Debunking email hoaxes and exposing Internet scams since 2003!


Hoax-Slayer Logo Hoax-Slayer Logo

DividerDivider
Home    About    New Articles    RSS Feed    Subscriptions    Contact
DividerDivider
Bookmark and Share









Alert From Facebook Security Team Phishing Scam

Outline
Message, purporting to be from the Facebook Security Team, claims that the recipient’s Facebook account may have been compromised and that he or she must follow a link to verify account details within 12 hours or risk having the account permanently suspended.



Brief Analysis
The message is a phishing scam designed to steal Facebook and webmail account login details and other personal information from recipients. Note that there are several versions of these scam messages currently being distributed. The wording of the messages may vary.

Bookmark and Share
Detailed analysis and references below example.



Last updated: 30th June 2011
First published: 30th June 2011
Article written by Brett M. Christensen
About Brett Christensen and Hoax-Slayer


Example
Subject: Did you log into Facebook from somewhere new?

Dear [Username removed]

Your Facebook account was recently logged into from a computer, mobile device or other location you've never used before. We have reviewed your account activity, and we get information about possible unauthorized access to your Facebook. We have provided a warning to you via email, but you do not respond to our notification.

“Your account was accessed from a new location : Anonymous Proxy.”

If you are not signing into your Facebook account from "Anonymous Proxy", your Facebook account may have been compromised. We recommend immediately verify your account by carefully on the link below to protect your Facebook account. It may take a few minutes of your time to complete your data.

Please be sure to visit the Facebook Service Account for further information regarding these security issues.
***********************************
[link to scam page removed]
***********************************
Note : If within 12 hours, you have not verified your account, then you have ignored our notifications. Therefore, your account is permanently suspended, and will not be reactivated for any reason.

Thanks,
Facebook Security Team




Detailed Analysis
This message, which purports to be from the “Facebook Security Team”, warns the recipient that his or her Facebook account may have been compromised. According to the message, the account was recently logged into from a computer, mobile device or other location that the user has not previously used, and the account was therefore flagged because of a possible unauthorized access. The message urges the recipient to click a link in order to verify the account. It also bluntly warns that, if the verification is not completed within 12 hours, the recipient’s Facebook account will be “permanently suspended, and will not be reactivated for any reason”.

However, the message is certainly not an official Facebook security notification. Instead, it is a phishing scam designed to steal personal information from users. Users who fall for the ruse and click the link in the message will be taken to a bogus Facebook page where they are asked to enter their Facebook login details along with other personal information, as shown in the following screenshot:

Facebook Security Team Scam 1

Once they have entered the requested information, they are then presented with a second fake form that asks them to provide their webmail login details:

Facebook Security Team Scam 2

Finally, users are presented with yet another page that informs them that the verification process is complete:

Facebook Security Team Scam 3

In reality, all of the information entered into the bogus forms can be collected by Internet criminals. Armed with this information, the scammers are able to hijack both the Facebook account and the webmail account used by their victim and use these hijacked accounts to conduct further fraudulent activities. They may also be able to use other private information collected on the bogus forms along with information stolen from within the hijacked accounts to steal their victim’s identity and commit credit card fraud.

Be very cautious of any message that asks you to follow a link to verify account information even if it looks like a genuine Facebook message and the link leads to a page that looks like the genuine Facebook website. Always login to your Facebook account directly via your web browser rather than by following a link in an email.

Note also that there are several versions of these scam messages currently being distributed. The actual wording of the messages may vary somewhat from the example shown above.

Bookmark and Share

Last updated: 30th June 2011
First published: 30th June 2011
Article written by Brett M. Christensen
About Brett Christensen and Hoax-Slayer