Facebook 'Account May Not Be Authentic' Phishing ScamOutline
Message purporting to be from Facebook claims that the recipient's Facebook account is to be blocked because the account may not be authentic. The recipient is instructed to click a link to reconfirm the account within 24 hours and is warned that failing to reconfirm will result in permanent removal of the account.
The message is not from Facebook and the user does not need to reconfirm the account as claimed. The message is a phishing scam designed to steal Facebook login details and personal and financial information. If you receive one of these messages, do not click on any links that it contains.
Notice Blocking Facebook Account
We have received feedback that your account may not be authentic. Facebook is a community where people share and interact using real identity.
Please reconfirm your facebook account below:
Click here [Link Removed]
All accounts that are not verified within 24 hours will be removed from our database and the user will not be able to use it again.
Thank you for your attention.
Facebook © 2013 Copyright Network Inc.
This message, which purports to be from Facebook, claims that the user's Facebook account will be blocked unless he or she clicks a link and reconfirms account details. According to the message, the account blocking is because of reports that the account may not be authentic. The user is further warned that, if he or she fails to reconfirm within 24 hours, the account will be removed from the network's database.
However, the message is certainly not from Facebook. Nor is the user required to reconfirm the account to avoid blocking. In fact, the message is a phishing scam designed to trick Facebook users into handing over their account login details as well as their personal and financial information.
Those who fall for the ruse and click the link will first be taken to a bogus Facebook login page as shown in the following screenshot:
After submitting the Facebook login details, victims will then be taken to another bogus form that asks for their email address and email password along with other account related information:
Next, victims will be taken to yet another bogus page that requests their credit card details:
After users click "confirm" on the final form, they will be automatically redirected to the genuine Facebook website. Alas, all of the information they have submitted will be collected by Internet criminals. Armed with this stolen data, the criminals can hijack the compromised Facebook and webmail accounts and use them to initiate further scam campaigns. They are likely to lock the legitimate users out of their accounts. The criminals can also use the stolen information to commit credit card fraud and identity theft.
This type of phishing scam is common and continues to find new victims every day. Similar scam emails - many of which falsely claim to be from "Facebook Security" - have been regularly distributed to Facebook users for several years. The scam messages are often characterized by poor or unusual spelling and grammar. They also tend to feature strange formating of keywords such as "Facebook", apparently in an effort to confuse spam and scam filters.
Be wary of any message purporting to be from Facebook that claims that you must follow a link to verify your account. Always login to your Facebook account by entering the address in to your browser's address ba rather than by clicking a link in an unsolicited email.
Last updated: November 8, 2013
First published: April 24, 2013
By Brett M. Christensen
Alert From Facebook Security Team Phishing Scam
Facebook Team Security 2013 Phishing Scam - 'Last Warning - Your Account Will Be Disabled'