Skip to content
by
  • Products
  • Free Tools
  • Search
  • Free Sophos Home
XG Firewall
Next-Gen Firewall
Intercept X
Next-Gen Endpoint
  • Sophos Cloud Optix
  • Sophos Central
  • Sophos Mobile
  • Intercept X for Server
  • Secure Wi-Fi
  • Phish Threat
  • SafeGuard Encryption
  • Secure Email
  • SG UTM
  • Secure Web Gateway
For Home Users

Sophos Home protects every Mac and PC in your home

Learn More
Free Security Tools
Free Trials
Product Demos
Have you listened to our podcast? Listen now

Phishing scam threatens to delete Facebook accounts in 24 hours

23 Nov 2011 8 Facebook, Phishing, Privacy, Social networks, Spam
Man being phished

Post navigation

Previous: Thanksgiving: eat the bounty, hang out with family and update web browsers
Next: Fake iTunes gift certificate delivers a load of malware for Black Friday shoppers
by Lisa Vaas

PhishedFacebook phishing emails are threatening to delete users’ Facebook accounts unless the victims pass along their account details within 24 hours.

The phishing messages are charging Facebook users with violating policy regulations by annoying or insulting other Facebook users. The messages are then requesting personal and financial information including Facebook login details and part of recipients’ credit card numbers.

The emails are entirely bogus. They are not coming from Facebook. Social media venues would not request financial information, nor would they request login details.

The scams are, in fact, designed to steal credit card numbers and social media accounts, likely in order to further spread scams and bilk victims.

As pointed out by Hoax-Slayer, scammers can use the ill-gotten information to hijack a user’s Facebook account. Then, posing as the account holder, the criminals can send out more scam messages and spam to a victim’s Facebook friends, bolstered by the trust users place in their friends.

Once a criminal has gained access to a victim’s account, they will likely lock out the original account holder by changing account passwords and email addresses. With the credit card information, fraudsters can conduct identity theft and other malicious financial activity.

A typical phishing scam reads like this, according to Hoax-Slayer:

LAST WARNING : Your account is reported to have violated the policies that are considered annoying or insulting Facebook users. Until we system will disable your account within 24 hours if you do not do the reconfirmation.

Please confirm your account below:

[Link Removed]

Thanks.

The Facebook Team

Copyright facebook © 2011 Inc. All rights reserved.

Recipients who click the link will be presented with a fake Facebook “Account Disabled” web form. The form asks for Facebook login details including email, password, Facebook security question, Facebook security answer, the first six digits on the user’s credit card number, and their country of residence.

After completing this first form, the victims are taken to a second form labelled “Confirm to your webmail” that requests webmail program and password.

If that’s not enough, handing over this information will lead victims to yet a third bogus form, labeled “Terms of Service.” This form again asks for user name and the first six digits of the user’s credit card and sternly warns victims that their accounts more or less will be lined up in front of a firing squad and shot at dawn unless they comply.

If you ignore this warning, then our security system will block your account automatically.

A similar recent Facebook scam purporting to be from Facebook Security claimed to be watching out for users’ accounts being accessed by unauthorized parties. Here’s the text, again from Hoax-Slayer:

Subject: Did you log into Facebook from somewhere new?

Dear [Username removed]

Your Facebook account was recently logged into from a computer, mobile device or other location you've never used before. We have reviewed your account activity, and we get information about possible unauthorized access to your Facebook. We have provided a warning to you via email, but you do not respond to our notification.

"Your account was accessed from a new location : Anonymous Proxy."

If you are not signing into your Facebook account from "Anonymous Proxy", your Facebook account may have been compromised. We recommend immediately verify your account by carefully on the link below to protect your Facebook account. It may take a few minutes of your time to complete your data.

Please be sure to visit the Facebook Service Account for further information regarding these security issues.

***********************************

[link to scam page removed]

***********************************

Note : If within 12 hours, you have not verified your account, then you have ignored our notifications. Therefore, your account is permanently suspended, and will not be reactivated for any reason.

Thanks,

Facebook Security Team

Facebook account details New day, new attempt. All these phishing scams boil down to a naked grab for your account details. Remember, neither Facebook nor other reputable social media sites would ask for this information. The mere request is a surefire way to suss out bogosity.

