Semalt: How To Deal With Facebook Scam Claiming "Your Account Will Disable"
Michael Brown, the Semalt Customer Success Manager, warns all Internet users that there is a particular type of phishing attempt that hackers use by targeting Facebook users. The notification is usually in the form of a post indicating that the current Facebook account is about to get disabled. The reasons given are that the user puts down a fake name on his or her account, posts offensive content on their timeline, or other issues that other Facebook users may have reported. Nevertheless, it tells the user not to worry as they can help fix this problem. They then provide a link which they are then to click, which supposedly re-confirms the legitimacy of their account.
Phishing is an activity by hackers where they disguise themselves as a real entity to trick users into providing their personal information. In the case above, hackers impersonate the Facebook Security team. The message appears to have come from them and has the Facebook Team's seal to make it look like the company signed off on it.
The message has all the defining characteristics of a phishing scam. The design of the message is to lure unknowing users to click on the link and then divulge their Facebook details. The most sought-after details are the account login details, together with the password that goes with it. On clicking the link, it redirects them to a page that closely resembles that of Facebook and then asks for the email and password. Once the person enters these details, a popup window appears indicating that they have successfully confirmed the account and resolved the issue. Consequently, the page reloads and then takes the user back to the original, and real Facebook page.
The problem begins after this information is in the hands of the phishing criminals. They may use it to lock the user out of their account and convert it to become a source from which spam and scam messages spread out to other users. Since the messages will bear the owner's name, the recipients of the message will not consider the email harmful. They may also opt to change the name of the account to read "Facebook Security" and then send out similar messages to people on the contact list. An official Facebook page exists already which is why these criminals have to get creative with their name structures. They do so by adding strange characters to their name. Since users may also find themselves giving out their email and passwords, phishing hackers may also add them to their arsenal of spam and scam campaigns.
The same hackers may use the fake pages to post "account disabled" messages on the public comments page. Once they do so, the original author receives a notification which may look like it came from the Facebook Security team.
It is important for users to take note of posts, messages, or emails from people claiming to be part of the Facebook support team especially if they insist that the link they provide will help solve a certain problem. The message has unusual grammar, weird characters, links, and attachments. If one is wary of an issue with their account, they should type the URL in the browser's address bar or through the company's app. Any problem with the account should appear when they log in.