This is how a Facebook phishing scam can work…

ByCraig Haley

A rogue Facebook app is baiting users of the social networking website into giving away their Facebook login details AND their credit card information to scammers in what is essentially a phishing scam. Here is how it works.

Step 1. The bait.

You get a Facebook chat message from “Facebook Security”.

When you receive a message from what appears to be ‘Facebook Security’ telling you that your account will be deactivated, you may feel a little alarmed. Most of us have lots of information on Facebook and having our account disabled would be a massive inconvenience.

The chat message from “Facebook Security” reads –

WARNING
Our system has received the reports from the other users about the misuse of your account and that may cause your account will be deactivated.The user gets this warning because misusing one of our features.
To confirm your account, please visit:
https://apps. facebook. com/link removed.
If within 12 hours after you receive this information from us and you do not confirm, your account is automatically deactivated permanently.
Thanks,
The Facebook Ads Team
█║▌│█│║▌║││█║▌█║
Copyright © 2016™

The message comes up as a message from Facebook Security and implores you to click the link.

What’s really happening…

One of your Facebook friends got their Facebook account compromised, probably from the same scam as this. The scammers changed the account name to something that looks like “Facebook Security” usually by using foreign characters that resemble English characters to bypass Facebook’s filtering. They also changed the profile picture to the Facebook logo.

Now the account looks unrecognisable, and now appears as if it belongs to Facebook. The scammers will now send messages to the contacts associated with that account. I.e. you.

Step 2. The phish

Clicking the link provided in the message leads to a Facebook app that in turn redirects to an external webpage that looks like this.

PHISH-image1

The page asks Facebook users to login to their account to sort out the problem.

What’s really happening?

This is the spoof part to the scam. It looks like the Facebook login page. But it’s not. You can see from the URL at the top that it has nothing to do with Facebook. As soon as you enter your login information, it is sent straight to the scammer who may very well be able to access your account (unless you have login approvals enabled.)


Sponsored Content. Continued below...




Step 3. The extra phish

Once you enter your Facebook password and username, you’re taken to another page asking you to set a secret question.

PHISH2

What’s really happening?

The scammer still has you on the hook so will try and get more information from you – in this case your secret question, which you may very well have set on more online accounts outside of Facebook. Again, this is sent straight to the scammer once you set it.

Step 3. The extra, extra phish

Once you set the secret question you click through and are now asked for your credit card information.

PHISH3

What’s really happening?

The scammers are basically trying their luck at this stage. They already have your username and password and may already be working on your account by changing your profile name and picture to ‘Facebook Security’ to fool your friends. Now they’re seeing if they can get your credit card information as well. Needless to say, this isn’t a good idea.

Don’t get caught out

The whole scam from start to finish contains major red flags. For one, Facebook Security don’t send Facebook chat messages, which we talked about in step 1. Secondly, all the screenshots may look like the Facebook webpage but the URL at the top gives it away. Additionally, Facebook won’t ask for your credit card information (unless you’re purchasing something from them.)

With phishing scams like this, education is key. Understanding how they work makes you nearly immune to falling for them. Phishing scammers like this rely on poorly educated people who know nothing about online scams, so make sure you keep yourself educated and your friends and family too!

Keep up-to-date with all our latest articles. Follow us on Facebook, Instagram and Twitter.

Continued below...


Thanks for reading! But before you go… as part of our latest series of articles on how to earn a little extra cash using the Internet (without getting scammed) we have been looking into how you can earn gift vouchers (like Amazon vouchers) using reward-per-action websites such as SwagBucks. If you are interested we even have our own sign-up code to get you started. Want to learn more? We discuss it here. (Or you can just sign-up here and use code Nonsense70SB when registering.)

Become a Facebook Supporter. For 0.99p (~$1.30) a month you can become a Facebook fan, meaning you get an optional Supporter Badge when you comment on our Facebook posts, as well as discounts on our merchandise. You can subscribe here (cancel anytime.)