Fake Facebook Security Team phishes passwords from users

Fake Facebook securityA number of Facebook users have reported to us receiving mysterious messages, seemingly from Facebook’s security team, telling them that their accounts have been suspended.

The spam messages, however, are not legitimate.

In reality they have been sent out by fraudsters posing as Facebook’s real security team, with the intention of phishing credentials from unsuspecting users.

Facebook phishing message

Sign up to our free newsletter.
Security news, advice, and tips.

Part of the message reads:

We have reviewed the suspension on your account. After reviewing your account activity, it was determined that you were in violation of our Terms of Service. We have provided a warning to you via email, but you do not respond to our notification. Therefore, your account is permanently suspended, and will not be reactivated for any reason.

If you think this is a mistake, please verify your account on the link below. This would indicate that your account does not have a violation in playing on our application. We will immediately review your account activity, and we will notify you again via email.

Note : If within 12 hours, you have not verified your account on our link, then you have ignored our notifications. Therefore, your account is permanently suspended, and will not be reactivated for any reason.

One curious thing about the message is that it comes from Ŧacẻbóok Sẻcurƚy – clearly someone using non-standard characters in an attempt to fool the unwary into believing that they represent Facebook’s Security Team.

Not the real Facebook Security

The eagle-eyed amongst you will also notice the spelling mistake in the url that you are asked to click on – another hint that something strange is afoot.

But obviously there is a danger that some people will be so freaked out by the possibility that their Facebook account will be permanently suspended that they will rush into clicking on the link without thinking of the possible consequences.

If you do click on the link you are taken to a phishing webpage which asks you to enter an array of personal information.

Facebook phishing page

The use of official Facebook images is deliberate – designed to trick the unwary into believing they are sharing their name, email address, password, credit card details, date of birth and answers to secret questions with Facebook’s team.

Cybercriminals could use the information to break into your Facebook account, or send further malicious attacks directly to your email address. You should always take great care to keep your passwords and personal information secure – play your cards close to your chest and don’t make it easy for internet thieves to steal your data or break into your account.

We have informed Facebook’s real security team about this attack, and hopefully they will shut it down soon. In the meantime, don’t click on the links.

If you’re a member of Facebook, and want to keep up-to-date on security issues including social network threats, don’t forget to join the Sophos Facebook page.

Update: Here’s another version of the same scam:

Another Facebook phish

Graham Cluley is an award-winning keynote speaker who has given presentations around the world about cybersecurity, hackers, and online privacy. A veteran of the computer security industry since the early 1990s, he wrote the first ever version of Dr Solomon's Anti-Virus Toolkit for Windows, makes regular media appearances, and is the co-host of the popular "Smashing Security" podcast. Follow him on Twitter, Mastodon, Threads, Bluesky, or drop him an email.

What do you think? Leave a comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.