Spam attack hits Facebook’s own Help Center

Graham Cluley
Graham Cluley
@
@[email protected]
@gcluley

Facebook Help CenterThe community forum on Facebook’s Help Center has become overrun by spammers, making the self-help support community effectively useless.

The spam messages, which at the time of writing are claiming to offer ways to watch live streaming video of American football games, appear to have been posted by bogus or compromised Facebook accounts.

Spam messages in Facebook's help center. Click for larger version

Clicking on the links typically takes you to a webpage which asks you to hand over your email address, claiming that you will be sent a program that will allow you to watch live streaming video of football games. The potentials for abuse or malicious attack are obvious – and we would recommend that no users click on the links.

Sign up to our free newsletter.
Security news, advice, and tips.

The alarm was first raised about the spam attack by the
unofficial Facebook privacy and security blog. Hours later, new spam messages are still appearing on the Facebook Help Center.

Could it be that the spammers are taking advantage of the Thanksgiving holiday weekend, when Facebook’s security team may be more lightly staffed than normal?

Certainly it’s embarrassing for the social networking website to have one of its own pages hit so significantly by spammers, when it has recently been lauding its achievements in the fight against Facebook spam.

Snippet of Facebook security infographic

With approximately 800 million users on Facebook, spammers will continue to seek out holes in the site’s armour and try to trick the unwary into clicking on their links. To have the best chance of success, Facebook needs 24 x 7 protection, every single day of the year, and to raise awareness of the risks amongst its userbase.

Make sure that you keep informed about the latest scams spreading fast across Facebook and other internet attacks. Join the Sophos page on Facebook, where over 150,000 people regularly share information on threats and discuss the latest security news.

Hat-tip: The unofficial Facebook privacy and security blog.


Graham Cluley is an award-winning keynote speaker who has given presentations around the world about cybersecurity, hackers, and online privacy. A veteran of the computer security industry since the early 1990s, he wrote the first ever version of Dr Solomon's Anti-Virus Toolkit for Windows, makes regular media appearances, and is the co-host of the popular "Smashing Security" podcast. Follow him on Twitter, Mastodon, Threads, Bluesky, or drop him an email.

What do you think? Leave a comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.