According to this message, which appears to come from ‘Content Reviews’ at Facebook, forbidden content and suspicious activity have been discovered in your Facebook account.
The message warns that because of this forbidden content, your account is at risk of being closed. It requests that you click a link to perform an ‘Instant Verification’ to deal with the issue.
However, the message is certainly not from any Facebook content review entity. Instead, it is a phishing scam designed to steal your Facebook account login credentials, your credit card details, and other personal information.
If you fall for the ruse and click the link in the message, you will be taken to a fraudulent website designed to look like a real Facebook page that asked you to update your security information, ostensibly as a means of providing evidence that your account is authentic.
The page asks for your account password and security answer as well as your name and contact details:
If you supply the requested information and click the ‘Protect Your Account’ button, you will be taken to a second fake page that asks you to provide your credit card details and billing address information:
After supplying this information, you will receive a final message claiming that the update process has now been completed.
Meanwhile, the criminals responsible for the attack can use the stolen information to hijack your Facebook account and use it to send copies of the scam message to all of your friends. The criminals will change your Facebook name to ‘Content Reviews’, ‘Facebook Admin’, or a similar name designed to make their fake messages seem more authentic.
The scammers can also use your credit card details to commit fraudulent transactions in your name. And, armed with the personal and financial information they have gathered, they may also be able to steal your identity.
Facebook phishing campaigns like this one are very common. Be wary of any Facebook message or email that claims that you must click a link to update account details or verify your information.
It is always safest to login to your Facebook account by entering the account address into your browser’s address bar or via a legitimate Facebook app.