Sophos Cloud Optix
A number of Facebook users have reported to us receiving mysterious messages, seemingly from Facebook’s security team, telling them that their accounts have been suspended.
The spam messages, however, are not legitimate.
In reality they have been sent out by fraudsters posing as Facebook’s real security team, with the intention of phishing credentials from unsuspecting users.
Part of the message reads:
We have reviewed the suspension on your account. After reviewing your account activity, it was determined that you were in violation of our Terms of Service. We have provided a warning to you via email, but you do not respond to our notification. Therefore, your account is permanently suspended, and will not be reactivated for any reason.
If you think this is a mistake, please verify your account on the link below. This would indicate that your account does not have a violation in playing on our application. We will immediately review your account activity, and we will notify you again via email.
Note : If within 12 hours, you have not verified your account on our link, then you have ignored our notifications. Therefore, your account is permanently suspended, and will not be reactivated for any reason.
One curious thing about the message is that it comes from Ŧacẻbóok Sẻcurƚy – clearly someone using non-standard characters in an attempt to fool the unwary into believing that they represent Facebook’s Security Team.
The eagle-eyed amongst you will also notice the spelling mistake in the url that you are asked to click on – another hint that something strange is afoot.
But obviously there is a danger that some people will be so freaked out by the possibility that their Facebook account will be permanently suspended that they will rush into clicking on the link without thinking of the possible consequences.
If you do click on the link you are taken to a phishing webpage which asks you to enter an array of personal information.
The use of official Facebook images is deliberate – designed to trick the unwary into believing they are sharing their name, email address, password, credit card details, date of birth and answers to secret questions with Facebook’s team.
Cybercriminals could use the information to break into your Facebook account, or send further malicious attacks directly to your email address. You should always take great care to keep your passwords and personal information secure – play your cards close to your chest and don’t make it easy for internet thieves to steal your data or break into your account.
We have informed Facebook’s real security team about this attack, and hopefully they will shut it down soon. In the meantime, don’t click on the links.
If you’re a member of Facebook, and want to keep up-to-date on security issues including social network threats, don’t forget to join the Sophos Facebook page.
Update: Here’s another version of the same scam:
Another give-away is that English is obviously not their first language…
"Facebook security test to use to ensure that the people on this site are real and does not turn use this site to make mistake against other users. Please verify your account to ensure that this account belongs to you here." ?!?
http://www.f-secure.com/weblog/archives/00002196…. no "copy paste" please 🙂
Sounds like what we've seen is a new incarnation of what our friends at F-Secure earlier blogged about.
Funny story… I read your post this morning, decided to see if the apps were still online… but I made a typo and typed “support” with two “P”s rather than one.
And… I found another phishing app. It's an even older version, and the phishing site component is already offline. (Wondering just how long this has been going on…)
But I guess that's why this version needed to use the misspelling. 🙂
thanku very much. i hv had that message twice u hv put my mind at rest now. i just deleted it .but didnt know if my account would b shut down
I got caught upin this scam and I had my bank account cleaned out within hours. Who everis behind this will be caught as it has been reported to the authorities! I am now having a devil of a time signing into Facebook and have been required to change my password atleast 10 times since.
Other family members are having the same problem when using my desk top computer. I can not do FB on my laptop since this mess started.
well this happened to me….i wasn't quite awake when i got this scam,and freaked out clicking on the link….i only put my password and when i got to the next page and seen the other info they asked for i knew i had been scammed…but by that time they got in my account and changed my password…so now i can't get in my account….can you PLEASE HELP ME?!?!?!?!?!?! I have been locked out since July 3rd at 5:45 eastern standard time How can I get my facebook back up and running????
http://www.facebook.com/hacked
Go to that and you can send them a message letting them know that someone hacked your account and you can't get into it.
Just got a message that the face book team advise me of confidential that I won 500,000.00 GBP on frace book and wanded me to fill out this form. Do not fill out form
OK, a friend of mine has been lured into this. How does she get out of it?
