Debunking email hoaxes and exposing Internet scams since 2003!

Hoax-Slayer Logo Hoax-Slayer Logo

DividerDivider
Home    About    New Articles    RSS Feed    Subscriptions    Contact
DividerDivider


Site Navigation










Facebook Account Update Phishing Scam Email

Outline
Email, purporting to be from Facebook, claims that Facebook is implementing a new login system and that the user must therefore follow a link in the message to update his or her account.



Brief Analysis
The email is not from Facebook. In fact the message is a phishing scam designed to steal Facebook login details.

Bookmark and Share
Detailed analysis and references below example.

Enter your email address to subscribe to the Hoax-Slayer Newsletter:




Scroll down to submit comments
Last updated: 22nd December 2010
First published: 22nd December 2010
Article written by Brett M. Christensen
About Brett Christensen and Hoax-Slayer


Example
Subject: Facebook Account Update

Dear Facebook user,

In an effort to make your online experience safer and more enjoyable, Facebook will be implementing a new login system that will affect all Facebook users. These changes will offer new features and increased account security.
Before you are able to use the new login system, you will be required to update your account.
Click here to update your account online now.
If you have any questions, reference our New User Guide.
Thanks,
The Facebook Team

Facebook Phishing Scam Email




Detailed Analysis
This email, which purports to be from social networking website, Facebook, claims that Facebook is about to implement a new login system. The message claims that Facebook users must follow a link in the message to update their details before they will be able to use the new system.

However, the email is not from Facebook and the claim that Facebook users are required to update their account details is untrue. In fact, the email is a phishing scam designed to steal Facebook login details from unsuspecting users. To further the illusion of legitimacy, the email is designed and formatted to resemble a genuine Facebook message. Those who fall for the ruse and follow the link in the bogus email will be taken to the following fake Facebook login page:

Fake Facebook Login Page

The fake login page has been created so that it looks like a genuine Facebook login.

If a victim enters his or her username and password on the bogus page and clicks the "Login" button, the following pop-up notice will be displayed:

Bogus Facebook redirect notice

The notice claims that the account confirmation has been completed. Clicking the "OK" button takes the user to the genuine Facebook website.

Users who submit their login details on the fake page will actually be sending their username and password directly to the criminals running the phishing scam. Because the scam notice redirects to the genuine Facebook website, the victim may not realize that his or her account has been compromised until it is too late.

Once they have stolen this information, the scammers can then login to their victim's real Facebook account and pose as the genuine user. They can also change account details thereby effectively locking the genuine user out of his or her Facebook account. Having successfully hijacked the user's account, the scammers can then use it to post spam and scam messages in the victim's name and steal any personal information stored in the account.

Phishing scammers regularly target Facebook users. Users should be very cautious of any email that claims to be from Facebook and asks them to click a link and provide login or other personal information.

Bookmark and Share



References
Fake Facebook Login Phishing Scam

Last updated: 22nd December 2010
First published: 22nd December 2010
Article written by Brett M. Christensen
About Brett Christensen and Hoax-Slayer