Phishing Hook on Laptop
Home Facebook Related Facebook ‘Misuse of Your Account’ Phishing Scam

Facebook ‘Misuse of Your Account’ Phishing Scam

by Brett M. Christensen

Outline:
Warning sent via Facebook’s messaging system claims that there have been reports from other users about the misuse of your Facebook account and your account will therefore be deactivated if you do not click a link to confirm your details.



Brief Analysis:
The email is a phishing scam sent via a compromised Facebook account. The scam is designed to trick you into giving your Facebook account email address and password, your credit card details, and other sensitive personal information to cybercriminals.

Example:

WARNING
Our system has received the reports from the other users about the misuse of your account and that may cause your account will be deactivated.
The user gets this warning because misusing one of our features.
To confirm your account, please visit:
[Link removed]
If you do not confirm, your account is automatically deactivated permanently.
Thanks,
The Facebook Ads Team

Facebook misuse of account phishing scam





Detailed Analysis:
According to this ‘warning message’, which purports to come from the Facebook Ads Team and is sent via Facebook’s own messaging system, there have been reports from other users about the misuse of your account. Because of these misuse reports, claims the message, you account will be deactivated unless you click an account recovery link and confirm your details.

However, the message is certainly not an official Facebook warning and it was not sent by the Facebook Ads Team or any other Facebook admin staff member.  Instead, the message is a phishing scam designed to steal your Facebook account login details.

If you click the ‘account recovery’ link in the message, you will be taken to a fake Facebook login page and asked to enter your account email address and password. Once you have supplied your login information, you will be taken to a second page that asks for your webmail address and password, your birthday and location, your phone number, and a security question and answer.

Via the next fake form, you will be asked to submit all of your credit card details and your full address.  After you click the final submit button, all of your information can be collected by criminals who will use it to commit credit card fraud in your name and attempt to steal your identity.

The criminals can also hijack your webmail account and use it to launch further scam and spam campaigns in your name.

And, since the criminals now have your Facebook login details, they can now take over your account and lock you out. Once they gain access to your account, they can use it to send scam messages just like the one above to all of your Facebook friends.

This type of Facebook phishing attack is very common and there have been many versions in recent years.

Be very wary of any email, Facebook message, Facebook post or Facebook Page that claims that your account will be disabled if you do not click a link and confirm or update your details. Many of the messages claim to be from an official Facebook entity such as Facebook Security, Facebook Admin, or the Facebook Ads Team. Keep in mind that Facebook will never send you a message that threatens account deactivation if you do not click a link and supply personal information.

If Facebook requires information from you or needs you to deal with an account issue, you will most likely be informed of this after you login to your account. Always login to your Facebook account by entering the address into your browser’s address bar or via a legitimate Facebook app.




Last updated: March 11, 2016
First published: March 11, 2016
By Brett M. Christensen
About Hoax-Slayer

References
Your Account Will Disable’ Facebook Phishing Scam
Phishing Scam – ‘Account Reported for Annoying and Insulting Facebook Users’
Facebook Team Security Phishing Scam – ‘Last Warning – Your Account Will Be Disabled’