Fake Facebook Security Team phishes passwords from users

Filed Under: Data loss, Facebook, Phishing, Privacy, Social networks, Spam

Fake Facebook securityA number of Facebook users have reported to us receiving mysterious messages, seemingly from Facebook's security team, telling them that their accounts have been suspended.

The spam messages, however, are not legitimate.

In reality they have been sent out by fraudsters posing as Facebook's real security team, with the intention of phishing credentials from unsuspecting users.

Facebook phishing message

Part of the message reads:

We have reviewed the suspension on your account. After reviewing your account activity, it was determined that you were in violation of our Terms of Service. We have provided a warning to you via email, but you do not respond to our notification. Therefore, your account is permanently suspended, and will not be reactivated for any reason.

If you think this is a mistake, please verify your account on the link below. This would indicate that your account does not have a violation in playing on our application. We will immediately review your account activity, and we will notify you again via email.

Note : If within 12 hours, you have not verified your account on our link, then you have ignored our notifications. Therefore, your account is permanently suspended, and will not be reactivated for any reason.

One curious thing about the message is that it comes from Ŧacẻbóok Sẻcurƚy - clearly someone using non-standard characters in an attempt to fool the unwary into believing that they represent Facebook's Security Team.

Not the real Facebook Security

The eagle-eyed amongst you will also notice the spelling mistake in the url that you are asked to click on - another hint that something strange is afoot.

But obviously there is a danger that some people will be so freaked out by the possibility that their Facebook account will be permanently suspended that they will rush into clicking on the link without thinking of the possible consequences.

If you do click on the link you are taken to a phishing webpage which asks you to enter an array of personal information.

Facebook phishing page

The use of official Facebook images is deliberate - designed to trick the unwary into believing they are sharing their name, email address, password, credit card details, date of birth and answers to secret questions with Facebook's team.

Cybercriminals could use the information to break into your Facebook account, or send further malicious attacks directly to your email address. You should always take great care to keep your passwords and personal information secure - play your cards close to your chest and don't make it easy for internet thieves to steal your data or break into your account.

We have informed Facebook's real security team about this attack, and hopefully they will shut it down soon. In the meantime, don't click on the links.

If you're a member of Facebook, and want to keep up-to-date on security issues including social network threats, don't forget to join the Sophos Facebook page.

Update: Here's another version of the same scam:

Another Facebook phish

, ,

You might like

20 Responses to Fake Facebook Security Team phishes passwords from users

  1. Another give-away is that English is obviously not their first language...
    "Facebook security test to use to ensure that the people on this site are real and does not turn use this site to make mistake against other users. Please verify your account to ensure that this account belongs to you here." ?!?

    • Sounds like what we've seen is a new incarnation of what our friends at F-Secure earlier blogged about.

      • Sean Sullivan · 1206 days ago

        Funny story... I read your post this morning, decided to see if the apps were still online... but I made a typo and typed “support” with two “P”s rather than one.

        And... I found another phishing app. It's an even older version, and the phishing site component is already offline. (Wondering just how long this has been going on...)

        But I guess that's why this version needed to use the misspelling. :-)

  2. lynn brook · 1206 days ago

    thanku very much. i hv had that message twice u hv put my mind at rest now. i just deleted it .but didnt know if my account would b shut down

  3. Beverly Woelm · 1203 days ago

    I got caught upin this scam and I had my bank account cleaned out within hours. Who everis behind this will be caught as it has been reported to the authorities! I am now having a devil of a time signing into Facebook and have been required to change my password atleast 10 times since.
    Other family members are having the same problem when using my desk top computer. I can not do FB on my laptop since this mess started.

  4. Deborah LaPointe · 1201 days ago

    well this happened to me....i wasn't quite awake when i got this scam,and freaked out clicking on the link....i only put my password and when i got to the next page and seen the other info they asked for i knew i had been scammed...but by that time they got in my account and changed my password...so now i can't get in my account....can you PLEASE HELP ME?!?!?!?!?!?! I have been locked out since July 3rd at 5:45 eastern standard time How can I get my facebook back up and running????

  5. r Hanner · 1189 days ago

    Just got a message that the face book team advise me of confidential that I won 500,000.00 GBP on frace book and wanded me to fill out this form. Do not fill out form

  6. AuntRainey · 1185 days ago

    OK, a friend of mine has been lured into this. How does she get out of it?

