A phishing scam is making the rounds on Facebook pages – two of our clients got hit with it this week.
The scam arrives as a private message in your Inbox, supposedly from “The Facebook Support Team.” The message reads:
“We received reports that you’re making copyright violations on your Facebook page.”
The message instructs you to click a link within 48 hours to verify your account. If you don’t, the message warns, your account may be suspended.
If you were to click the link (DON’T CLICK IT!), you would be routed to a “spoof” site — a Facebook login page that looks real, but isn’t.
If you were to enter your Facebook login information (again, DON’T DO IT!), you would have given a hacker complete access to your account, including your Facebook ads account, your private Groups — the whole ball of wax.
What is phishing?
You may be wondering what the word “phishing” means. One of our clients calls it “fishing,” which is a very good description. According to Wikipedia (the source of all things true and otherwise), phishing is:
“The attempt to acquire sensitive information such as usernames, passwords, and credit card details (and sometimes, indirectly, money), often for malicious reasons, by masquerading as a trustworthy entity in an electronic communication… “phishing” is a homophone of “fishing” due to the similarity of using fake bait in an attempt to catch a victim.”
So, our client was entirely correct in calling it “fishing.”
How to spot a Facebook phishing scam
When I looked at the message, I immediately noticed that the Facebook icon/avatar/logo that identified who the message was from was not the Facebook logo. Big clue there.
I also noticed that the link I was instructed to click was not a “facebook.com” address. If Facebook had, indeed, messaged me, the URL would have included “facebook.com,” not some unrecognizable shortened link.
I also knew that Facebook would never send me this type of message – they’d simply block my account without any notice at all, and I’d have to attempt to get ahold of their Customer Support department (this post on BloggingBistro.com provides links to several social networks’ Customer Support, including Facebook’s).
What to do when you suspect a phishing scam
Do not click the link in the message. Ever. In fact, I’d be careful about clicking links in any private messages, even if you know the sender personally. What if your real-life friend got caught in a phishing scam? What if that message/link you assume is from your friend is really a hacker?
If you DO click the link — or even worse — sign in to Facebook via the “spoof” page, immediately change your Facebook password. From your real account, of course.
Do not reply to the message. You may feel tempted to share a few choice words with the fraudster, but avoid the temptation. When you reply, you have just confirmed to the scammer that you are a real person, and that you read and paid attention to their message. Replying may result in an onslaught of phishing attacks.
Immediately report the message as spam. Every private message you receive has an “Actions” tab in the upper right-hand corner of the message. Click the downward-pointing arrow and select “Report.” Follow the prompts.
Have you been hit with a Facebook phishing scam? What action did you take? Let’s learn from one another’s experiences.