How To Avoid Facebook Phishing Scams

Uploaded on 2018-11-09 in TECHNOLOGY-Key Areas-Social Media, TECHNOLOGY--Hackers, NEWS-Cybersecurity News, FREE TO VIEW

Online criminals use a variety of methods to target Facebook users. These include Facebook cloning, like-farming, and survey scams. But, Facebook phishing scams are the most dangerous and potentially damaging of these.

Why? Because, unlike cloning and fake prize scams, phishing allows criminals to actually take control of your account and use it as they see fit.

Facebook phishing scammers want your personal and financial information. They want the login credentials for your Facebook and email accounts. They want your credit card numbers. They want to steal your identity.

The most common tactics that Facebook scammers use to steal your account login details and other personal and financial information. 

Set aside a few minutes to go through this report and you will come away well equipped to protect yourself from Facebook phishing scammers. You’ll also be in a position to help your Facebook friends avoid being scammed by letting them know how such scammers operate.

One very common way that online criminals attempt to hijack your account is by sending you fake messages that claim that your Facebook account is about to be disabled or suspended.

The messages, which may arrive via Facebook’s internal messaging system or via email, appear to originate from official entities such as “Facebook Security”, “Facebook Admin”, or the “Facebook Ads Team”. 

Typically, the messages warn that your account has been reported by other users or is in violation of Facebook’s Terms of Service and is therefore about to be closed or suspended. But, claim the messages, you can avoid the pending account closure by clicking a link to “confirm” or “verify” your account.

If you do click the link, you will be taken to a fraudulent website that has been built to look like it is part of Facebook. Once on the fake page, you will be asked to log in with your Facebook account email address and password.

In many cases, you will then be taken to further fake forms that ask for your email account password, your credit card details, and a lot of other personal information. 

After submitting all of the requested information, you may receive a final message claiming that you have successfully avoided the account suspension or closure.

Meanwhile, the criminals can collect the information you supplied and use it to hijack your Facebook and email accounts. Once they have gained access, they can use the compromised accounts to launch further spam and scam campaigns, including more Facebook phishing scams like the ones we are discussing here.

They can also use your credit card to make fraudulent purchases. And, if they have gathered enough of your personal details, they may even be able to steal your identity.

In other types of Facebook-related phishing scams, you may be tricked into clicking a link in a personal message from a friend. The message may claim that the friend has seen you in a compromising photo or video and you should click to access it.

Or, they may claim that you have been featured in a video that is “going viral” on YouTube or another video sharing website. The messages include a link that supposedly allows you to view the video.

But, the links open a scam website that claims that you must log in with your Facebook username and password before you can access the supposed video or photo. Criminals can harvest the information you supply and use it to take control of your Facebook account.

And, of course, you will never get to see the promised photo or video, which never existed in the first place.

Other versions may claim that you should click to view a “breaking news” report or “urgent” warning. Again, the link will lead to a fake Facebook site that is designed to steal your login credentials and other personal information.

You might be more inclined to believe these messages and click on them because they appear to have been sent by one of your Facebook friends.

Why would a friend send you such a message? Often, you receive these messages because your friend’s Facebook account has been hijacked by scammers and used to distribute more of the same scams. In other cases, the bogus messages may have been sent from a cloned account and did not actually come from your friend at all. 

Some phishing scam messages may simply claim that Facebook is performing an update and you must click a link to log in to your “updated” account.

Or, they may claim that some of your account or credit card details appear to be out of date and must be verified by clicking a link and following the instructions.

As with other types of Facebook phishing, the links open fraudulent websites that try to trick you into first entering your Facebook login credentials and then filling in a bogus “verification” or “update’ form.

Instead, log in to Facebook either by entering the address into your browser’s address bar or via an official Facebook app. If you do receive a message from Facebook about an account issue, it will not threaten an immediate account suspension, if you do not click a link. 

