How To Avoid Facebook Phishing Scams

Online criminals use a variety of methods to target Facebook users. These include Facebook cloning, like-farming, and survey scams. But, Facebook phishing scams are the most dangerous and potentially damaging of these.

Why? Because, unlike cloning and fake prize scams, phishing allows criminals to actually take control of your account and use it as they see fit.

Facebook phishing scammers want your personal and financial information. They want the login credentials for your Facebook and email accounts. They want your credit card numbers. They want to steal your identity.

The most common tactics that Facebook scammers use to steal your account login details and other personal and financial information. 

Set aside a few minutes to go through this report and you will come away well equipped to protect yourself from Facebook phishing scammers. You’ll also be in a position to help your Facebook friends avoid being scammed by letting them know how such scammers operate.

One very common way that online criminals attempt to hijack your account is by sending you fake messages that claim that your Facebook account is about to be disabled or suspended.

The messages, which may arrive via Facebook’s internal messaging system or via email, appear to originate from official entities such as “Facebook Security”, “Facebook Admin”, or the “Facebook Ads Team”. 

Typically, the messages warn that your account has been reported by other users or is in violation of Facebook’s Terms of Service and is therefore about to be closed or suspended. But, claim the messages, you can avoid the pending account closure by clicking a link to “confirm” or “verify” your account.

If you do click the link, you will be taken to a fraudulent website that has been built to look like it is part of Facebook. Once on the fake page, you will be asked to log in with your Facebook account email address and password.

In many cases, you will then be taken to further fake forms that ask for your email account password, your credit card details, and a lot of other personal information. 

After submitting all of the requested information, you may receive a final message claiming that you have successfully avoided the account suspension or closure.

Meanwhile, the criminals can collect the information you supplied and use it to hijack your Facebook and email accounts. Once they have gained access, they can use the compromised accounts to launch further spam and scam campaigns, including more Facebook phishing scams like the ones we are discussing here.

They can also use your credit card to make fraudulent purchases. And, if they have gathered enough of your personal details, they may even be able to steal your identity.

In other types of Facebook-related phishing scams, you may be tricked into clicking a link in a personal message from a friend. The message may claim that the friend has seen you in a compromising photo or video and you should click to access it.

Or, they may claim that you have been featured in a video that is “going viral” on YouTube or another video sharing website. The messages include a link that supposedly allows you to view the video.

But, the links open a scam website that claims that you must log in with your Facebook username and password before you can access the supposed video or photo. Criminals can harvest the information you supply and use it to take control of your Facebook account.

And, of course, you will never get to see the promised photo or video, which never existed in the first place.

Other versions may claim that you should click to view a “breaking news” report or “urgent” warning. Again, the link will lead to a fake Facebook site that is designed to steal your login credentials and other personal information.

You might be more inclined to believe these messages and click on them because they appear to have been sent by one of your Facebook friends.

Why would a friend send you such a message? Often, you receive these messages because your friend’s Facebook account has been hijacked by scammers and used to distribute more of the same scams. In other cases, the bogus messages may have been sent from a cloned account and did not actually come from your friend at all. 

Some phishing scam messages may simply claim that Facebook is performing an update and you must click a link to log in to your “updated” account.

Or, they may claim that some of your account or credit card details appear to be out of date and must be verified by clicking a link and following the instructions.

As with other types of Facebook phishing, the links open fraudulent websites that try to trick you into first entering your Facebook login credentials and then filling in a bogus “verification” or “update’ form.

Instead, log in to Facebook either by entering the address into your browser’s address bar or via an official Facebook app. If you do receive a message from Facebook about an account issue, it will not threaten an immediate account suspension, if you do not click a link. 

Genuine Facebook messages will not directly ask for your account password or other identifying information such as social security or driver’s licence numbers. If a message that claims to be from Facebook has misspellings and strange or unusual grammar, it may well be a scam.

The scam messages also link to web addresses that do not belong to Facebook. If you do inadvertently click a link and what appears to be a Facebook login page opens in your browser, always check the web address.

Aside from the uncommon exceptions, described in the next section, the web address should always start with “www.facebook.com”. If it is not, then you are likely to be on a scam website and should not proceed.

In some cases, links in the scam messages may be disguised so that they only appear to go to the genuine Facebook site when they actually go to another website.

If you hover your mouse cursor over a link in an email, the real URL will usually be revealed either in the status bar at the bottom of your email program or in a small popup.  Be very cautious if the actual link is different to the link displayed in the message.

This is a common scammer ploy and is used in many different types of scam messages, not just those related to Facebook. 

Hoax-Slayer:

You Might Also Read:

Guide To All Things Criminal On The Web

« How Did Iran Find CIA Spies? They Googled It!
Iran Admits To Being Hit By Cyber Attack »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall (and why does it matter)?

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall (and why does it matter)?

Watch this webinar to hear security experts from Amazon Web Services (AWS) and SANS break down the myths and realities of what an NGFW is, how to use one, and what it can do for your security posture.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

Parasoft

Parasoft

Parasoft is an independent software testing and software quality assurance tool and solution vendor.

Bolton Labs

Bolton Labs

Bolton Labs is a leading provider cybersecurity services, tools, and analysis for MSPs and organizations who want to scale their security offerings.

SecureMetric Technology

SecureMetric Technology

SecureMetric is one of SE Asia’s leading players in the field of digital security with a focus on Software Licensing Protection, 2-Factor Authentication, Advanced Identity and Access Management, Publi

Avansic

Avansic

Avansic is a leading provider of e-discovery and digital forensics services to attorneys, litigation support teams, and business communities.

Capy

Capy

Capy's SaaS-based security solutions will protect your website from bots, spam, humans and more.

Anitian

Anitian

The Anitian Compliance Automation platform builds, configures, and monitors cloud environments to accelerate compliance for standards such as FedRAMP, PCI, ISO/GDPR and CJIS.

SECURITI.ai

SECURITI.ai

SECURITI.ai's PrivacyOps platform is a full-stack solution that operationalizes and simplifies privacy compliance using robotic automation and a natural language interface.

TalaTek

TalaTek

TalaTek is a full-service risk management firm providing expert services in risk management, cybersecurity, and compliance.

FirstWave Cloud Technology

FirstWave Cloud Technology

FirstWave Cloud Technology is a global cyber security company which has been delivering Cybersecurity-as-a-service solutions to the market since 2004.

National Academy of Cyber Security (NACS)

National Academy of Cyber Security (NACS)

National Academy of Cyber Security provides Professional Training Courses and Programmes in Cyber Security.

Curity

Curity

The Curity Identity Server brings identity and API security together, enabling highly scalable and secure user access to digital services.

Rhymetec

Rhymetec

Rhymetec are an industry leader in cloud security, providing innovative cybersecurity and data privacy services to the modern-day SaaS business.

Kralos

Kralos

Kralos are an experienced team of Software and IT experts, specialized in the development of innovative cybersecurity solutions.

Agile Defense

Agile Defense

Agile Defense is an Information Technology services provider, delivering leading-edge Digital Transformation solutions to the Federal Government.

Iolo

Iolo

Iolo develops patented technology and award-winning software that repairs, optimizes, and protects computers, to maximize system speed and performance while keeping them safe.

Averlon

Averlon

Averlon offers organizations peerless cloud security through Panoptic Cloud Visibility, Predictive Attack Intelligence and Rapid Remediation.