Skip to main content

Scam Alert: Spam Messages from “Guest” Accounts on Facebook Business Pages

By January 17, 20245 min read

Are you seeing messages in your Facebook business page’s inbox from users like: “Guest 5837” or “Guest 3588?” You’re not alone. It’s part of a new feature rollout from Meta that’s, so far, leading to an uptick in spam messages for many business pages. Here’s what’s going on and how to respond and/or adjust your page settings accordingly.

How It Works 

Meta recently rolled out a chat plugin that allows Facebook business pages to receive messages from guest accounts. What’s a guest account, exactly? According to Meta, guest users receive temporary Facebook accounts they can use to send and receive direct messages. Stated another way, users don’t need to be logged into Facebook–or have an account at all–in order to send a Facebook chat message to a Facebook business page. The guest chat opens when a user who is not signed into their profile submits a message to a business page; the chat ends or closes when the user decides to end it, or 24 hours after there is no longer activity in the chat.

Unfortunately, the ability to anonymously send messages using Facebook chat is creating opportunities for scammers to spam business pages in a new way. This is happening on the heels of another scam that claims your Facebook page has been disabled.

The post includes a link to a page that asks for some of your personal information in an interface that closely mimics Facebook’s colors and design, so you think you’re providing your info to Facebook. The prompted information typically includes your account’s login information, but can also include personal data, passwords, and other sensitive info.  

If you click on the name of the page, which in this case is usually phrased as a notification might be, you’ll find an actual page that’s been set up under that name. The profile picture is a common flag graphic or warning icon (adding to the deception that this is a notification rather than an actual page). You may be able to see other posts that the fake account has published tagging other individuals or businesses similarly. 

Here’s an example of a spam message from a guest user to a Facebook business page. 

How You Know It’s a Scam

It’s important to note that not all Facebook guest messages are necessarily spam. Some users may be legitimately reaching out for a legitimate reason. Here are some signs that the message in your inbox is spam:

  • Errors
    Typos, spelling errors, grammar issues, and just overall awkward language are all red flags. Proceed with caution if you see these in a message.
  • Urgency
    Scammers often use urgency to stress out their targets, forcing them to act quickly without thinking critically and generally against their better judgment. Be cautious.
  • Links
    Always be cautious about links. Look at them closely for letters that are reversed, slightly off, or typoed. Do not click on anything you’re unsure about.
  • Prizes & Money
    Verbiage about cryptocurrency, trading, making cash, claiming cash or other winnings or prizes should always be cause for pause.

What To Do 

First, avoid clicking or following any links. Second, size up the message and determine if it’s legitimate. Escalate anything that appears to have one of more of the above telltale signs of a scam to the appropriate individual(s) within your organization. If you did happen to already click the link, don’t do anything else. Definitely do not put in your credit card or payment information. Lastly, open the dot menu at the top of the message and select: Move to Spam.

How to Block Guest Accounts from Messaging Your Page

If you want to prevent these types of guest users from being able to message your Facebook business page moving forward, there’s a way to do that. If you’re in an industry like banking and financial services, keep in mind that compliance may need to be consulted or notified, though this likely does not present issues because customers and the public remain able to contact you through various other channels.

  1. From the inbox screen, select the settings icon.
  2. From the menu at left, select Chat Plugin.
  3. Choose Customize your Chat Plugin to expand the menu options.
  4. Toggle the Guest Chat function off.
Facebook business pages can block messages from guest accounts in the inbox settings panel in Meta Business Suite.

Protect Yourself 

Be sure to take a look at user access for your Facebook business page regularly. That is, who has access and at what level, ensuring that access is aligned with roles and responsibilities. Securing your accounts with compliant systems and processes that centralize access to all your social media pages (across channels) can help keep things secure and streamlined. This makes it easier to draft and deploy policies around social media and compliance, protect your accounts, and respond to updates from major social platforms like this one. It also ensures that your teams have the information they need to make the right call in the face of feature updates and changes, and that they’re in the know about scams.

Interested in learning more about securing your social media accounts? Social Assurance can help. Our Marketing Platform is designed specifically for community banks, credit unions, and financial brands–helping you create, publish, and monitor marketing content–including direct integrations with all major social media channels–securely and compliantly. Connect with us at or follow the link below to learn more.

Zach Way

Raised around banking, Zach Way found his calling creating social content for financial institutions. Zach is an avid chino wearer who plays golf and religiously follows the NBA.