Is This Message Really From Meta? How to Spot Facebook & Instagram Scams Before They Catch You Out

Is This Really Facebook? No. No it’s not. It’s a scam.

If you’ve received a message on Facebook or Instagram claiming your account is about to be suspended, you’re not alone. I’ve had a whole flurry of them lately, complete with dodgy links, fake urgency, and suspicious logos. And I know I’m not the only one.

These scam messages are designed to look like they’re from Meta (Facebook or Instagram), but they’re not. They’re phishing attempts; carefully crafted to trick you into handing over your login info or two-factor authentication codes.

If your charity, CIC or small business relies on social media to connect with your audience, it’s worth knowing exactly what these messages look like and how to avoid being scammed.

Common Tactics in Meta Scam Messages (aka Phishing Attempts in Disguise)

1. They Pretend to Be Meta Support

Scammers love dressing up as Meta’s business support or security team. They’ll use official-sounding names like “Meta Business Manager” and slap on a sketchy logo. It looks real at first glance, especially if you’re reading in a rush. But don’t be fooled. Always check the profile or email address, it’ll often be packed with numbers, odd spellings, or fake verification ticks.

2. They Try to Scare You

“You’ve violated community standards.” “Your account will be deleted in 24 hours unless you act now.” “This is your final warning.” Sound familiar? These phishing messages are designed to spark panic and get you clicking before you’ve had time to think. If it’s overly dramatic and demands instant action, treat it with suspicion.

3. They Include Phishing Links

This is the big one. Scam messages almost always contain a link. Sometimes it’s shortened, sometimes it looks just like the real thing but with a few sneaky letters switched around. Click the link and it’ll take you to a fake login page that mimics Facebook or Instagram. You enter your login details thinking you’re securing your account, but you’ve just handed over the keys.

Typically with these linkts the first part of the address is a totally different website, but the end of the url might contain words like 'meta community' or 'community standards instagram'.

4. They Ask for Two-Factor Codes

Some phishing messages go one step further and ask for your two-factor authentication code. This is a dead giveaway. Meta will never ask for this via DM or email. If someone has your password and your 2FA code? They can lock you out completely.

5. They Accuse You of Breaking the Rules

Phishing scams often claim you’ve posted something that breaks Meta’s terms: copyrighted content, “false information,” inappropriate images, etc. It’s designed to make you second-guess yourself and appeal straight away usually by clicking their fake link.

What To Do If You Think You’ve Been Phished

Firstly you’re not stupid. These scams are professional-looking and designed to exploit busy people doing their best. If you think you might have clicked a phishing link or entered your details:

🔒 Step 1: Change Your Password Immediately

Do this for both Facebook and Instagram, and anywhere else that might use the same password (naughty, but common).

🔐 Step 2: Enable Two-Factor Authentication

If you haven’t already, set this up via your Meta settings. It gives you an extra layer of protection.

🚨 Step 3: Check for Suspicious Activity

Log in to your Facebook or Instagram settings and review any recent activity. If you see logins from strange locations or devices, boot them out.

🧹 Step 4: Report the Scam to Meta

Use Meta phishing report form or report the message directly through the platform.

👥 Step 5: Tell Your Team

If multiple people manage your accounts, make sure they know what’s happened and can keep an eye out for anything suspicious.

Top Tips for Staying Safe

• Don’t click any links in dodgy DMs or emails, unless you’re absolutely certain they’re legit. If there’s even a flicker of doubt, don’t touch it.

• Check the sender carefully. Real messages from Meta will appear in your account’s official notification centre or come from a verified Meta email. If it’s from “metasupport8392@gmail.com”? Nope.

• Watch out for scare tactics. Genuine messages won’t shout at you in all caps or threaten to delete your account in 24 hours. Real issues are explained calmly and clearly. If it sounds panicky, it’s probably fake.

• Don’t reply. Don't engage with them.

• Report it to Meta. It helps flag dodgy accounts and patterns.

• Delete the message. No need to keep it hanging around like a bad smell.

• Make yourself a coffee, light a candle, stroke a rock, whatever brings you back to calm.

Lets Take a look together

Here are a few real scam messages I’ve received over the past few days. Yes, they’re that frequent. And yes, they’re all this bad.

Scam Example 1: 'Support User'

Our first scammer has entered the chat. Let’s break it down:The name? Support User. What does that even mean? And the handle? supportuserid47264. First alarm bell right there.

Then we’ve got a cheery little “Hello user.” Not my name. Not even a generic “Hi there.” Just… user. I mean, clearly they didn’t have the time (or energy) to personalise it. So many people to scam, so little time.

And of course, the kicker: “You have 24 hours to verify your account.” The classic panic tactic.

And look! A link. Because no phishing message would be complete without one.

Scam Example 2: 'Zlatka Trichkova'

This next message came from someone called Zlatka Trichkova. No profile image. I can’t decide what looks more fake: a dodgy icon or nothing at all.

Now this one’s a bit of a mess. It starts by saying my account was permanently banned on 5th June (which, by the way, is today, two days after the message was actually sent). Then it claims someone has taken over my account to impersonate me and… generate revenue? Honestly, if that’s true, I’d love to know how they’re doing it. Could use the cash. And of course, the post claims the content I’m sharing is “misleading or inaccurate.”

Oh look, and there's the link to click. To be fair, they did take the time to stick Meta’s logo on it. It’s a nice touch. Makes them look slightly more legit, until you read literally anything else in the message.

Scam Example 3: 'AI Support'

Last but not least, we’ve got this gem from AI Support. Ooooh, fancy. The account name? aisupport945470. Because nothing screams trustworthy like a string of random numbers. My guess is that's the number of accounts they have had to create because they keep getting shut down.

This one came with the heading “Security Notification” and—credit where it’s due—the tone is much softer. It almost sounds believable. Polite. Professional.

Buuuuuuuut there it is again: a link, a 24-hour deadline, and a friendly little threat that my page is scheduled for deletion.

Learn more about Fraud and Cyber Crime

If you want to feel more confident spotting scams, I highly recommend checking out the Action Fraud website website. It’s the UK’s national reporting centre for fraud and cybercrime, with clear, practical advice on things like phishing, fake accounts, and keeping your organisation safe online.

You can also use it to report any suspicious messages or dodgy links you've received, even if you're not sure.

Knowledge is power. And reporting helps stop the scammers in their tracks.

Stay safe! Don't click the links

Meta scam messages are becoming a daily nuisance but worse than that, they’re a real risk for charities and small businesses that rely on social platforms to build trust and reach their communities.

If you’ve received one of these messages recently, don’t worry you’re not the only one.

And if you’re ever unsure about a message? Ask someone who knows what a phishing scam looks like (I know a girl…). Give me a follow on Facebook. Let's be friends :-)

PS: why not check out my Social Media Support for small charities. It's designed to help you stay visable, without the overwhelm.