How To Avoid Facebook Phishing Scams

Uploaded on 2018-11-09 in TECHNOLOGY-Key Areas-Social Media, TECHNOLOGY--Hackers, NEWS-Cybersecurity News, FREE TO VIEW

Online criminals use a variety of methods to target Facebook users. These include Facebook cloning, like-farming, and survey scams. But, Facebook phishing scams are the most dangerous and potentially damaging of these.

Why? Because, unlike cloning and fake prize scams, phishing allows criminals to actually take control of your account and use it as they see fit.

Facebook phishing scammers want your personal and financial information. They want the login credentials for your Facebook and email accounts. They want your credit card numbers. They want to steal your identity.

The most common tactics that Facebook scammers use to steal your account login details and other personal and financial information. 

Set aside a few minutes to go through this report and you will come away well equipped to protect yourself from Facebook phishing scammers. You’ll also be in a position to help your Facebook friends avoid being scammed by letting them know how such scammers operate.

One very common way that online criminals attempt to hijack your account is by sending you fake messages that claim that your Facebook account is about to be disabled or suspended.

The messages, which may arrive via Facebook’s internal messaging system or via email, appear to originate from official entities such as “Facebook Security”, “Facebook Admin”, or the “Facebook Ads Team”. 

Typically, the messages warn that your account has been reported by other users or is in violation of Facebook’s Terms of Service and is therefore about to be closed or suspended. But, claim the messages, you can avoid the pending account closure by clicking a link to “confirm” or “verify” your account.

If you do click the link, you will be taken to a fraudulent website that has been built to look like it is part of Facebook. Once on the fake page, you will be asked to log in with your Facebook account email address and password.

In many cases, you will then be taken to further fake forms that ask for your email account password, your credit card details, and a lot of other personal information. 

After submitting all of the requested information, you may receive a final message claiming that you have successfully avoided the account suspension or closure.

Meanwhile, the criminals can collect the information you supplied and use it to hijack your Facebook and email accounts. Once they have gained access, they can use the compromised accounts to launch further spam and scam campaigns, including more Facebook phishing scams like the ones we are discussing here.

They can also use your credit card to make fraudulent purchases. And, if they have gathered enough of your personal details, they may even be able to steal your identity.

In other types of Facebook-related phishing scams, you may be tricked into clicking a link in a personal message from a friend. The message may claim that the friend has seen you in a compromising photo or video and you should click to access it.

Or, they may claim that you have been featured in a video that is “going viral” on YouTube or another video sharing website. The messages include a link that supposedly allows you to view the video.

But, the links open a scam website that claims that you must log in with your Facebook username and password before you can access the supposed video or photo. Criminals can harvest the information you supply and use it to take control of your Facebook account.

And, of course, you will never get to see the promised photo or video, which never existed in the first place.

Other versions may claim that you should click to view a “breaking news” report or “urgent” warning. Again, the link will lead to a fake Facebook site that is designed to steal your login credentials and other personal information.

You might be more inclined to believe these messages and click on them because they appear to have been sent by one of your Facebook friends.

Why would a friend send you such a message? Often, you receive these messages because your friend’s Facebook account has been hijacked by scammers and used to distribute more of the same scams. In other cases, the bogus messages may have been sent from a cloned account and did not actually come from your friend at all. 

Some phishing scam messages may simply claim that Facebook is performing an update and you must click a link to log in to your “updated” account.

Or, they may claim that some of your account or credit card details appear to be out of date and must be verified by clicking a link and following the instructions.

As with other types of Facebook phishing, the links open fraudulent websites that try to trick you into first entering your Facebook login credentials and then filling in a bogus “verification” or “update’ form.

Instead, log in to Facebook either by entering the address into your browser’s address bar or via an official Facebook app. If you do receive a message from Facebook about an account issue, it will not threaten an immediate account suspension, if you do not click a link. 

Genuine Facebook messages will not directly ask for your account password or other identifying information such as social security or driver’s licence numbers. If a message that claims to be from Facebook has misspellings and strange or unusual grammar, it may well be a scam.

The scam messages also link to web addresses that do not belong to Facebook. If you do inadvertently click a link and what appears to be a Facebook login page opens in your browser, always check the web address.

Aside from the uncommon exceptions, described in the next section, the web address should always start with “www.facebook.com”. If it is not, then you are likely to be on a scam website and should not proceed.

In some cases, links in the scam messages may be disguised so that they only appear to go to the genuine Facebook site when they actually go to another website.

If you hover your mouse cursor over a link in an email, the real URL will usually be revealed either in the status bar at the bottom of your email program or in a small popup.  Be very cautious if the actual link is different to the link displayed in the message.

This is a common scammer ploy and is used in many different types of scam messages, not just those related to Facebook. 

Hoax-Slayer:

You Might Also Read:

Guide To All Things Criminal On The Web

« How Did Iran Find CIA Spies? They Googled It!
Iran Admits To Being Hit By Cyber Attack »

ManageEngine
CyberSecurity Jobsite
Check Point
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

SharkGate

SharkGate

SharGate provide a cloud-based website security solution to protect websites from being hacked.

Aeriandi

Aeriandi

Aeriandi is a leading provider of hosted PCI security compliance solutions for call centres, trusted by high street banks and major Telcos.

Fortress Group

Fortress Group

Fortress is specialized in confidential and discrete recruitment solutions and temporary staffing in the field of security and risk management.

Flexential

Flexential

Flexential helps organizations optimize their journey of IT transformation while simultaneously balancing cost, scalability, compliance and security.

Cybersecurity Advisors Network (CyAN)

Cybersecurity Advisors Network (CyAN)

CyAN provides a not-for-profit platform that helps private and public organisations as well as governments to identify trusted advisors in the area of Cyber Security and Cyber Crime.

TCN

TCN

TCN is an advanced System Integrator and Infrastructure Company in Albania.

Cyway

Cyway

Cyway is a value-added cybersecurity distributor focusing on on-prem, cloud solutions and hybrid solutions, IoT, AI & machine learning IT security technologies.

Riskaware

Riskaware

CyberAware, by Riskaware, provides business-critical cyber attack analysis and impact assessments using NIST standards aligned with NCSC guidance.

National Institute for Research & Development in Informatics (ICI Bucharest) - Romania

National Institute for Research & Development in Informatics (ICI Bucharest) - Romania

ICI Bucharest is the most important institute in the field of research, development and innovation in information and communication technology (ICT) in Romania.

Moss Adams

Moss Adams

Moss Adams is a fully integrated professional services firm dedicated to assisting clients with growing, managing, and protecting prosperity.

GTT Communications

GTT Communications

GTT are a global network provider that serves thousands of multinational and national enterprise, government and carrier customers with a portfolio of advanced connectivity and security services.

Gomboc.ai

Gomboc.ai

Gomboc solve cloud infrastructure security policy deviations by providing tailored remediations to the IaC (Infrastructure as Code).

NOYB

NOYB

NOYB is a non-profit organization aiming to close the gap between privacy laws and the reality of corporate practice.

Instil Software

Instil Software

Instil helps technology brands transform, innovate and disrupt their markets with category-defining software products that challenge us to think, feel and act in new ways.

Foresights

Foresights

Foresights is a Nordic company utilizing advanced intelligence tradecraft and extensive cyber security capabilities to deliver services and advisory tailored to our client’s critical requirements.

Holiseum

Holiseum

Holiseum delivers innovative cybersecurity solutions for the critical infrastructure organizations, as well as cybersecurity services and consulting.