29 Nov 2011 - Article No: 1445

LAST WARNING: Your Account is reported to have violated the policies... - Facebook Phishing Attack

Filed under: Facebook Phishing Attack


LAST WARNING : Your account is reported to have violated the policies that are considered annoying
or insulting Facebook users. Until we system will disable your account within 24 hours if you do not do the reconfirmation.

If you still want to use Facebook, Please confirm your account below:

link removed

Thanks.


This message which claims users have violated Facebook policies in order to bait them into responding is once again circulating prolifically.

The social engineering trick of getting Facebook users to respond by pretending they have somehow misused Facebook has been used by scammers for a few years now. 2009 saw a popular attack that spread by sending messages claiming a "friend had reported you for being offensive" and thus in violation of Facebooks terms and conditions. Worried Facebook users followed a link and were tricked into installing rogue Facebook applications and forwarded to malicious websites.

This specific message has been circulating via phishing emails for months, but many Facebook users are reporting to seeing the same message appear in Facebook Chat, meaning rogue Facebook applications may have a part to play in this scam once again.
The message, as typical with phishing scams, leads users to websites designed to look like a leigtimate Facebook webpage, but in reality simply steals all the data you enter into it.

Facebook users are advised to ignore messages of this nature that "warn" users that their Facebook accounts are in danger of being closed due to violations. Many variations to this message exist. Also these messages are linking to many different domains, especially domains that contain multiple hyphens and end in either .co.cc or .tk .

To learn more about Facebook phishing scams like this, check out our blog entry here.





Facebook phishing attacks are designed to steal a Facebook users login username and password which will duly let a scammer take control over a Facebook account. Many phishing scams go much further than this and also request email addresses and passwords, Paypal login information and even debit and credit card information. Such phishing attacks use external websites designed to look and feel like the standard Facebook environment. Such external sites will request this personal information which is sent straight to a scammer.

Facebook users who fall victim to such phishing attacks can have their Facebook accounts, email accounts, Paypal accounts and bank accounts compromised. It is important to note that Facebook NEVER ask for ANY passwords, and will also never ask for your Paypal or banking information. ONLY ever enter your Facebook password on the real Facebook login screen (www.Facebook.com) and never any where else.

For more information on Facebook phishing attacks and how to avoid them, read our blog post here.

comments powered by Disqus