Phishing Scam - 'Account Reported for Annoying and Insulting Facebook Users'
Message claiming to be from "Security The Facebook Team" warns recipients that their account has been reported for violating Facebook policies. Users are told that they must click a link to reconfirm their account within12 hours or the account will be disabled.
The message is not from Facebook. It is a revamped version of earlier phishing scams that have targeted Facebook users for several years. The link opens a bogus website that asks users to provide Facebook login details as well as a large amount of personal and financial information. Criminals can use the stolen information to hijack Facebook and email accounts, commit financial fraud and steal identities.
Warning!!! Security The Facebook Team!! Note:
Your account is reported to have violated the policies that are considered annoying or insulting Facebook users. The system will disable your account within 12 hours if you do not do the reconfirmation. Please confirm your facebook account on the following link: [[security]] =>Link Removed
Thanks. note: please complete your data correctly.
Facebook © 2013 Copyright Network Inc.
This supposed warning, which purports to be from "Security The Facebook Team!!" informs users that their account has been reported for violating Facebook policies. The message suggests that material posted on the account is considered annoying and insulting to Facebook users and has thus been reported. The message instructs people to click a link to reconfirm their account. It warns that if users do not "do the reconfirmation" within 12 hours, their account will be disabled.
However, the message is a phishing scam and was not sent by Facebook Security. The message is designed to trick Facebook users into divulging personal and financial information to cybercriminals.
Those lured into clicking the link will be taken to a fake Facebook webpage and asked to login:
Next, they are taken to a page that asks for the email account address and password and other email account details:
Yet another page asks them to provide credit card details:
Finally, they are redirected to the genuine Facebook Security Page.
All of the information requested via the fake web pages can be collected by criminals and used to commit credit card fraud and identity theft. The criminals can also use the stolen information to hijack the real Facebook and email accounts belonging to their victims and use them to conduct further spam and scam activities.
The scam message is a revamped variant of earlier phishing attempts that have targeted Facebook users since at least 2011. And several other phishing attacks in recent years have falsely claimed to be from Facebook Security.
Be wary of any message that claims that you must click a link to update your Facebook account details. When logging in, always check the address to verify that you are on the real Facebook website rather than on a bogus look-a-like page.
Last updated: July 30, 2015
First published: August 23, 2013
By Brett M. Christensen