  7. Jenni · 1183 days ago

    How do you remove them? I know which account it is but when I went to delete them there is no "Unfriend" to click.....this is so aggravating......wish people would get a life and let us play our games.

  8. Kim · 1183 days ago

    OMG..I went to log into my account and it was really locked and wouldn't let me log in. I received an email as above..however didn't go through the link. I reset my password..does that mean I now have a virus too and or the hacker has access to my computer WHAT!!!!

  9. MARIA T PEREIRA · 1169 days ago

    I RECEIVED A MESSAGE FROM SOME ONE POSING AS FACE BOOK ASKING ME TO VERIFY MY ACCOUNT .I DID AND AFTER THAT MY FACE BOOK WAS LOCKED PLEASE HELP ME ON TAKE THE LOCK OF MY ACCOUNT PLEASE TKS FACE BOOK TEAM
    MY NAME IS MARIA TERESINHA PEREIRA

  10. JUDY SARNOWSKI · 1093 days ago

    I GOT THE MESSAGE COPY AND PASTED BELOW.
    8 minutes agoFacebooƙ Securiƫy
    Warning Message:

    You have been asked to help verify who you are because our security system to receive reports from other users that your account has violated a policy that is considered annoying or offending other Facebook users.
    To verify your account, please follow the steps that we have () is set on the page:
    please confirm your account immediately.

    help-center-confirm.co.cc/

    Thanks
    The Facebook Security Team

    THEY ARE ASKING FOR PASSWORDS FOR FACEBOOK AND EMAIL ACCOUTS

  11. Steph Kelly · 1025 days ago

    This situation happened to 2 good friends of mine last night except that instead of 12 hours it has now been changed to 24 hours. Both of my friends temporarily lost their accounts. So far 1 of them has been able to get it fixed and is back on facebook. In addition to hitting their accounts, facebook security (supposedly) showed up in our group chat on facebook under both accounts, thereby causing everyone in our alliance in Kingdoms of Camelot to become extremely upset and panicked that this is going to hit them as well.

  12. Chhavi · 721 days ago

    someone has made a fake account in my name and has uploaded a fabricated snap of mine which is defaming me. I have reported this several times to facebook but I always get a reply to contact that person and ask him to delete it which is not possible. I need you to help me delete that account immediately.

  13. Peggy · 703 days ago

    This is the the scam I just received tonight, When I clicked on the link my WOT popped up I deleted the message right away. How do I notify Facebook?
    They also changed my neicees profile picture to a Facebook logo and changed her name to Fâçebøøĸ Sêƈurîƚy.

    Fâçebøøĸ Sêƈurîƚy

    Our security sуstem detects suspicious activity on your аccount that violates the Тerms of Serviсe (TOS) for making posts that contain pornography, contempt, hatred, threaten, incite, violence, violations of сopyrights or contains nudity.
    Please сonfirm your Fаcebook account immediately if you feel there has been a mistake. If you do not сonfirm, our system will automatically disable your Faсebook acсount.
    Please сonfirm your fасebook acсount on the following link:

    Thank you for helping improve our service. We apologize for the inconvenience.

    Faсеbооk Securitу Team

    Faсеbооk © 2012 Cоpyrіght Nеtwоrk Inс.

  14. kim · 659 days ago

    i am going thru the same thing. i have been asked to verify my account. then they say change my password. i have been going in circles over this and still cant get into my account.

  15. Robyn · 629 days ago

    I have also had my facebook hacked. Same/similar message as Peggy's above. I cannot reset my password as they the hackers have done something to it. I just keep going round in circles as well. I cannot reset because it rejects my original password. so cannot get past that point. There is no one to assist in facebook or no contact number to sort this mess out. what is the security on facebook doing, that these are coming through chat messages.?

  16. joe · 229 days ago

    Why the hell does facebook allow third party hosted content to be accessed or displayed via their 'apps' page functionality. Fail.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

About the author

Graham Cluley runs his own award-winning computer security blog, and is a veteran of the anti-virus industry having worked for a number of security companies since the early 1990s. Now an independent security analyst, he regularly makes media appearances and gives computer security presentations. Send Graham an email, subscribe to his updates on Facebook, follow him on Twitter and App.net, and circle him on Google Plus for regular updates.