Man logging in on website - phishing
Home Facebook Related Facebook Account Reported Phishing Scam

Facebook Account Reported Phishing Scam

by Brett M. Christensen

Outline

Message purporting to be from Facebook claims that the recipient’s Facebook account has been reported for annoying or insulting other users and will be disabled if he or she does not confirm account details within 24 hours. 

Brief Analysis

The message is not from Facebook. It is a phishing scam designed to steal the user’s Facebook and webmail login details as well as credit card numbers and other personal details. If you receive this message, do not click any links that it contains.

Example

LAST WARNING : Your account is reported to have violated the policies that are considered annoying or insulting Facebook users. Until we system will disable your account within 24 hours if you do not do the reconfirmation.

Please confirm your account below:

[Link Removed]

Thanks.
The Facebook Team
Copyright facebook © 2011 Inc. All rights reserved.</div

Detailed Analysis

Many Facebook users are currently receiving messages like the example shown above. The messages claim that the user’s Facebook account has been reported for policy violations, specifically, annoying or insulting other Facebook users.

The user is instructed to follow a link in the message in order to carry out an account “reconfirmation”. According to the message, which purports to be from “The Facebook Team”, the user’s account will be disabled if he or she does not confirm the account within 24 hours. 

However, the message is certainly not from Facebook and the claim that the user’s account has been reported is untrue. In fact, the message is a phishing scam designed to trick users into divulging their personal and financial information to Internet criminals. Those who fall for the ruse and click the link will be first taken to a fake Facebook “Account Disabled” web form that asks them to provide Facebook login details and part of their credit card number. The bogus form is shown in the screenshot below:

Fake Facebook Login page

Once the victim has completed this bogus form, he or she is then taken to a second fake form that asks for webmail login details:

Fake Webmail login

Once the requested Webmail details are provided, the user is taken to a third bogus form that asks for a username and – again – the first 6 digits of the user’s credit card number:

Fake Facebook terms of service message

All of the information provided on the bogus forms can be collected by the criminals operating the scam. Once armed with this information, the scammers can hijack the user’s real Facebook account and, posing as the account holder, send more scam messages to the victim’s Facebook friends. They can similarly hijack the victim’s webmail account and use it to send further scam and spam messages. Once they have hijacked these accounts, the scammers are likely to lock their victims out by changing account passwords and email addresses.

They may also use the stolen credit card information to delve further into their victim’s financial information with a view to conducting more fraudulent activities and identity theft.

There have been several variations of this scam over recent months. While the backstories used by the scammers may vary considerably, all are intended to trick users into supplying account login details and other personal and financial information to cybercriminals.

Another recent version, which purports to be an alert from Facebook Security, claims that the recipient’s Facebook account may have been compromised and that he or she must follow a link to verify account details within 12 hours or risk having the account permanently suspended.

Users should be very cautious of any message that asks them to follow a link to verify account information even if it looks like a genuine Facebook message and the link leads to a page that looks like the genuine Facebook website. Always login to your Facebook account directly via your web browser rather than by following a link in an email or chat message.

Such scams can often be identified by examining the link in the messages. The links are not genuine Facebook web addresses. The scams are often characterized by poor or unusual grammar and spelling.



Since you’ve read this far…

…can I ask you for a big favour?

To enhance your privacy and security and offer you a better user experience, Hoax-Slayer is now ad-free. To keep the site online, I now rely on voluntary contributions from site visitors along with commissions from a few trusted products and services that I promote via reviews on the site.

If you found the above report useful, please consider supporting Hoax-Slayer by making a donation. Any amount you can give will be greatly appreciated.

You can donate using your credit card via the form below. Donations are collected securely via the online payment service Stripe. Stripe uses state of the art security to keep your data safe.

Thank-you.
Brett Christensen