How To Avoid Facebook Phishing Scams

Uploaded on 2018-11-09 in TECHNOLOGY-Key Areas-Social Media, TECHNOLOGY--Hackers, NEWS-Cybersecurity News, FREE TO VIEW

Online criminals use a variety of methods to target Facebook users. These include Facebook cloning, like-farming, and survey scams. But, Facebook phishing scams are the most dangerous and potentially damaging of these.

Why? Because, unlike cloning and fake prize scams, phishing allows criminals to actually take control of your account and use it as they see fit.

Facebook phishing scammers want your personal and financial information. They want the login credentials for your Facebook and email accounts. They want your credit card numbers. They want to steal your identity.

The most common tactics that Facebook scammers use to steal your account login details and other personal and financial information. 

Set aside a few minutes to go through this report and you will come away well equipped to protect yourself from Facebook phishing scammers. You’ll also be in a position to help your Facebook friends avoid being scammed by letting them know how such scammers operate.

One very common way that online criminals attempt to hijack your account is by sending you fake messages that claim that your Facebook account is about to be disabled or suspended.

The messages, which may arrive via Facebook’s internal messaging system or via email, appear to originate from official entities such as “Facebook Security”, “Facebook Admin”, or the “Facebook Ads Team”. 

Typically, the messages warn that your account has been reported by other users or is in violation of Facebook’s Terms of Service and is therefore about to be closed or suspended. But, claim the messages, you can avoid the pending account closure by clicking a link to “confirm” or “verify” your account.

If you do click the link, you will be taken to a fraudulent website that has been built to look like it is part of Facebook. Once on the fake page, you will be asked to log in with your Facebook account email address and password.

In many cases, you will then be taken to further fake forms that ask for your email account password, your credit card details, and a lot of other personal information. 

After submitting all of the requested information, you may receive a final message claiming that you have successfully avoided the account suspension or closure.

Meanwhile, the criminals can collect the information you supplied and use it to hijack your Facebook and email accounts. Once they have gained access, they can use the compromised accounts to launch further spam and scam campaigns, including more Facebook phishing scams like the ones we are discussing here.

They can also use your credit card to make fraudulent purchases. And, if they have gathered enough of your personal details, they may even be able to steal your identity.

In other types of Facebook-related phishing scams, you may be tricked into clicking a link in a personal message from a friend. The message may claim that the friend has seen you in a compromising photo or video and you should click to access it.

Or, they may claim that you have been featured in a video that is “going viral” on YouTube or another video sharing website. The messages include a link that supposedly allows you to view the video.

But, the links open a scam website that claims that you must log in with your Facebook username and password before you can access the supposed video or photo. Criminals can harvest the information you supply and use it to take control of your Facebook account.

And, of course, you will never get to see the promised photo or video, which never existed in the first place.

Other versions may claim that you should click to view a “breaking news” report or “urgent” warning. Again, the link will lead to a fake Facebook site that is designed to steal your login credentials and other personal information.

You might be more inclined to believe these messages and click on them because they appear to have been sent by one of your Facebook friends.

Why would a friend send you such a message? Often, you receive these messages because your friend’s Facebook account has been hijacked by scammers and used to distribute more of the same scams. In other cases, the bogus messages may have been sent from a cloned account and did not actually come from your friend at all. 

Some phishing scam messages may simply claim that Facebook is performing an update and you must click a link to log in to your “updated” account.

Or, they may claim that some of your account or credit card details appear to be out of date and must be verified by clicking a link and following the instructions.

As with other types of Facebook phishing, the links open fraudulent websites that try to trick you into first entering your Facebook login credentials and then filling in a bogus “verification” or “update’ form.

Instead, log in to Facebook either by entering the address into your browser’s address bar or via an official Facebook app. If you do receive a message from Facebook about an account issue, it will not threaten an immediate account suspension, if you do not click a link. 

Genuine Facebook messages will not directly ask for your account password or other identifying information such as social security or driver’s licence numbers. If a message that claims to be from Facebook has misspellings and strange or unusual grammar, it may well be a scam.

The scam messages also link to web addresses that do not belong to Facebook. If you do inadvertently click a link and what appears to be a Facebook login page opens in your browser, always check the web address.

Aside from the uncommon exceptions, described in the next section, the web address should always start with “www.facebook.com”. If it is not, then you are likely to be on a scam website and should not proceed.

In some cases, links in the scam messages may be disguised so that they only appear to go to the genuine Facebook site when they actually go to another website.

If you hover your mouse cursor over a link in an email, the real URL will usually be revealed either in the status bar at the bottom of your email program or in a small popup.  Be very cautious if the actual link is different to the link displayed in the message.

This is a common scammer ploy and is used in many different types of scam messages, not just those related to Facebook. 

Hoax-Slayer:

You Might Also Read:

Guide To All Things Criminal On The Web

« How Did Iran Find CIA Spies? They Googled It!
Iran Admits To Being Hit By Cyber Attack »

Infosecurity Europe
CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

Resecurity

Resecurity

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

Arxan Technologies

Arxan Technologies

Arxan is a leader of application attack-prevention and self-protection products for Internet of Things (IoT), Mobile, Desktop, and other applications.

ThreatHunter.ai

ThreatHunter.ai

ThreatHunter.ai (formerly Milton Security) is a business that tracks down and mitigates attacks in real time using our ARGOS Platform and our Elite Threat Hunters.

Blue Lights Digital

Blue Lights Digital

Blue Lights Digital have developed a range of platforms to support digital investigations, as well as providing continued support and education for investigations professionals.

Mantix4

Mantix4

Mantix4’s M4 Cyber Threat Hunting Platform actively defends against cyber threats.

TitanHQ

TitanHQ

TitanHQ offers ultimate protection from internet based threats and powerful Web filtering functionalities to SMBs, Service Providers and Education sectors around the World.

Telelogos

Telelogos

Telelogos is a European provider of Enterprise Mobility Management software, Digital Signage software and Data Transfer and Synchronization software.

ThreatAware

ThreatAware

Total visibility of your business cybersecurity. Monitoring, management and compliance for your cybersecurity tools, people and processes from one easy to use dashboard.

Neudomains

Neudomains

Neudomains is a Corporate Domain Name Management and Brand Protection Online Specialist. One of the world's top providers of online brand protection and enforcement.

UKsec: Virtual Cyber Security Summit

UKsec: Virtual Cyber Security Summit

Join 100s of UK Cyber Security Leaders Online for Expert Cyber Security Talks, Strategy Insights, Cyber Resilience Tips and More.

Privacera

Privacera

Privacera enables consistent data governance, security, and compliance across all your data services - on-premises and in the cloud - so you can maximize the value of your data.

Sharktech

Sharktech

Sharktech designs, develops, and supports advanced DDoS protection and web technologies.

Air IT

Air IT

Air IT are a responsive, client-focused and award-winning Managed Service Provider, helping clients achieve success and transformation through their IT and communications.

PhishFirewall

PhishFirewall

PhishFirewall is an advanced AI-driven CyberSecurity Awareness Education, Threat Emulation, and Human Security Analytics Platform.

BigBear.ai

BigBear.ai

BigBear.ai delivers high-end analytics capabilities across the data and digital spectrum to deliver information superiority and decision support.

Wabbi

Wabbi

Wabbi’s continuous security platform centralizes, automates and orchestrates security governance and vulnerability management to empower development teams to own appsec.

Cloud Carib

Cloud Carib

Cloud Carib is the premier provider of managed cloud services in the Caribbean and Latin American regions.