Published: November 25, 2023 on our newsletter Security Fraud News & Alerts Newsletter.
If an email pops-up saying your Facebook account will be suspended, pay close attention. A new scam by cyber-crooks wants to steal your login information and other PII using their clever lure. With nearly 3 billion active Facebook (FB) users, this unique approach to data theft has more than enough prospective victims, so read on to make sure you won’t be one of them.
The bogus email claims other Facebook users reported you for making posts that violate Facebook’s content policy. As such, the email from “The Facebook Team” warns your account will be disabled and your page removed. Some refer to it as being in “Facebook Jail.”
But no worries about this accusation because the email provides a series of links that finally bring you to a website where you can fill out an appeal form. In reality, the form is linked to a credential-phishing site. Just enter your plea, provide your FB login data, email address, and other sensitive PII. However, there’s much more to it than it appears.
Know that the information you just provided goes directly to the remote attacker. Then, the attacker can login to your FB account, steal information from it and possibly leave you locked-out. Should a victim reuse their FB password and FB email address for other accounts and apps, the attacker now has rights to them all. That’s your reminder to never reuse login credentials. Each website for which you have an account should have its own login and password combination. Don’t forget to use strong passwords for each of them.
Clues to this Credential Phishing Attack
Knowing what the clues are to this “FB” email attack can keep you from becoming the next victim, so look closely and stay safe.
The email content creates a sense of urgency, hoping to get a rushed response. Never let urgency, scare tactics or threats make you act quickly.
Although the email looks like it’s from FB, a look at the sender’s address shows it’s not.
Sending a response to the email finds it doesn’t go to FB, but rather to an unrelated Gmail address.
As you should with all other emails and chat messages too, don’t click on any links in their messages
The safest response to an email about any account issue, urgent or not, is to go directly to the legitimate website and login. There you’ll find out if the email is for real, and the risk of clicking on a potentially corrupt email link is put to rest.
Keep up to date: Sign up for our Fraud alerts and Updates newsletter
Want to schedule a conversation? Please email us at firstname.lastname@example.org