Facebook Displayed on Smart Phone
Home Bogus Warnings ‘New Way to Hack Your Face Book’ Warning Message

‘New Way to Hack Your Face Book’ Warning Message

by Brett M. Christensen

Outline

Message circulating on Facebook warns users to watch out for notifications that say a friend has commented on your status because links in the notifications lead to a fake Facebook page that will steal login details.

Brief Analysis

There are no credible reports about a current phishing attack with the characteristics described in this “warning” message. Facebook’s built-in notification system can no longer be exploited by phishing scammers in the way suggested in the warning. Thus, the message has no real merit as a warning. However, Facebook users should certainly be aware that scammers have often used bogus Facebook emails as a way of enticing people to hand over their login details on fraudulent websites designed to look like real Facebook pages.

Example

HACKER ALERT!!!!!!!!!!!!!!!!!!!!!!!!

THERE IS A NEW WAY TO HACK YOUR FACE BOOK. A NOTIFICATION WILL BE SENT TO AND SAY THAT ONE OF YOUR FRIENDS HAS COMMENTED ON YOUR STATUS, IT WILL OPEN A NEW PAGE & TELL YOU TO RE-ENTER YOUR FACE BOOK USER NAME & PASSWORD. CAUTION!! THIS PAGE LOOKS JUST LIKE YOUR FACE BOOK LOGIN PAGE, SO BE ON THE LOOKOUT!! PLEASE RE-POST THIS!! BE AWARE FRIENDS 🙂

New Way To Hack Facebook Bogus Warning

 

Detailed Analysis

This urgent-sounding, ALL CAPS “hacker alert” has been circulating continually around Facebook since at least January 2011.

The message warns users of a “new way” to hack Facebook accounts. According to the message, you should watch out for Facebook notifications that inform you that a friend has commented on your status because clicking the link in the notification will open a fake Facebook page designed to steal your login details.

The message exhorts users to pass on the information to make others aware of the supposed new threat.

However, the message is too vague and misleading to have any real merit as a warning. Firstly, by its use of the word “notification”, the warning implies that the malicious messages are being sent via Facebook’s own onsite notification system. However, while at one point rogue Facebook applications could make malicious use of the Facebook notification system, this ability has long since been restricted. Thus, it is not possible for scammers to use Facebook’s notification system for phishing attacks like the one described in the “warning”.

Secondly, although the warning has now been circulating continually for several months, there are no credible security alerts about a phishing attack with the characteristics of the one described in the message. While the warning has popped up over and over again all across Facebook for months, no believable reports about actual instances of the supposed attack have surfaced.

Thus, sending on such an outdated and inaccurate warnings will not help Facebook users stay secure. In fact, such pointless warnings do nothing more than clutter Facebook newsfeeds with even more useless information.

That said, users should certainly be aware that scammers have repeatedly used phishing attacks designed to steal their Facebook login details and such attacks are likely to continue. Often, such attacks are conducted via phishing scam emails. The emails, which are designed to closely resemble genuine Facebook messages, try to entice recipients to follow a link. Those who do follow the links will be taken to a bogus website designed to look like the genuine Facebook login page. If a user proceeds to log in on the bogus site, scammers can then collect his or her login credentials and hijack his or her real Facebook account.

As a security precaution, Facebook users should be cautious of following links in emails even if they appear to be genuine Facebook messages. And, when logging on to Facebook, users should check the web address to make sure they are on the real Facebook site and not a fake, look-a-like phishing site.

But, again, while Facebook phishing attacks are certainly real, sending on misleadingly inaccurate, hopelessly outdated and overly “urgent” warnings about them will do no good whatsoever. To have any merit as a security warning a message needs to contain accurate, detailed, verifiable and up-to-date information. Otherwise, they are likely to do more harm than good.

Importance Notice

After considerable thought and with an ache in my heart, I have decided that the time has come to close down the Hoax-Slayer website.

These days, the site does not generate enough revenue to cover expenses, and I do not have the financial resources to sustain it going forward.

Moreover, I now work long hours in a full-time and physically taxing job, so maintaining and managing the website and publishing new material has become difficult for me.

And finally, after 18 years of writing about scams and hoaxes, I feel that it is time for me to take my fingers off the keyboard and focus on other projects and pastimes.

When I first started Hoax-Slayer, I never dreamed that I would still be working on the project all these years later or that it would become such an important part of my life. It's been a fantastic and engaging experience and one that I will always treasure.

I hope that my work over the years has helped to make the Internet a little safer and thwarted the activities of at least a few scammers and malicious pranksters.

A Big Thank You

I would also like to thank all of those wonderful people who have supported the project by sharing information from the site, contributing examples of scams and hoaxes, offering suggestions, donating funds, or helping behind the scenes.

I would especially like to thank David White for his tireless contribution to the Hoax-Slayer Facebook Page over many years. David's support has been invaluable, and I can not thank him enough.

Closing Date

Hoax-Slayer will still be around for a few weeks while I wind things down. The site will go offline on May 31, 2021. While I will not be publishing any new posts, you can still access existing material on the site until the date of closure.

Thank you, one and all!

Brett Christensen,
Hoax-Slayer