There are numerous phishing emails and text messages that try to trick victims into giving away confidential information like account sign-on details or credit card numbers.
Usually, these messages claim the victim’s account has been frozen until they sign on again by clicking a link that leads to a bogus page imitating the real provider of the account.
These can usually be spotted easily but there is a new phishing scam. This is in the form of a comment on an item on the user’s Facebook page.
The Scammer creates an account with an official sounding, security related name, so the victim may believe the comment has come from Facebook. The comment maker then warns that the user’s account is to be disabled unless the user verifies their details.
The warning says something like :
“Your page has been reported by others about the abuse, this is a violation of our agreement and may result in your page Disabled. Please verify your email account to prove this is your page and help us do more for security and comfort for everyone. Please check your account as proof of legitimate owner of the account that you use. Make sure you enter the correct details below.”
The message has two boxes for recipients to enter their email address and their Facebook password, along with date of birth details and a “Confirmation” button, which is linked to a bogus Facebook page.
In both cases, after providing their sign-on information, victims are asked for their credit card number.
The message warns: “Caution. If you do not update your credit card your payment page will be disabled.”
Sometimes, there’s also a link to a phony PayPal sign-on page.
This is quite a complex and well-executed scam but hopefully the poor wording will flag it up for what it really is. Even if Facebook stop this scam, other scammers are likely to will try something similar.
Facebook has pages of information and guidance about security and what to do in the event you think there is something suspicious in progress.