Facebook Team Security 2013 Phishing Scam - 'Last Warning - Your Account Will Be Disabled'
Message purporting to be a "last warning" from Facebook Security 2013 claims that recipients must click a link and re-confirm their account within 24 hours or their Facebook account will be deleted.
The email is not from Facebook Security and the claim that users will have their accounts disabled if they do not confirm account details is a lie. The message is a phishing scam designed to steal both Facebook and webmail login details. If you receive one of these messages, do not click any links or open any attachments that it may contain.
Subject: Last warning Facebook Team Security 2013
Last Warning: Your account will be disabled!
Immediately confirm your account in order to avoid blocking.
This is due to the number of Facebook users who use fake profiles, which violates the provisions of our services. If you are the original owner of this account please confirm your account to avoid blocking the account.
Please re-confirm your account here:
If within 24 hours you do not confirm, then your account will be deleted and the user will not be able to use it again.
Facebook Team Security 2013.
Terms of Intellectual Property and Security Policy
Copyright © 2013 ™ All rights reserved
Facebook Inc. P.O. Box 10005, Palo Alto, CA 94303
This rather threatening email, which claims to be a "last warning" from Facebook Team Security 2013, warns recipients that, if they fail to click a link and reconfirm account details within 24 hours, their Facebook account will be permanently deleted. Recipients are informed that, due to the creation of fake profiles by a number of users, original owners of Facebook accounts must immediately confirm their account details to avoid being blocked.
However, the email is not from Facebook Security or any other legitimate Facebook source. In fact, the message is a phishing scam
designed to trick users into disclosing both their Facebook and webmail account login details to Internet criminals. Those who fall for the ruse and click the scam link, will be presented with the following fake Facebook login, which is designed to closely emulate the genuine Facebook website:
If they supply their Facebook login details on the fake form, victims will then be taken to a second bogus page that asks them to submit the username and password for their email account as well as other personal information:
Finally, victims are shown a message supposedly confirming
their submission before being automatically redirected to the real Facebook website:
All information supplied via the fake forms can be collected by criminals and used to hijack real Facebook and webmail accounts.
The scammers may use the hijacked accounts to perpetrate further spam and scam campaigns
and impersonate the genuine account holders for their own nefarious purposes. This is just one example in a series of similar "Facebook Security" phishing scams
that have targeted Facebook users in recent years. If you receive one of these "Facebook Security" messages, do not click any links or open any attachments that it may contain.
Last updated :August 20, 2013
First published: February 26, 2013
By Brett M. Christensen