Debunking email hoaxes and exposing Internet scams since 2003!

Hoax-Slayer Logo Hoax-Slayer Logo

DividerDivider
Home    About    New Articles    RSS Feed    Subscriptions    Contact
DividerDivider


Site Navigation



Facebook Account Locked Due to Malware Warning

Outline
Message circulating on Facebook warns users not to click on a popup window advising that their Facebook account has been temporarily locked because malware has been detected on their computer. According to the message, clicking "continue" on the popup will install a virus that will wipe out the user's computer.



Brief Analysis
The claims in the warning are untrue. In fact, the popup message is a legitimate Facebook feature designed to help users rid their computers of malicious software. Clicking the "Continue" button will take the user to a process that includes downloading and running a malware scanner. The feature is part of Facebook's "Malware Checkpoint" system. Sending on this misleading message is counterproductive and will help nobody.

Bookmark and Share
Example
WARNING TO EVERYONE: If you see something like this pop up on your screen, DO NOT CLICK CONTINUE!!! It is a virus, and it will WIPE OUT your computer!!!!

Facebook Account Locked Malware Warning

Text of popup message:

Your account is temporarily locked

Your account has been temporarily locked because we have detected malicious software on your computer. Malware is malicious software that tries to access your personal information, slows your connection, and could cause other problems when you use Facebook. Your computer can become infected with malware when you click or share spammy links.

To get help removing the malware, click Continue. Once the malware is removed, you can log in to your account.


Detailed Analysis
According to a rather breathless "warning" message that is currently circulating on Facebook, users should watch out for a popup screen that advises that their Facebook account has been temporarily locked because malware has been detected on their computer. The message warns users not to click the "continue" button on the popup screen because doing so will install a virus that will wipe out their computer.



The warning includes a screenshot depicting the popup window.

However, the the claims in warning are untrue. The popup window is a legitimate Facebook feature designed to help users rid their computers of malicious software. If the popup window appears on the user's screen when he or she tries to access Facebook, it means that Facebook's security system has detected a possible malware infection on the user's computer and has consequently locked the account until the malware has been removed.

Clicking the "Continue" button will lead the user through an account recovery process that includes downloading and running an anti-virus scanner designed to find and remove malware. This system has been operating on Facebook for several years. A July 2012 Computer World article on the issue explains:

Facebook already uses internal scanners to detect spam and malicious messages that might have been sent from user accounts hijacked by malware.

When found, such accounts are temporarily locked down and their owners are asked to go through a multi-step account recovery process that involves downloading and running a malware scanner called McAfee Scan and Repair.

And Facebook provides information about the process in its help files, noting:

When I log in to Facebook, I see a message telling me I have a virus and need to scan my computer with anti-virus software.

You're seeing this message because our systems detected spam or other malicious content posted by your Facebook account. This activity suggests your computer might be infected with malware. In order to keep both your account and the files on your computer secure, your computer needs to be scanned and cleaned. Since we partner with anti-virus vendors like McAfee and Microsoft, you can do this for free by logging into Facebook and following the on-screen directions.

In 2012, Facebook extended this "Malware Checkpoint" functionality to allow users to download and run selected anti-malware products before they received the above "account locked" message. In an announcement about the feature, Facebook noted:

Previously, if you suspected you may have malware installed on your device, you would either need to run anti-virus on your device or wait until Facebook identified an actionable threat. Now, with our new self-enrollment malware checkpoint, you will be able to proactively obtain your choice of a free anti-virus product to scan and clean your system.

Thus, the popup is not a threat as claimed in the above bogus warning. Ironically, the system is designed to help people deal with malware that may already be on their system, so this warning is not only wrong but could actually increase the risk to users by denying them the opportunity to clean their computers. Reposting this misleading information is therefore counterproductive and will help nobody.

That said, it is perhaps understandable that users have been concerned about these popup messages, because similar claims are often made in scam emails. Some phishing scam emails may claim that a user's account will be disabled if they do not click a link or open an attached file to update account information. These scam are designed to steal account login details. And, given that some malware may cause unexpected windows to appear that try to trick users into disclosing account information, it is always wise to be cautious and check any such requests before proceeding. However, in the case of the above popup notification, which will only be displayed when users try to access their Facebook accounts, the claims are legitimate.

Of course, the best way of avoiding having your Facebook account locked for malware as described above is to ensure that you already have up-to-date anti-virus and anti-malware scanners installed on your computer. You should also make sure that your operating system, browser and other software always has the most recent security updates applied, as this will also help avoid malware infections. And, as always, caution is required when following links or opening attachments in unsolicited messages.


Bookmark and Share

Last updated: May 29, 2013
First published: May 29, 2013
Research: David White, Brett Christensen
Written by Brett M. Christensen
About Hoax-Slayer

References
Facebook Account Lockout - Please Run a McAfee Virus Scan
Facebook launches malware checkpoints for users with infected computers
When I log in to Facebook, I see a message telling me I have a virus and need to scan my computer with anti-virus software
Malware Checkpoint for Facebook