Genuine Facebook messages will not directly ask for your account password or other identifying information such as social security or driver’s licence numbers. If a message that claims to be from Facebook has misspellings and strange or unusual grammar, it may well be a scam.

The scam messages also link to web addresses that do not belong to Facebook. If you do inadvertently click a link and what appears to be a Facebook login page opens in your browser, always check the web address.

Aside from the uncommon exceptions, described in the next section, the web address should always start with “www.facebook.com”. If it is not, then you are likely to be on a scam website and should not proceed.

In some cases, links in the scam messages may be disguised so that they only appear to go to the genuine Facebook site when they actually go to another website.

If you hover your mouse cursor over a link in an email, the real URL will usually be revealed either in the status bar at the bottom of your email program or in a small popup.  Be very cautious if the actual link is different to the link displayed in the message.

This is a common scammer ploy and is used in many different types of scam messages, not just those related to Facebook. 

Hoax-Slayer:

You Might Also Read:

Guide To All Things Criminal On The Web

« How Did Iran Find CIA Spies? They Googled It!
Iran Admits To Being Hit By Cyber Attack »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall (and why does it matter)?

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall (and why does it matter)?

Watch this webinar to hear security experts from Amazon Web Services (AWS) and SANS break down the myths and realities of what an NGFW is, how to use one, and what it can do for your security posture.

BMC Software

BMC Software

BMC provide solutions for IT service management, Cloud management, IT workload automation, IT operations, and mainframe system management.

Ground Labs

Ground Labs

Ground Labs is a security software company dedicated to making sensitive data discovery products that help organisations prevent sensitive data loss.

BankVault

BankVault

BankVault is a new type of cyber technology (called remote isolation) which sidesteps your local machine and any possible malware.

Dark Cubed

Dark Cubed

Dark Cubed is an easy-to-use cyber security software as a service (SaaS) platform that deploys instantly and delivers enterprise-grade threat identification and protection at a fraction of the cost.

Ensign InfoSecurity

Ensign InfoSecurity

Ensign InfoSecurity is Southeast Asia’s largest pure-play cybersecurity firm.

Verafin

Verafin

Verafin is one of the North American leaders in fraud detection and AML software.

European Healthcare Fraud & Corruption Network (EHFCN)

European Healthcare Fraud & Corruption Network (EHFCN)

EHFCN is the only organisation dedicated to combating fraud, corruption and waste in the healthcare sector across Europe.

Point Predictive

Point Predictive

Point Predictive build Predictive Models using Artificial Intelligence and Machine Learning techniques that help our customers stop fraud and early payment default (EPD).

Quintillion Consulting

Quintillion Consulting

Quintillion Consulting is a strategic risk based consulting firm. We help companies safeguard the core business and IT capabilities that deliver competitive advantage.

SoloKeys

SoloKeys

SoloKeys provides the first open-source FIDO2 security key: Protect your online accounts against unauthorized access by using the most secure login method.

Framatome

Framatome

Framatome Cybersecurity portfolio is directly inspired by its unique experience in nuclear safety for critical information systems and electrical systems design.

SpiderOak

SpiderOak

SpiderOak's portfolio of Secure Communication & Collaboration products ensure the confidentiality, integrity, and availability of your most sensitive data in any environment.

eaziSecurity

eaziSecurity

eaziSecurity has built an eco-system of technology and services that bring enterprise scale security solutions to the SME marketplace.

CloudDefense.AI

CloudDefense.AI

CloudDefense.AI is an industry-leading multi-layered Cloud Native Application and Protection Platform (CNAPP) that safeguards your cloud infrastructure and cloud-native apps,

DigitalXForce

DigitalXForce

DigitalXForce is the Digital Trust Platform for the New Era – SaaS based solution that provides Automated, Continuous, Real Time Security & Privacy Risk Management.

Realm.Security

Realm.Security

Realm.Security is pioneering the creation of an easy-to-implement, simple-to-use security fabric solution that is purpose-built for cybersecurity.