Facebook Account Verification scam tricks unsuspecting users with SOPA/PIPA warning

Filed Under: Facebook, Featured, Rogue applications, Social networks, Spam

Facebook is a breeding ground for scammers, cybercriminals and mischief-makers. If you don't have your wits about you, you might be easy prey for the bad guys.

A number of Facebook-using Naked Security readers have been in touch regarding a message they have seen from their friends, pointing them to what appears to be an official-looking notice from Facebook:

Facebook scam

Warning : Announcement from Facebook Verification Team: All Profiles must be verified before 15th June 2012 to avoid Scams under SOPA and PIPA Act. The unverified accounts will be terminated. Verify your Account by steps below.

June 15th? Isn't that today?

It's certainly strange that this account verification process is happening on Facebook, and yet none of the media are writing about it.

The truth, of course, is that the message is bogus. It may claim to be trying to fight "scams under [the] SOPA and PIPA Act" (it's not clear how those would be appropriate legislation to fight scams by the way), but the truth is that the advisory is the scam itself.

Ask yourself, why would Facebook encourage you to share the advisory with your Facebook friends? Surely it's within their power to send a message like this to all Facebook users without having to ask for your help!

And if you click on the "Verify my Account now" link you are asked to approve a third-party app which will then have unfettered access to your Facebook profile, and be able to post messages in your name on your behalf.

Facebook scam

You should always be very careful, of course, about allowing applications to read and write to your Facebook profile. And this time is no exception.

Clearly rogue applications like this could be used for scooping up personal information, or spreading spam and scams across the social network.

So if you fell for it, remove the messages from your timeline, revoke the app's publishing rights and report it as spam to Facebook, and ensure that you have revoked its access to your account.

Facebook scam

It would also be good if you reported any sightings of the rogue app, or the posts it makes, to Facebook's security team by labelling them as spam.

By the way, Sophos's security products can intercept the offending webpage, and prevent you from blundering into making a bad decision.

Facebook scam

Make sure that you keep informed about the latest scams spreading fast across Facebook and other internet attacks. Join the Sophos page on Facebook, where over 180,000 people regularly share information on threats and discuss the latest security news.

, , , , , ,

You might like

8 Responses to Facebook Account Verification scam tricks unsuspecting users with SOPA/PIPA warning

  1. charo · 676 days ago

    how do I clean my FB account if I already accepted it?????

    • Chris Appleyard · 673 days ago

      You should look into the "Apps" you have accepted access and revoke the assess.
      Account settings > Apps> Remove the app.

  2. I think facebook has a sideline of selling phone numbers to robocall centers; there is absolutely no reason to collect phone numbers.

    • Graham Cluley · 561 days ago

      I don't think it's likely that Facebook needs to sell phone numbers to third parties without permission. Times aren't quite that tough for Master Zuckerberg.

  3. Florence · 503 days ago

    Hi Graham. I would like to know how to verify the account of James Ian Collins @ facebook.com if he is real or not? Please advise.

    • Ummm.. why not ask the real James Ian Collins face to face in real life? I can't imagine how else you would be sure.

  4. Crystal A. · 406 days ago

    Can you help me? I am in tears because I cannot get into my Facebook account. I own blog and cannot publish to my fan page either. I got this same message telling me that I was not a real person and I had to verify my identity. How can I fix this? I already was scammed because I gave them my phone number and scanned my ID. I do not know how to get into my account though...do you know how I can??

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

About the author

Graham Cluley is an award-winning security blogger, and veteran of the anti-virus industry having worked for a number of security companies since the early 1990s. Now an independent security analyst, he regularly makes media appearances and gives computer security presentations. Send Graham an email, subscribe to his updates on Facebook, follow him on Twitter and App.net, and circle him on Google Plus for regular updates.