Online scams have always been a thorn on every Internet user’s side. They’ve preyed on thousands if not millions of people around the world. Some can be spotted from a mile away and are often hilarious to read. But there are many others that aren’t so easy to spot for the untrained eye.

One of the most dangerous but seemingly innocent of them all are the phishing scams. Phishing is when scammers try to trick you into giving them your personal data. It can range from your passwords, contact numbers, credit card or bank account details, or maybe even all of these at once.

If you’re not used to getting messages from phishers, it’s very easy to get fooled by them. They will often use names and even website addresses that are very similar to official company websites.

Social media isn’t secure from phishing schemes either. You can easily create fake profiles and masquerade as a whole other person or business. But if you know how to distinguish what’s legitimate and what’s not, you can keep yourself safe from harm.

A while ago, my brother-in-law received a message in his Facebook page’s inbox, saying that he violated several copyright laws—even when he hasn’t. He shared his screenshots on his timeline so that we’d all be aware. I was one of the first to see it.

Why don’t we make a little critique of this? How many red flags there are in this message alone, I wonder?

It Wasn’t Sent to The Support Inbox

The first sign that this obviously is a scam is that this message was sent to his Facebook page inbox. You see, legitimate messages from Facebook head straight to your Support inbox. If you don’t know where that is, go to the Help Center, or just click on the Quick help button.

This is what the Support Inbox looks like:

The Content Sounds Unprofessional

Another thing is that the wording of the message itself seems somewhat…awkward. First, there is no mention whatsoever of the recipient’s name and they didn’t cite any instances wherein he infringed on the copyright of others. Second, there is also the thinly veiled threat that his account will be deactivated if he doesn’t take action.

It sounds quite amateur-ish as a whole, wouldn’t you agree? You can clearly tell that English is not the sender’s first language. And besides, if this was from Facebook, would they really be sharing a shortened link with us?

My in-law decided to click on the link anyway, just to see where it would go. It led him here:

The Address is Alarming

Now, the biggest warning sign here is the URL itself. Check out the main domain, which is “id-1995288.com”. The “facebook.com” is only a subdomain. If it were a legitimate link from Facebook, the main domain should always be “facebook.com”.

You Have To Fill A Form?

The text seems rather straightforward, right? Copyright infringement is bad, here are examples of works that can have copyright, original this, creativity that.
But what’s this? He’s obligated to fill out a form? Let’s see what my brother-in-law found next:

This Isn’t How Facebook Deals With User Issues

Here’s the thing. If Facebook has any issues with you, they don’t require you to fill up a form with your identity, password, contact details, or have you click on any outside link to acknowledge that there is a problem. You should also be able to respond directly to the Facebook staff about the matter.

More unprofessional wording aside, the threat of deactivation appears again, this time with a “time limit”. And check out this little gem:

It was a valiant effort, Mr. Phishing Scammer, but your spelling error was the last straw.

Moral of The Story? Be Careful With What You Click.

I hope the red flags I’ve pointed out here can help you out in the future too. When you receive messages like this, always have a keen eye and read and observe everything carefully instead of just clicking immediately out of panic. Don’t fall for a scammer’s “threats”—they’re usually just empty anyway. It’s best to just ignore them and move on with our lives.