Resources
Our resource hub offers tips, articles and updates on cybersecurity advancements to help you stay safe online.
Help Center:
Facebook
- About Meta's detection and prevention of invalid clicks
- How to know if a public figure or brand on Facebook is authentic
- I got a suspicious email or message that looks like it came from Facebook
- I've been contacted by a Meta representative. How do I know if the phone call and/or email I received is real?
- Keep your Facebook account secure
- Protecting businesses across Meta technologies
- Protect yourself from phishing on Facebook
- Report Scam Advertising
- Tips for shopping responsibly on Marketplace
- Two-factor authentication
Instagram
WhatsApp
- Enhancing the security of WhatsApp calls
- Code Verify
- Safety tools
- Introducing secret code for Chat Lock
- Links from unknown contacts
- About spam and unwanted messages
- About suspicious links
- How to change group privacy settings on WhatsApp
- How to identify the official WhatsApp account
- How to stay safe on WhatsApp
- New Privacy Features: Silence Unknown Callers and Privacy Checkup
- Protecting yourself from scams
- Unauthorized use of automated or bulk messaging on WhatsApp
- WhatsApp white paper: How WhatsApp Fights Bulk Messaging and Automated Behavior
Report
The most important thing that anyone can do if they see something that violates our policies is report it to us. Reporting sends a signal to us that something is wrong, and helps improve the quality of your experience on our technologies in the long term. If you are a business, you can report ads or content that you believe harms your brand and violates our policies. You can report anything using these tools:
Hacked and compromised accounts
Keeping your account secure is our priority. We’re constantly evolving our technologies to make sure that your account is protected:
- Facebook: Any business can visit facebook.com/hacked to report a hacked account or a suspected impersonation.
- Instagram: People can report and resolve account access issues at instagram.com/hacked.
- WhatsApp: Follow these steps to protect or recover your account.
Impersonation and Brand Rights Protection
Our policies against impersonation apply to both Facebook and Instagram — people are not allowed to pretend to be someone that they are not, in order to mislead or deceive others. Creating impostor accounts is prohibited by our policies and these accounts are immediately disabled upon detection.
In 2024, we launched several new products to help protect businesses.
Celeb bait
Scams are an industry-wide threat that target people across the internet and in the world at large. They are the work of bad actors who often work across borders, who use automation and other tactics to intentionally attempt to circumvent our detection. This is a financially motivated, adversarial space with scammers continuously evolving their tactics - using different services, sites, and tactics, a mix of ads or organic posts to target people and moving from one platform to another.
Over the years, Meta has made significant investments — spending $20 billion in teams and technology to protect the safety and security of our platform since 2016 — including combating scams. We have developed a multi-faceted approach to protecting users from scams which includes policies and systems that prohibit or disrupt this type of behavior across our services; tools and features to help people report fraud and better protect themselves; education campaigns; and collaboration with law enforcement to ensure real-world consequences for these bad actors.
Meta has policies that prohibit fraudulent and deceptive ads, including ads and posts that use public figures to mislead people, also known as “celeb bait.” We know that if people have a negative experience on our services, they will not continue to use them. And, advertisers may be wary of advertising on our services if they contain harmful or spammy content. We have every business reason to combat scams.
We also know that not all ads that people dislike necessarily violate our policies, and this is especially true for celeb bait. There are many ads featuring or referencing public figures that are allowed. For example, news publisher content promoting journalism about public figures.
Our approach to celeb bait is focused on the following areas:
Stronger analysis
We’re getting better at understanding the common traits of these ads and are using our learning to improve our automated detection systems and make our teams of reviewers better.
- We’ve learned that in many cases, these ads use technology to show different content to our ad review systems than they do to people, a practice called cloaking.
- Many of the ads have click-baity features, or, when you click on the ad, it leads you to a website that’s unexpected (for example, an ad that looks like a news article but is really promoting a beauty product).
Improved enforcement
Scaled detection technology is important to prevent these ads. We’ve built additional detection models, specifically for celeb bait, that automatically incorporate what we have learned about the changing tactics used in ads to help us improve.
- For example, we’ve strengthened our enforcement of our Low quality or disruptive content ads policy to reject more ads that include clickbait - which we already know people want to see less of on Facebook and Instagram - since we know scammers frequently employ clickbaity features.
Creating real world consequences
We’re holding bad actors accountable under the law, and addressing the wider ecosystem of enabling services that facilitate attempts by malicious actors to abuse our systems and bypass our detection and enforcement measures. Learn more here:
Report/Transparency
- We encourage people to report this kind of behaviour if they see it by tapping the three dots in the top right corner of the ad. Even if the ad is running, people can still provide feedback if they think it violates our policies.