Another bogosity beacon: note the grammatical and spelling errors these messages tend to sport. “Until we system will disable your account,” the current one reads.

That’s just frosting on the bogosity cake.

Stay safe, and don’t click on links from the likes of these scammers. And while you’re at it, if you’re in the US, take some Thanksgiving holiday time to update your parents’ browsers, as The Atlantic suggests and Sophos’s Carole Theriault seconds.

  • Follow @NakedSecurity on Twitter for the latest computer security news.

  • Follow @NakedSecurity on Instagram for exclusive pics, gifs, vids and LOLs!

Free tools

Sophos Firewall Home Edition

Boost your home network security.

Sophos Scan & Clean

Free second-opinion scanner for PCs.

Sophos Cloud Optix

Monitor 25 cloud assets for free.

Post navigation

Previous: Thanksgiving: eat the bounty, hang out with family and update web browsers
Next: Fake iTunes gift certificate delivers a load of malware for Black Friday shoppers

8 comments on “Phishing scam threatens to delete Facebook accounts in 24 hours”

  1. Richard says:
    November 23, 2011 at 9:13 pm

    "Social media venues would not request financial information …"

    But they're not above demanding copies of your passport or drivers licence to prove you haven't given them a false name:
    http://nakedsecurity.sophos.com/2010/11/16/bug-ca…

    Reply
  2. GoBleep says:
    November 23, 2011 at 10:04 pm

    LOL I HAVE sent them to a bogus email that WORKS, noone_is@live.ca LOL and gave them the info to a profile in that email that tells them to go "bleep" themselves LOL (thats the profilers name – GoBleep Yourself) … LOL believe me it's funny as heck when I get mail back in there that says HUH? LOL

    Reply
  3. Andrew says:
    November 23, 2011 at 10:22 pm

    "Your account is reported to have violated the policies that are considered annoying or insulting Facebook users."

    The phishermen are at least letting facebook users know that the policies of facebook are annoying and insulting to users.

    Reply
  4. Robert Gracie says:
    November 24, 2011 at 12:49 pm

    I have seen this all before guess where it lands up in my inbox….SPAM folder cause I just know its fake because facebook wouldnt send you an email telling you they have disabled your account I know some RPers that this has happened to and they have said to me that there has been no email sent to them before their account was terminated

    Reply
    • Alexandra Miscevich says:
      November 30, 2011 at 9:12 pm

      Is there anyone on here who can help me because THIS HAS HAPPENED TO ME! I have NOT stupidly shared personal information like that, but I had a guy who was on my friends list (who was obviously phished before I was) ask me if I could help him with survey questions for a class.

      Being nice, I helped and answered some questions like "what is your favorite musicians last name" or "Who are your top three favorite musicians". None of these are answers to my security questions but it WAS for an old email of mine. The old email that I had hooked up to my FB profile when I created it years ago. Apparently even though I changed my email that is associated with my page like 2 years ago, FB was still sending notifications to the old email as well.

      Reply
  5. Luz M Rahla says:
    December 12, 2011 at 4:20 am

    I just got it too, did send my info but nor my CC number, now what? Do I changed my password?

    Reply
    • Anonymous says:
      July 20, 2016 at 8:43 pm

      Me 2 i gave them everything but the credit card

      Reply
  6. Julia Mercer says:
    September 20, 2015 at 11:29 pm

    They are hitting the Caesars Windsor visitor posts, now they are sneaking under Recovery Message with the same BS, I have been reporting all of them, but they shouldn’t be on there in the first place!

    Reply

What do you think? Cancel reply

Recommended reads

Feb06
by Paul Ducklin
0

Tracers in the Dark: The Global Hunt for the Crime Lords of Crypto

Nov10
by Paul Ducklin
2

Emergency code execution patch from Apple – but not an 0-day

Dec14
by Paul Ducklin
2

Apple patches everything, finally reveals mystery of iOS 16.1.2

  • About Naked Security
  • About Sophos
  • Send us a tip
  • Cookies
  • Privacy
  • Legal
  • Intercept X
  • Intercept X for Server
  • Intercept X for Mobile
  • XG Firewall
  • Sophos Email
  • Sophos Wireless
  • Managed Threat Response
  • Cloud Optix
  • Phish Threat
© 1997 - 2023 Sophos Ltd. All rights reserved. Powered by WordPress VIP