Outline
Message purporting to be from Facebook, claims that the user’s Facebook account has been deactivated and urges him or her to follow a link to reactivate the account.
Brief Analysis
The message is not from Facebook and the recipient’s account has not been deactivated as claimed. The message is in fact an attempt to promote a dubious “Online Drugstore” that peddles pharmaceutical products and may attempt to steal credit card information via bogus order forms. Clicking the “reactivate” link in the message opens the pharmaceutical spam website. Links in some of the bogus emails may lead to a version of the pharmaceutical website that is known to host malware.
Example
Subject: You have deactivated your Facebook account
Hi,
You have deactivated your Facebook account. You can reactivate your account at any time by logging into Facebook using your old login email and password. You will be able to use the site like you used to.
Thanks,
The Facebook Team
Sign in to Facebook and start connecting
Sign In
To reactivate, follow the link below:
[Link to bogus website removed]
Detailed Analysis
This message, which purports to be from social networking website Facebook, claims that the recipient has deactivated his or her Facebook account. The message instructs users to follow a link to login to Facebook if they wish to reactivate their account.
However, the message is not from Facebook and the claim that the recipient’s Facebook account has been deactivated is untrue. In fact, the message is seemingly an attempt to peddle pharmaceutical products from a dubious “online drugstore” and, in some instances, to trick users into downloading malicious software. Clicking the “reactivate” link in the bogus email opens one of several identical “cloned” versions of the same pharmaceutical website that are hosted on different servers. Several alternate web addresses are used in different versions of the bogus emails, although all of the links lead to an instance of the same cloned website. The links in the message are disguised so that they appear to point to a genuine Facebook login page. At least one of these links opens a version of the pharmaceutical website that has been flagged by Google as being a host for malware, including scripting exploits and trojans.
To enhance your privacy and security and offer you a better user experience, Hoax-Slayer is now ad-free! Can you help us stay online?
If you receive this email, do not click on any links in the message. Even if clicking the link apparently only opens a spammy but superficially benign pharmaceutical website, the site may actually harbour hidden malware that can infect your computer. The site may also attempt to steal credit card details if you actually try to purchase products. In any case, buying drugs from the online pharmacy websites that are willing to promote themselves via spamming and other underhand tactics is certainly not recommended. Even if you actually receive the product your order, there is no guarantee that it will actually contain the medication that you think it does. Taking such medication may be dangerous and illegal. And you may find that your credit card and other details have been harvested by criminals via the site’s bogus order form.
Moreover, it is important to keep in mind that phishing scammers regular use very similar tactics to trick users into submitting their login details and other personal and financial information via bogus websites or fraudulent forms attached to the scam emails. Be cautious of any email that claims that the account you hold with a company or online service has been suspended or deactivated. If you receive such an email, do not follow any links in the message or open any attachments that it may contain.
Since you’ve read this far…
…can I ask you for a big favour?To enhance your privacy and security and offer you a better user experience, Hoax-Slayer is now ad-free. To keep the site online, I now rely on voluntary contributions from site visitors along with commissions from a few trusted products and services that I promote via reviews on the site.
If you found the above report useful, please consider supporting Hoax-Slayer by making a donation. Any amount you can give will be greatly appreciated.
You can donate using your credit card via the form below. Donations are collected securely via the online payment service Stripe. Stripe uses state of the art security to keep your data safe.
Thank-you.
Brett Christensen