Facebook is a breeding ground for scammers, cybercriminals and mischief-makers. If you don't have your wits about you, you might be easy prey for the bad guys.
A number of Facebook-using Naked Security readers have been in touch regarding a message they have seen from their friends, pointing them to what appears to be an official-looking notice from Facebook:
Warning : Announcement from Facebook Verification Team: All Profiles must be verified before 15th June 2012 to avoid Scams under SOPA and PIPA Act. The unverified accounts will be terminated. Verify your Account by steps below.
June 15th? Isn't that today?
It's certainly strange that this account verification process is happening on Facebook, and yet none of the media are writing about it.
The truth, of course, is that the message is bogus. It may claim to be trying to fight "scams under [the] SOPA and PIPA Act" (it's not clear how those would be appropriate legislation to fight scams by the way), but the truth is that the advisory is the scam itself.
Ask yourself, why would Facebook encourage you to share the advisory with your Facebook friends? Surely it's within their power to send a message like this to all Facebook users without having to ask for your help!
And if you click on the "Verify my Account now" link you are asked to approve a third-party app which will then have unfettered access to your Facebook profile, and be able to post messages in your name on your behalf.
You should always be very careful, of course, about allowing applications to read and write to your Facebook profile. And this time is no exception.
Clearly rogue applications like this could be used for scooping up personal information, or spreading spam and scams across the social network.
So if you fell for it, remove the messages from your timeline, revoke the app's publishing rights and report it as spam to Facebook, and ensure that you have revoked its access to your account.
It would also be good if you reported any sightings of the rogue app, or the posts it makes, to Facebook's security team by labelling them as spam.
By the way, Sophos's security products can intercept the offending webpage, and prevent you from blundering into making a bad decision.
Make sure that you keep informed about the latest scams spreading fast across Facebook and other internet attacks. Join the Sophos page on Facebook, where over 180,000 people regularly share information on threats and discuss the latest security news.
Follow @gcluley
![Have your say - LulzSec: helpful, harmless or hideous? [VOTE NOW]](http://sophosnews.files.wordpress.com/2013/05/lulzsec-poll-thumb.jpg?w=75&h=75&crop=1)
![Password security infomerical leaves Ellen DeGeneres in disbelief.. and it will you too [VIDEO]](http://sophosnews.files.wordpress.com/2013/04/ellen-thumb.jpg?w=75&h=75&crop=1)
![Can multiple moving cursors really hide your password from spyware and peepers? [VIDEO]](http://sophosnews.files.wordpress.com/2013/03/cursors-thumb.jpg?w=75&h=75&crop=1)
![Hacked TV channels broadcast zombie apocalypse emergency alert [VIDEO]](http://sophosnews.files.wordpress.com/2013/02/zombie-thumb.jpg?w=75&h=75&crop=1)
how do I clean my FB account if I already accepted it?????
You should look into the "Apps" you have accepted access and revoke the assess.
Account settings > Apps> Remove the app.
I think facebook has a sideline of selling phone numbers to robocall centers; there is absolutely no reason to collect phone numbers.
I don't think it's likely that Facebook needs to sell phone numbers to third parties without permission. Times aren't quite that tough for Master Zuckerberg.
i think so too
Hi Graham. I would like to know how to verify the account of James Ian Collins @ facebook.com if he is real or not? Please advise.
Ummm.. why not ask the real James Ian Collins face to face in real life? I can't imagine how else you would be sure.
Can you help me? I am in tears because I cannot get into my Facebook account. I own blog and cannot publish to my fan page either. I got this same message telling me that I was not a real person and I had to verify my identity. How can I fix this? I already was scammed because I gave them my phone number and scanned my ID. I do not know how to get into my account though...do you know how I can??