“Facebook Security” Phishing Attacks Continue to Dupe Users

When NOT to trust Facebook Security.

When using the Facebook website it would make sense to listen to the sites security team when (or if) they ever contact you, especially if it’s in your own best interest, right?

Well online scam artists continually take advantage of this fact by developing a popular social engineering trick that involves them disguising themselves as Facebook Security to lure users into parting with sensitive information, such as their Facebook login credentials.

Most popularly these scams work by either sending the victim an email purportedly from Facebook security or – more recently – changing the account names of already compromised profiles to “Facebook Security” and using that account to bait the contacts of the account by sending them Facebook mail or chat messages.

A fake chat message

In the latter example, because Facebooks filters block users from naming accounts “Facebook Security”, scammers will use non-English characters that aesthetically look like the letters they’re meant to represent (see image left) for the same effect.

Typically these scams will use disguise of the Facebook Security team to lead victims to spoof websites which request a user enter their logon credentials which are then duly stolen by the scammer.

Avoiding these scams is simple. Always be sceptical of communication purporting to from Facebook Security whether it be through email or from within the Facebook website itself, especially if such communication leads to requests for your Facebook username and password, or other sensitive information.

For more information on Facebook phishing scams click this link here.

Share
Published by
Craig Haley