“I’ll be closing my account” Facebook phishing scams

A phishing scam is circulating Facebook virally that leads to either a phishing scam or a rewards/survey scam, depending on what part of the scam you see.





Part 1 of the scam, examples


Im very ssеrіоus if u do not stоp showin this оf mе I wіll be shuttіn down my account.
– tumblr link removed –


I’m еxtrеmely sserious іf yоuu do not stop pоstіng this аbоut me I wіll bе erаsіng my accоunt.
tumblr link removed


Im super serіous guys іf yоu dont stоp shаring this about mе I will bе erasіng my аccоunt. –tumblr link removed-


Part 2 of the scam, examples


these pe?pl? ar? handingg th?s? out on th?s sp?c??l tumblr l?nk. I just rec?ev?dd m?ne this morning
-tumblr link removed-


they are gіvіng thesе аway оn this specіаl tumblr link. I just recievedd them this morning – link removed-
th?s c?mpany ?r? p?ss?ng these aw?y on this spec?al tumblr link. I just rec?evedd mine y?st?rd?y –
-tumblr link removed-


If you’re seeing messages on your newsfeed from apparently angry Facebook friends who are upset about something being posted/shared/showed about them, then you’ve just seen a part of successful scam that is circulating virally across Facebook.

Alternatively you may have seen Facebook friends posting about something free they have just received. In which case you’re looking at a different part of the same scam.

When we warn people about Facebook phishing scams, the number 1 rule we always ensure people know is that you never enter your log-in information on any other site other than Facebook, even if the website looks like Facebook.

Advice many users have not been paying much attention to recently, as a phishing scam is duping thousands.

It all starts with a message posted from a friend. You may be tagged in this post. In the examples we have seen (see Part 1 above) the message is about the poster apparently being upset about something being shared. The message wasn’t posted by the friend at all, but of course you’re not to know that. The link in the message leads to what appears to be the Facebook log-in page.

Of course this clever social engineering trick relies on the curiosity of the victim, who will want to see what lies on the other side of the “log-in” page. Without noticing that the page does not belong to Facebook the victim enters their Facebook login details, unaware they have actually just handed them over to a scammer. Oops.

After that mistake the user has given control of their account to a scammer. So what happens next?

Well first, your account is most likely going to start posting spam messages to your friends. And that spam message is going to be very similar to the one that tricked you. I.e. the one about being upset about something being shared across Facebook. This time it’s your friends who are going to be clicking on the link in the message thinking it’s been posted by you.

After that your account will start posting the messages in Part 2 above, which lead to a pretty standard survey/rewards scam which makes money for the scammer. In the examples listed the sites utilise free tumblr domains to redirect to scam websites. The scam posted a message from your account every hour or so, and to add insult to injury it will tag your friends in the posts.

At the time of the writing it appears the messages have stopped. Perhaps Facebook have caught on, or perhaps the scammers have temporarily stopped.

If you fell for the scam then you need to change your password straight away, and make sure you remove all offending posts immediately.

Share
Published by
Craig Haley