Sophos Cloud Optix
Beware, fanboys and fangirls: phishers are targeting Facebook Page owners with a bogus message supposedly sent from Facebook Security.
According to Hoax-Slayer, the scam claims that Facebook is rolling out a new security feature to protect Page owners.
This supposed new security feature is dubbed the “Fan Page Verification Program”.
It does a nice job of flattering suck-up to entice victims into coughing up their Facebook login details, telling targets that they’ve had ever so many stolen Pages lately, and they simply can’t think of what to do about it except just, well, throw up their hands and Delete them all – yes, Delete those bad, bad Pages, with a capital “D”.
All the stolen Pages, that is, except yours, which, gosh, is so popular with its “High Quality Content”.
The message tells victims that they have to click a link and choose a 10-digit security code to complete the process.
Those who don’t comply will see their Page suspended permanently if the process isn’t completed by May 30, 2013, they go on to say.
Here’s an example of this scammy letter that Hoax Slayer posted on Friday:
Dear Facebook User,
You are receiving this message to notify you about the new security feature from Facebook called "Fan Page Verification Program".
After many Fan Pages have been stolen lately leaving us no choice but Deleting them forever, we had to come up with an original solution about the Fan Page's Security.
Luckily, your Fan Page, has a lot of likes and provides High Quality Content, which qualify it for this program.
To complete this process you must choose a 10-digit number (it can be any number) and that number will be assigned as your Security code". This code will be the new passphrase for changing anything important for your Fan Page, like the Admin roles or other important settings.
Please be aware that this process it's open only until 30.05.2013 and it's mandatory to complete it. If you don't, your Fan Page will be suspended permanently since it is not considered safe for the wide audience.
Please visit the link below to complete the process:
[Link Removed]
Facebook Security
Anybody who falls for it and clicks on the link will be whisked away to a spot where they’re told to submit Facebook login details and the so-called 10-digit “Transferring Code”.
Those who complete and submit the form will be presented with a message that says “Step 1: Transferring Code.”
Victims will happily go away, thinking they successfully completed the “procedure” and thereby secured their Page.
In reality, the only procedure victims will have initiated is one to transfer Facebook account login details to crooks who can then hijack their accounts and Pages and torment Facebook users with more spams and scams launched from their victims’ own accounts.
If you receive a message like this one, don’t open any links or attachments.
For more Facebook news, fun and insight, check out the Naked Security Facebook Page.
Image of thief courtesy of Shutterstock.
Image of Facebook scam courtesy of Hoax Slayer.
I never reply to messages from Facebook security, if they don't know who I am they aint Fcebook Security. Open the message enough to see address of sender then block them.
How can anyone be so dumb as to fall for a scam message containing so many errors? Random quotation marks and inverted commas etc. If you can't spot these give-away clues perhaps you deserve to be scammed.
One, I never click links, inspecting them is easy enough to find out if they are legit; and two, go by the grammar. If it is a legitimate Facebook request they will likely never ask for credentials and the grammar will be proper English; reading the above message made me cringe in a few spots.
Besides the poor grammar, the giveaway is the request for your password. FB needs only your login id if it sent the notification.
In addition to all of the other things already mentioned, there is yet another dead giveaway that could easily be missed by Europeans. As a general rule, American companies do not use a DMY format to designate dates, and they certainly don't put periods between the values.
In other news, "That's Ridiculous" is saying that a "Facebook account temporarily blocked because of malware, click here" message is valid, and that Facebook is actually using edge protection software to notify you when it senses affected connections.
Lovely. Now the real messages look and feel just like the scams, but with better grammar.