Stealing username and password - phishing scam
Home Facebook Related Alert From Facebook Security Team Phishing Scam

Alert From Facebook Security Team Phishing Scam

by Brett M. Christensen


Message, purporting to be from the Facebook Security Team, claims that the recipient’s Facebook account may have been compromised and that he or she must follow a link to verify account details within 12 hours or risk having the account permanently suspended. 

Brief Analysis

The message is a phishing scam designed to steal Facebook and webmail account login details and other personal information from recipients. Note that there are several versions of these scam messages currently being distributed. The wording of the messages may vary.


Subject: Did you log into Facebook from somewhere new?

Dear [Username removed]

Your Facebook account was recently logged into from a computer, mobile device or other location you’ve never used before. We have reviewed your account activity, and we get information about possible unauthorized access to your Facebook. We have provided a warning to you via email, but you do not respond to our notification.

“Your account was accessed from a new location : Anonymous Proxy.”

If you are not signing into your Facebook account from “Anonymous Proxy”, your Facebook account may have been compromised. We recommend immediately verify your account by carefully on the link below to protect your Facebook account. It may take a few minutes of your time to complete your data.

Please be sure to visit the Facebook Service Account for further information regarding these security issues.
[link to scam page removed]
Note : If within 12 hours, you have not verified your account, then you have ignored our notifications. Therefore, your account is permanently suspended, and will not be reactivated for any reason.

Facebook Security Team


Detailed Analysis

This message, which purports to be from the “Facebook Security Team”, warns the recipient that his or her Facebook account may have been compromised. According to the message, the account was recently logged into from a computer, mobile device or other location that the user has not previously used, and the account was therefore flagged because of a possible unauthorized access.

The message urges the recipient to click a link in order to verify the account. It also bluntly warns that, if the verification is not completed within 12 hours, the recipient’s Facebook account will be “permanently suspended, and will not be reactivated for any reason”. 

However, the message is certainly not an official Facebook security notification. Instead, it is a phishing scam designed to steal personal information from users. Users who fall for the ruse and click the link in the message will be taken to a bogus Facebook page where they are asked to enter their Facebook login details along with other personal information, as shown in the following screenshot:

Facebook Security Phishing Scam First Form

Once they have entered the requested information, they are then presented with a second fake form that asks them to provide their webmail login details:

Facebook Security Phishing Scam Second Form

Finally, users are presented with yet another page that informs them that the verification process is complete:

Facebook Security Phishing Scam Verification Message

In reality, all of the information entered into the bogus forms can be collected by Internet criminals. Armed with this information, the scammers are able to hijack both the Facebook account and the webmail account used by their victim and use these hijacked accounts to conduct further fraudulent activities. They may also be able to use other private information collected on the bogus forms along with information stolen from within the hijacked accounts to steal their victim’s identity and commit credit card fraud.

Be very cautious of any message that asks you to follow a link to verify account information even if it looks like a genuine Facebook message and the link leads to a page that looks like the genuine Facebook website. Always login to your Facebook account directly via your web browser rather than by following a link in an email.

Note also that there are several versions of these scam messages currently being distributed. The actual wording of the messages may vary somewhat from the example shown above.

Importance Notice

After considerable thought and with an ache in my heart, I have decided that the time has come to close down the Hoax-Slayer website.

These days, the site does not generate enough revenue to cover expenses, and I do not have the financial resources to sustain it going forward.

Moreover, I now work long hours in a full-time and physically taxing job, so maintaining and managing the website and publishing new material has become difficult for me.

And finally, after 18 years of writing about scams and hoaxes, I feel that it is time for me to take my fingers off the keyboard and focus on other projects and pastimes.

When I first started Hoax-Slayer, I never dreamed that I would still be working on the project all these years later or that it would become such an important part of my life. It's been a fantastic and engaging experience and one that I will always treasure.

I hope that my work over the years has helped to make the Internet a little safer and thwarted the activities of at least a few scammers and malicious pranksters.

A Big Thank You

I would also like to thank all of those wonderful people who have supported the project by sharing information from the site, contributing examples of scams and hoaxes, offering suggestions, donating funds, or helping behind the scenes.

I would especially like to thank David White for his tireless contribution to the Hoax-Slayer Facebook Page over many years. David's support has been invaluable, and I can not thank him enough.

Closing Date

Hoax-Slayer will still be around for a few weeks while I wind things down. The site will go offline on May 31, 2021. While I will not be publishing any new posts, you can still access existing material on the site until the date of closure.

Thank you, one and all!

Brett Christensen,