You’re probably seeing this message (see image below), nearly verbatim, pop up in your Facebook DMs. This is NOT Facebook communicating with you — it’s a scammer intent on phishing and data mining your account.

Facebook will NEVER send a DM to you (and certainly not as “Guest …”). Instead Facebook will communicate with you (or rather, their bots will) via the email address attached to your account or a notice will be added under the Notifications (the blue bell icon) icon/button at the top of  your account page. PERIOD, no exceptions. It’s hard enough to connect with a human at Facebook, so they aren’t likely to strike up a conversation with you via Messenger.

Whatever you do, do NOT click any link within the body of these DMs. In fact, even if Facebook sends a legitimate email to you, just go to Facebook directly via your browser and log in there. That’s a rule of thumb to stick to regardless of any email sent to you by a ‘trusted’ source.

About these bogus DMs. What they want you to do is click the link in the message where you’ll encounter a login screen that might look very much like Facebook’s login page. This is how the scammers will capture your login information — username AND password. They may even change your password and lock you out of your account. What they also want to do is steal any credit card or bank information you have attached to your Facebook account. They might also use your account to send Friend requests so that they can plunder your Friends’ information too. The amount of damage these scammers can wreak by hijacking your Facebook account will make your head spin.

If you look closely at this particular bogus DM, you’ll notice, in the URL mentioned, “vercel.app.” This is likely an app created specifically to post something to your Facebook Wall, and those of your Friends’ Walls because you’ve “granted” permission for them to do so. And, of course, you will have no control whatsoever over what is automatically posted. From a post in Quora:

The Vercel Facebook viral method is a growth hacking technique used by some websites and apps to quickly gain a large number of users through Facebook. Here’s how it works:
1. A user signs up or logs in to the website or app using their Facebook account.
2. The website or app requests permission to access the user’s Facebook profile.
3. Once the user grants permission, the website or app automatically posts a message on the user’s Facebook wall or timeline, announcing that they have signed up for the website or app.
4. The post includes a link back to the website or app, which can be seen by the user’s Facebook friends.
5. Some of the user’s Facebook friends may click on the link, visit the website or app, and sign up themselves.
6. This process can then repeat itself as the new users grant permission for the website or app to post on their Facebook walls.

The Vercel Facebook viral method is designed to quickly and organically spread the word about a website or app through social media. However, it can be controversial as some users may feel uncomfortable with the automatic posting of messages on their Facebook walls, and it may not comply with Facebook’s terms of service. It is important to use this technique responsibly and ensure that users are aware of what information is being shared on their behalf.

Scammers are sending these DMs out multiple times, so beware! Unfortunately merely blocking these pathetic scumbags won’t work because they are DM-ing you as “Guest,” and even if it appears the offending DM is originating from an actual account, blocking that account is fine — but understand that they will simply create more ‘burner’ Facebook accounts and you’ll spend much of your time blocking those. Sometimes the best course of action is to delete and ignore. Whatever you do, DO NOT communicate with them. Hopefully, over time, they’ll give up and move on.