Social Media Account Recovery Phishing

How This Attack Works

Attackers send emails or DMs impersonating Facebook, Instagram, TikTok, or YouTube claiming the victim's account will be permanently deleted due to a policy violation or copyright strike. The appeal link leads to a fake platform login page that captures credentials and sometimes phone numbers for 2FA interception.

Red Flags to Watch For

• ✗
  Sender is not from an official @meta.com, @facebook.com, or @instagram.com address
• ✗
  Appeal link does not go to the platform's official domain
• ✗
  Email threatens permanent account deletion within 24–48 hours
• ✗
  The page requests your password to "file an appeal"
• ✗
  Copyright or policy violation mentioned refers to content you do not recognize
• ✗
  A two-factor code is requested on the fake page — enabling real-time account hijack

Known Malicious Domains

These domains have been associated with this attack. Never click links going to these addresses.

• facebook-appeal-form.comMALICIOUS
• instagram-account-disabled.netMALICIOUS
• meta-policy-violation-appeal.comMALICIOUS
• tiktok-account-suspended.netMALICIOUS

Glance automatically blocks emails from domains on this list. Domain list is not exhaustive — attackers register new domains continuously.