How do you remove them? I know which account it is but when I went to delete them there is no "Unfriend" to click…..this is so aggravating……wish people would get a life and let us play our games.
OMG..I went to log into my account and it was really locked and wouldn't let me log in. I received an email as above..however didn't go through the link. I reset my password..does that mean I now have a virus too and or the hacker has access to my computer WHAT!!!!
I RECEIVED A MESSAGE FROM SOME ONE POSING AS FACE BOOK ASKING ME TO VERIFY MY ACCOUNT .I DID AND AFTER THAT MY FACE BOOK WAS LOCKED PLEASE HELP ME ON TAKE THE LOCK OF MY ACCOUNT PLEASE TKS FACE BOOK TEAM
MY NAME IS MARIA TERESINHA PEREIRA
I GOT THE MESSAGE COPY AND PASTED BELOW.
8 minutes agoFacebooƙ Securiƫy
Warning Message:
You have been asked to help verify who you are because our security system to receive reports from other users that your account has violated a policy that is considered annoying or offending other Facebook users.
To verify your account, please follow the steps that we have () is set on the page:
please confirm your account immediately.
help-center-confirm.co.cc/
Thanks
The Facebook Security Team
THEY ARE ASKING FOR PASSWORDS FOR FACEBOOK AND EMAIL ACCOUTS
This situation happened to 2 good friends of mine last night except that instead of 12 hours it has now been changed to 24 hours. Both of my friends temporarily lost their accounts. So far 1 of them has been able to get it fixed and is back on facebook. In addition to hitting their accounts, facebook security (supposedly) showed up in our group chat on facebook under both accounts, thereby causing everyone in our alliance in Kingdoms of Camelot to become extremely upset and panicked that this is going to hit them as well.
someone has made a fake account in my name and has uploaded a fabricated snap of mine which is defaming me. I have reported this several times to facebook but I always get a reply to contact that person and ask him to delete it which is not possible. I need you to help me delete that account immediately.
This is the the scam I just received tonight, When I clicked on the link my WOT popped up I deleted the message right away. How do I notify Facebook?
They also changed my neicees profile picture to a Facebook logo and changed her name to Fâçebøøĸ Sêƈurîƚy.
Fâçebøøĸ Sêƈurîƚy
Our security sуstem detects suspicious activity on your аccount that violates the Тerms of Serviсe (TOS) for making posts that contain pornography, contempt, hatred, threaten, incite, violence, violations of сopyrights or contains nudity.
Please сonfirm your Fаcebook account immediately if you feel there has been a mistake. If you do not сonfirm, our system will automatically disable your Faсebook acсount.
Please сonfirm your fасebook acсount on the following link:
Thank you for helping improve our service. We apologize for the inconvenience.
Faсеbооk Securitу Team
Faсеbооk © 2012 Cоpyrіght Nеtwоrk Inс.
i am going thru the same thing. i have been asked to verify my account. then they say change my password. i have been going in circles over this and still cant get into my account.
I have also had my facebook hacked. Same/similar message as Peggy’s above. I cannot reset my password as they the hackers have done something to it. I just keep going round in circles as well. I cannot reset because it rejects my original password. so cannot get past that point. There is no one to assist in facebook or no contact number to sort this mess out. what is the security on facebook doing, that these are coming through chat messages.?
Why the hell does facebook allow third party hosted content to be accessed or displayed via their ‘apps’ page functionality. Fail.
I received a fake message through messenger saying my account was going to be blocked until I could verify certain information because other users had reported my page for obscenity and I knew that was untrue so I blocked the person so maybe Facebook can trace whoever it is through the account I blocked?
My name is Joe bottomley, on old school friend contacted me last night and scammed me. They got a lot of information out of me. Even a picture of my driver’s license. I can’t believe I trusted him, it turns out it wasn’t him. Please help me regain my Facebook account. He’s using it right now.
You’ll have to approach Facebook for help with that.