Facebook Security Phishing Scam

Facebook users should be wary of a popular phishing scam directed at fooling victims that they have been contacted by Facebook Security. The scam lures victims to spoof websites that steal your Facebook credentials.

If you’ve been contact by “Facebook Security” recently, there is a significant chance that one of your Facebook friends has become the latest victim to a popular phishing scam that has plagued Facebook for some time now.

The scam works by a scammer gaining unauthorised to a victims Facebook account. Upon gaining access, the scammer changes both the profile name to “Facebook Security” and the profile picture to the Facebook logo. Once this is done the scammer quickly sends out instant messages (which appear as inbox messages to those offline contacts) to the victims Facebook friends claiming that their Facebook account has been reported to be in violation of Facebook’s terms of service (or similar).

A message from a compromised account that leads to a spoof website. The message is NOT from Facebook Security.

Because the profile name and picture have been changed it creates the illusion that the victims friends have been contact by the real Facebook Security (see image inset). Of course they have not been contacted by Facebook security, just by a compromised account with that name.

The message sent to the victim’s friends links to a spoof website that looks like the genuine Facebook page. However the site steals all the information entered into, which most often includes a user’s Facebook username, password and even banking information as well!

No need to say that these details falling into the wrong hands can lead to a whole plethora of online crimes including online identity fraud.

So to avoid falling for phishing scams like this, always follow these simple tips –

– Never enter your Facebook password anywhere, except the genuine Facebook login page.
– Always ensure that you are on the real Facebook website before entering any information. Remember the real site will begin with www.facebook.com.
– Try to avoid clicking links within instant messages or emails.
– Have reliable antivirus installed which can block known phishing websites.

If you notice you are getting messages from an account called “Facebook Security” you need to delete that account from your friends list. If you know that your account has been compromised by this scam and you have been locked out, then you need to warn all of your friends before the scammers fool them too.