-
We’ve also recently taken efforts to increase transparency in advertising across our services, by making all active ads across Facebook and Instagram publicly visible in the Ad Library.
- The publicly-available Ad Library is viewable across dozens of countries to people even without a Facebook account and houses all active ads across Facebook and Instagram- not just those about social issues, elections or politics.
- From the Library, people can report ads. They can search by Page to see what ads the page is currently running and then filter them by country;
- We incorporate signals of negative feedback from people, such as people reporting, hiding, or blocking an ad, both from within the Feed as well as the Library
- This helps train our systems to get better at automatically detecting these ads before they go live.
Protecting intellectual property
We are deeply committed to protecting intellectual property (IP) rights across our technologies.
Tools
We’ve built tools to help brands take action to protect their IP.
- Rights holders can use these forms to report different types of content they identify, from individual posts, photos, videos or ads, to an entire profile, account, Page, group or event, if they believe these to be infringing in their entirety.
- Reports are processed by a team of trained professionals who provide around-the-clock coverage in multiple languages.
- If a report is complete and valid, the team promptly removes the reported content — typically within a day or less, and in many cases within a matter of hours.
- Reporters must log into their Facebook, Instagram or Business Manager account in order to access the Intellectual Property Reporting Center.
- Multiple people who are logged in under the same Business Manager account will be able to see reporting history for the entire business.
- The Intellectual Property Reporting Center will save time for people who regularly use our IP reporting forms.
We also have additional tools like Rights Manager, our copyright management tool, and the Intellectual Property Reporting API, which allows reporters to programmatically report IP infringement at scale.
Business resources
Keeping businesses, their accounts and people secure across our technologies is one of the most important responsibilities we have at Meta.
Business verification
We require many businesses to undergo verification to confirm the identities of the business and its representatives before they can use certain tools or features. We’ve designed our systems and verification requirements to reflect the varied sizes, complexities and audiences of the businesses and organizations that use our technology.
Verification requirements include activities such as:
- Confirmed Page Owner: verifies the authenticity of people or organizations who manage Pages with a large audience.
- Business verification: required for business app developers who want to use certain APIs.
- Authorization process: verifies the identity and location of advertisers who run ads about social issues, elections or politics, which are also required to include a “Paid for by” disclaimer.
- Audience Network is a service that allows mobile app developers to display ads in their apps from Facebook advertisers, and earn money. To screen suspicious app developers trying to onboard onto Audience Network, we require certain developers to go through Business Verification or Identity Verification.
- Meta Business Partners are companies Meta has vetted for their expertise in helping grow our customer’s business—from running ads, to selling products, to engaging with customers. We require all prospective Meta Business Partners (MBPs) to verify their business before promoting them to Badged Partners. The Meta Business Partner badge is awarded to companies who meet the highest standards of performance and service.
Increasing account access security
Accountability
At Meta, we will continue to invest time and resources to fight security risks, however businesses also have an important role to play in keeping their accounts protected. Some of the best practices to help protect your business and personal account include:
- Never share your login information
- Use strong passwords
- Use two-factor authentication
- Minimize saved login information
- Turn on notifications
- Report any unrecognized logins
- Use Security Checkup
- Regularly audit who has access to accounts
- Leverage anti-virus software
Other business resources
- Protecting businesses across Meta technologies
- Best practices for making Business Manager more secure
- How Page feedback and purchase experiences impact your ads
- Verify your business
- About business verification
- Troubleshoot why your business can't be verified
- Commerce eligibility requirements
- Helping keep businesses and their accounts secure across Meta technologies
- How do I report an impostor account?
News
Our library of tools and resources for scam prevention supports and reflects our policies. They outline what we do and don’t allow on our technologies, and have been thoughtfully created to help protect people and businesses.
These policies prohibit a wide range of harmful content types, including fraud and deception — content that purposefully deceives, willfully misrepresents or otherwise defrauds or exploits others for money or property.
- New Features and Additional Transparency Messures as the Digital Services Act Comes Into Effect
- Designing Account Security Across Our Apps
- Keeping Our Reviews Authentic and Trustworthy
- How We Keep Our Technologies Safe and Secure for Businesses
- Code Verify: An open source browser extension for verifying code authenticity on the web
- Ensuring a Safe and Trusted Shopping Expriences for Our Community
- Combating E-Commerce Scams and Account Takeover Attacks
- Increasing Transparency and Control for People
- Addressing Cloaking So People See More Authentic Posts
- Verification Requirements for New Advertisers
- New Tools to Help Protect Against Sextortion and Intimate Image Abuse
