There are several phishing scams active on Facebok right now pretending to be Facebook Security. In case you don’t know what a phishing scam is, it is an attempt to acquire sensitive information such as usernames, passwords and credit card details by masquerading as a trustworthy entity in an electronic communication. – Wikipedia
Typical messages state that the user has violated a policy, has been reported for abuse or harassment or has logged in from an unknown location.
Some of the scams redirect users to pages that look like Facebook:
Others use third party Facebook applications that contain verification forms for the user to input his or her Facebook login credentials. Some even go so far as to ask for a credit card number for account verification.
Here are some facts to keep in mind:
- Facebook is never going to ask you to verify your account with a credit card.
- Facebook will never use a third party Facebook application (http://apps.facebook.com/_application_name_here) to verify your account.
- Just because the message contains the link to the real “Facebook Security” page doesn’t mean the message came from Facebook.
- Facebook may prompt you to login if the computer or ip address is not recognized.
If you are asked to login to verify your account, just be sure that you are on Facebook by looking in your web browser’s address bar. It is also a good idea to bookmark the Facebook login screen. If you ever receive a questionable notification or login prompt, all you have to do is access Facebook via the bookmark just to make sure you haven’t been scammed.
The Facebook message looks something like this:
Your account is reported to have violated a policy that is considered disruptive or insulting Facebook users. Until we http://www.facebook.com/security system will deactivate your account within 12 hours after you open this message if you do not confirm such reproductions.
If you still want to use your account, please confirm your facebook account below:
(If the link is not clickable, try copy it into your browser.)
Note: we recommend to facebook users, asked to filling data that are complete and very accurate because we are from http://www.facebook.com/security team can ensure that the ownership of the account actually exists in your control and no that is using your Facebook account without permission.
Facebook Security ™
Notice how the scammers are using the authentic link to Facebook Security to make the ruse appear more legit. One BIG, red flag is that the verification link is to a third party Facebook application. We tried to follow the link, but this particular application has been removed by Facebook. You can be sure there are others that are active and in use.
The scam likely sends the users to an application similar to the one shown below:
This image is from another phishing scam we uncovered earlier this year. Click here to read more about it.
If a user submits their Facebook login credentials, then the scammer will have complete control over their account. They can access their personal information to try and steal their identity, they can send bogus messages to their friends stating that they are in trouble and please send money, they can send links to other scams to all of the victim’s Facebook friends….the opportunities for misuse and exploitation are endless!
How to Deal with the Scam:
If you entered your Facebook login credentials on the scam page, then you need to try to reclaim your account. Check out the following article for additional steps you should take:
Be sure to let your Facebook friends know that your account has been compromised and not to click on any links that are sent from you.
If you or your Facebook friends are falling for tricks like this, it’s time to get yourself informed of the latest threats. Be sure to join the Facecrooks page on Facebook to be kept informed of the latest security issues. Also check out: