Home Facebook Related Facebook Deactivated Account Spam

Facebook Deactivated Account Spam

by Brett M. Christensen

Outline
Message purporting to be from Facebook, claims that the user’s Facebook account has been deactivated and urges him or her to follow a link to reactivate the account. 

Brief Analysis
The message is not from Facebook and the recipient’s account has not been deactivated as claimed. The message is in fact an attempt to promote a dubious “Online Drugstore” that peddles pharmaceutical products and may attempt to steal credit card information via bogus order forms. Clicking the “reactivate” link in the message opens the pharmaceutical spam website. Links in some of the bogus emails may lead to a version of the pharmaceutical website that is known to host malware.

Example

Subject: You have deactivated your Facebook account

Hi,

You have deactivated your Facebook account. You can reactivate your account at any time by logging into Facebook using your old login email and password. You will be able to use the site like you used to.

Thanks,
The Facebook Team

Sign in to Facebook and start connecting
Sign In
To reactivate, follow the link below:
[Link to bogus website removed]

Detailed Analysis
This message, which purports to be from social networking website Facebook, claims that the recipient has deactivated his or her Facebook account. The message instructs users to follow a link to login to Facebook if they wish to reactivate their account.

However, the message is not from Facebook and the claim that the recipient’s Facebook account has been deactivated is untrue. In fact, the message is seemingly an attempt to peddle pharmaceutical products from a dubious “online drugstore” and, in some instances, to trick users into downloading malicious software. Clicking the “reactivate” link in the bogus email opens one of several identical “cloned” versions of the same pharmaceutical website that are hosted on different servers. Several alternate web addresses are used in different versions of the bogus emails, although all of the links lead to an instance of the same cloned website. The links in the message are disguised so that they appear to point to a genuine Facebook login page. At least one of these links opens a version of the pharmaceutical website that has been flagged by Google as being a host for malware, including scripting exploits and trojans. 
At first glance, this email looks like a classic phishing scam. However, it is a little different to “normal” Facebook phishing scams in that it does not directly attempt to trick users into submitting their login details and other information via a fake Facebook login page. Instead, it apparently tries to entice recipients into visiting the online drugstore site in the hope that they will attempt to purchase products, or in some cases, inadvertently infect their computers with malicious software. Dubious online drug sites such as these may also steal credit card and other information from users via bogus order forms. The “order form” on the pharmacy website included in these spam emails is not even a secure (https) page even though it asks for credit card details and other personal information. No legitimate online store would ask for credit card details via an unsecure form.

If you receive this email, do not click on any links in the message. Even if clicking the link apparently only opens a spammy but superficially benign pharmaceutical website, the site may actually harbour hidden malware that can infect your computer. The site may also attempt to steal credit card details if you actually try to purchase products. In any case, buying drugs from the online pharmacy websites that are willing to promote themselves via spamming and other underhand tactics is certainly not recommended. Even if you actually receive the product your order, there is no guarantee that it will actually contain the medication that you think it does. Taking such medication may be dangerous and illegal. And you may find that your credit card and other details have been harvested by criminals via the site’s bogus order form.

Moreover, it is important to keep in mind that phishing scammers regular use very similar tactics to trick users into submitting their login details and other personal and financial information via bogus websites or fraudulent forms attached to the scam emails. Be cautious of any email that claims that the account you hold with a company or online service has been suspended or deactivated. If you receive such an email, do not follow any links in the message or open any attachments that it may contain.



Importance Notice

After considerable thought and with an ache in my heart, I have decided that the time has come to close down the Hoax-Slayer website.

These days, the site does not generate enough revenue to cover expenses, and I do not have the financial resources to sustain it going forward.

Moreover, I now work long hours in a full-time and physically taxing job, so maintaining and managing the website and publishing new material has become difficult for me.

And finally, after 18 years of writing about scams and hoaxes, I feel that it is time for me to take my fingers off the keyboard and focus on other projects and pastimes.

When I first started Hoax-Slayer, I never dreamed that I would still be working on the project all these years later or that it would become such an important part of my life. It's been a fantastic and engaging experience and one that I will always treasure.

I hope that my work over the years has helped to make the Internet a little safer and thwarted the activities of at least a few scammers and malicious pranksters.

A Big Thank You

I would also like to thank all of those wonderful people who have supported the project by sharing information from the site, contributing examples of scams and hoaxes, offering suggestions, donating funds, or helping behind the scenes.

I would especially like to thank David White for his tireless contribution to the Hoax-Slayer Facebook Page over many years. David's support has been invaluable, and I can not thank him enough.

Closing Date

Hoax-Slayer will still be around for a few weeks while I wind things down. The site will go offline on May 31, 2021. While I will not be publishing any new posts, you can still access existing material on the site until the date of closure.

Thank you, one and all!

Brett Christensen,
Hoax-Slayer