com)
- facebookmail.com (including priority.facebookmail.com)
- facebook.com (including support.facebook.com and developers.facebook.com)
- fb.com
- metamail.com (including global.metamail.com)
They do give the disclaimer that these email addresses have been used rarely by scammers, so do your due diligence. Also, check the spelling of the email address if you are concerned. My suggestion is to head to the security spot in your account and check there. That will be the most reliable way to know if your emails are fake or real.
So What Do We Do?
Bottom line is that the phishing scams are getting more sophisticated. They aren’t embedding a link that you push, they are requesting you to reply and then send sensitive information when you do. It’s just another attempt to steal your identity or gain access to your account on Facebook, Instagram or WhatsApp. From there, it’s anyone’s guess what they can do with that account. For a business account it can be a disaster and lead to financial ruin. For a personal account it may just be a nuisance, or it could also lead to a bigger identity theft.
Because here’s the question. Do you use Facebook, Instagram or WhatsApp to login to any other app?
Now may be the time to rethink that tactic. It seems easy, but if someone gets into your Meta account, then they can get into your email and then all of your personal information.
It is a tangled web indeed that we weave.
Are you getting these messages? Do you report them? What is your tactic?
I would love to hear from you!