Observant Facebook users are familiar with these fake pages, which are currently popping up on a massive scale and continually unsettling page owners. Allegedly their page was restricted because it violated Facebook community standards and guidelines. To solve the problem, the frightened site operators should follow a shortened link. And you can easily become a victim of data theft. With all sorts of unpleasant consequences that come with phishing and identity theft. And that we at Mimikama tirelessly warn about every day. Call us Sisyphus. These fakes are our stones that we keep rolling up the mountain. Knowing that tomorrow they will be down again.

What follows is a personal report, because we Mimikamas are sometimes chosen as victims by chance. But we're lucky in that we're all extremely suspicious of cyberfakes and scams. This helps a lot and is absolutely recommended to every user of the Internet. But sometimes the real problem comes from a completely different direction and then it becomes absurd.

Personal checklist for fake alarms

If you warn about the same traps over and over again, a slight frustration will eventually set in. And if you suddenly notice in your messages that you have been tagged on a dubious site, several things happen.

1. You become very calm and try to assess and analyze the situation professionally. What happened? What could the cybercriminals' goal be? What are the dangers of further actions such as clicking or similar? Maybe the team of colleagues knows more?

2. Take screenshots. Document every step. Unfortunately it doesn't always work, but it's important. Fakes that try to trick us often become new articles for our users. If it hasn't already been there because the problem was noticed before or was brought to our attention Mimikama report form

3. Report the attempted fraud to Facebook immediately. Ultimately, the hope that Facebook will eventually and somehow get the problem under control with its AI dies last. We are capable of suffering and very resilient to disappointments about the reactions of the Facebook teams. Unfortunately we have to be too. You know that.

4. And sometimes, this is where the slight frustration mentioned above about the never-ending fakes comes into play, you just want to fire back, react, work off your aggression through this barrage of harmless users with the intention of harming them. Yes, that's not factual, constructive, but human... Or?

What exactly happened?

Yesterday afternoon, a notification suddenly appeared in my messages that I had been tagged by an unknown site.

Two red flags: The term “Social” was misspelled (“Socail”) and the page title contained a long string of numbers.

A sure sign that the page name was created automatically and that is never a good sign. All antennas automatically started receiving. But not much had happened so far; the site I run was initially only mentioned in a post.
At this point I reported the fake to Facebook for the first time: Point 4: Report the problem to the notification team.

Notification of the fake site. Image: Mimikama/SB
Notification of the fake site. Image: Mimikama/SB

Then I took a closer look at the page that marked my page and my suspicions were confirmed.
After a friendly greeting, the finger is raised that your site has violated the rules, here the standards and guidelines for communities. And that this violation of the rules is associated with a sanction and that it is the worst thing that could happen to a site operator. The site has been restricted, meaning it is no longer visible and cannot be used. Zero visibility, zero reach! Total catastrophe if that were actually the case.

If you look at Facebook's successful efforts to commercialize pages, i.e. to connect them with shops, a message like this often triggers panic in inexperienced users and a cold sweat runs down their backs.

Phishing attempt on a fake site, image: Mimikama/SB
Phishing attempt on a fake site, image: Mimikama/SB

First the shock, then the (redemption).

But: A solution is offered: you should follow a link and take measures to reactivate the page.

No Facebook link is offered, but an unknown one that has been shortened with TinyURL. The target URL with other telltale characteristics cannot be easily identified. In addition, time pressure is also built up.

The supposedly sanctioned site operators should respond within 24 hours, otherwise the account will be permanently deactivated! Wow, what a club! Stress arises?! Better not, just keep calm! Both the concealed, shortened target URL and the time pressure are clear indications of fake pages. The aim is to provoke a spontaneous, thoughtless action, where people click without thinking or data is revealed.

Target of fraudulent fake sites

I didn't succumb to this pressure to click, but I almost certainly assume that the gullible users are being directed to a fake Facebook login page where they are supposed to log into their account. Once this has happened, the access data is gone. If the fake is not noticed, the account is taken over by the fraudsters, the password is changed and a different email address is entered for password recovery.

Many users still do not have 2-step authentication enabled. At this point at the latest it turns out to be a mistake. If you immediately notice that something is wrong, you should IMMEDIATELY try to change your password to kick the fraudsters out of your account. This can work if you are quick enough. Once the account has been taken over, all sorts of mischief can be done with it, including financial loss.

Why now (my) violation of community standards?

So much for the factual background. Let's move on to the human aspect. The first message that there is spam is in the notification. The second report as spam directly in the incriminated post itself. I obviously understood that this was a fake page and documented this twice to Facebook. And then I “vented” and commented. My comment was:

"Fake. A report has been filed.”

Wohoooo, evil, right?

Then within an hour a new notification. So my harmless comment, which I wrote on a site that has already been reported as spam, violates the Community Standards Against SPAM? Really now, Facebook? Couldn't it be more senseless? In contrast, Elon Musk is a role model of structured, reliable and predictable thinking. And apart from the fact that I commented on a spam site that I reported myself, what about those four words violates the standards anyway? Can't a fake site be called a fake site?

Comment on spam page violates community standards against spam, Image: Mimikama/SB
Comment on spam page violates community standards against spam, Image: Mimikama/SB

Interestingly, this notification can still be found in my notifications. However, those with the mark on the fake page are no longer there. Should Facebook have deleted the fake page? So you yourself realized that there was spam on the way? However, I have not yet received a notification that the decision regarding my violation of the community standards has been withdrawn. However, this would not be unimportant, because these violations can also result in unpleasant sanctions. Particularly annoying when you haven't done anything wrong.

Further!

Of course, I used the CONTINUE button to clarify the matter. Here too, hope dies last that Facebook will give the opportunity to explain itself and check things in a timely manner. And as always, this request turns out like the Hornberg shooting. All I learned was that the rating was automatic, meaning the Facebook AI became active and apparently became active based on keywords and sanctioned me.

Sanction is based on technology. Image: Mimikama/SB
Sanction is based on technology. Image: Mimikama/SB

A little clarification of terms: hack vs. phishing

Such an account takeover is NOT a hack. The users gave her data voluntarily, but under false pretenses. In order to hack an account, fraudsters would have had to hack into the Facebook servers and steal the access data there. What is happening here is a phishing attempt, i.e. an attempt to fish out access data in order to take over user accounts using the normal Facebook functionality.

Conclusion

Always remain alert and suspicious when you are online.

Pay attention to the typical spam characteristics and above all: always be careful if time pressure is to be created in any way. And finally: Weigh your words carefully so that they should not be seen as a violation of community standards. It's best not to comment on fake sites at all. Maybe Facebook saw this as cooperative behavior? Because we know one thing: contextualization, i.e. looking at and taking connections into account, is not the thing of Facebook AI.

More about Facebook Community Standards
More about phishing on our Mimikama topic page
Already read? A Mimikama fact check: “Spike blood” – The nonsensical demand from vaccination opponents for their own blood banks
Sign up for the Mimikama newsletter

Notes:
1) This content reflects the current state of affairs at the time of publication. The reproduction of individual images, screenshots, embeds or video sequences serves to discuss the topic. 2) Individual contributions were created through the use of machine assistance and were carefully checked by the Mimikama editorial team before publication. ( Reason )