It is rather alarming to get a message accusing you of “page harassment” and a “copyright infringement.” But …..
Deep within the bowels of a business account on Facebook is a Meta Toolset for managing a “page.” This is the face of the business. I say deep because as a more casual user of Facebook, I did not discover this Message Inbox until a few months ago. It was here that I discovered a rather peculiar message.
Needless to say, my most immediate response was “Oh, no. What did I do now?” But I took a moment and decided to break this message down bit by bit.
The Message Itself
First clue of a scam was the dual purpose of the message. Page Harassment and Copyright Infringement are two different things. Harassment is when you use social media to “dox” somebody or threaten them. This violates the “community standards” of Facebook. A copyright violation, however, is backed by federal law that protects intellectual property.
The other clue was that I did not even read this message until weeks after it was sent. My account was never de-activated because I did “not confirm within 12 hours.” Good thing I am hopelessly asynchronous when it comes to social media. 🙂
Finally, the phrase “Thank you for helping us improve the META Service System.” It seemed grossly inappropriate for the general tone of the message.
The Link
I will get into other particulars about the message later in this discussion. What I did next was take a deeper look at the link. Shortcut links in Facebook messages can be deadly. Note that the message asked that I “verify your account.” This is the hook in the phishing attack.
So the link was quite extensive and it immediately left a clue that something was up. What is buried inside this lengthy URL?
https://l.facebook.com/l.php?u=https%3A%2F%2F847548734734.taplink.ws%2F%3Ffbclid%3DIwAR32l5sORFFsXx2qTTfkeOJpDKb9OfozgJDCHB3Qs4fH7hYCsclWLUmKr0k&h=AT3gzELTFdBgKiklbF4C_8ThzsEmUhB73JASDia_IScG99c0CgHS0oSiVv325gvsUhB5MhIufGIn-H-B2VOUiNeVFCWZQ413_sT99F2RGSlYZ87RK8YRWOi5h6FHFrkPuoWS_A
At first glance, this looks like a facebook.com address, but it is actually a PHP directive, a scripting language used on websites. The actual domain that is hosting this script is taplink.ws. Using WHOIS to check on the hosting site, the results show that the hosting name servers are at cloudfare.com and that the registrant is a proxy. taplink.ws has nothing to do with facebook.com, a company that would not need to hide behind a proxy. And in case you are curious, “ws” is the top-level name for the country of Samoa.
The Sender
Now we focus on the Facebook aspects of this bogus message. Referring to the photo above, off to the right (not in the photo) is information about the sender. For a normal message, you would see a place to click on a person’s profile. Elijah, presumably a Facebook employee, had no contact information. The phantom used a name that is about as popular as “John Smith.” There must be a million Elijah Hayes’ on Facebook. So this guy was not found scanning users with that name.
So we return to the message, which points to what are presumably Facebook services or departments.
There is the Meta Service System. The phrase comes up empty in the Facebook Help Center. It even fails to come up with a match in Duck-Duck-Go. Same result for Facebook Security Report Team. Even something as simple as Facebook Meta came up short with no match in the Facebook Help Center and only approximate matches in Duck-Duck-Go. Meta is the corporation that runs Facebook, not vice versa.
What Does the Internet Offer?
The final stage of the investigation is to see how widespread this scam has become. Typing “Facebook Copyright Infringement Scam” in the search engine, dozens of articles are presented, showing a scam that began to pick up steam last summer. Several warnings were posted last Fall, but this hoax goes back several years. Kaspersky reported the scam in 2021, providing some insight into just how the scammers pull this off. Tom’s Guide noted the result of the scam – a locked account. The scammers present a Facebook-like page, you type in your ID and password to verify, and your account is suddenly locked out. Cybernews has a report on the subject this past month.
Conclusion
To wrap up this discussion, we need to return to the human side of this scam. Basically, does this message concern you? Copyright infringement? As an individual user of Facebook, you have little to be concerned over a copyright infringement. But as a business or organization, you take these warnings seriously because you have skin in this game. A website like EricN Publications uses hundreds of photographs, links with dozens of content creators and cites several writers. So it is interesting to note what Cybernews reported, “Organizations that rely on their Facebook page for advertisement, awareness, and other business activities could be particularly vulnerable,” quoting a report from the security firm Avanan.