Hotmail and Gmail users need to be on the lookout for a bogus message allegedly from the Facebook Support team. The scam email, which was highlighted by cybersecurity experts at Trustwave, claims a Facebook user’s account is at risk of being deleted after it was found to breach community standards. The Facebook user is told to click on a link to allegedly have a chat with the Facebook support team on Messenger, but it is all merely an elaborate ploy to steal a victim’s login details.
The Trustwave report highlighted one of the scam messages they spotted, which is labelled ‘new message from Facebook’.
The email said: “Your Page has been scheduled for deletion after violating our Community Standards.
“If we don’t hear from you within 48 hours, the page in question will be automatically deleted. You can appeal this decision below by visiting your support inbox”.
The email then has an Appeal Now button that Hotmail, Gmail, Outlook and other client users can click on.
However, once tapped they are directed to a fake Facebook appeals page and a bogus Messenger chat which is hosted by Google Firebase.
This is all done to make the con seem more convincing, with Facebook users asked to provide their full name, email address, page name and mobile number as part of the appeals process.
Facebook users were also asked to provide two-factor authentication details as well if this was enabled on their account.
If Facebook users provide these details, not only can it lead to them being locked out of their accounts but if they re-use passwords across multiple services it could lead to hackers getting the keys for a whole host of other services.
For instance, if a person uses the same email address and password on their Facebook account as they do for services like Amazon the scam could lead them to be severely out of pocket.
Thankfully, after Trustwave noticed this scam fake Facebook pages associated with the con and the phishing website has been taken down.
But Trustwave said “there is no reason to believe another threat actor might not use the same tactic in the future.”
Speaking about the threat, Trustwave said: “Chatbots serve a huge purpose in digital marketing and live support, so it is no wonder that cyber attackers are now abusing this feature. People are not inclined to be suspicious of its contents, specially if it comes from a seemingly genuine source.
“The fact that the spammers are leveraging the platform that they are mimicking makes this campaign a perfect social engineering technique.”
To help you stay clear of such scams, there are a few red flags to lookout for which were seen in this Facebook Messenger scam that showed it was a fake. The most obvious one being the sender’s email address for the initial message users received claiming their Facebook account was at risk.
Instead of the message being sent from an official Facebook domain the sender’s email was a garbled address which doesn’t look official.
This is a clear giveaway that the message allegedly from Facebook is a fake. Other signs the email was bogus were grammatical errors which shouldn’t be found in official correspondences. If you ever receive a message you’re not sure about the easiest thing you can do to check if it is genuine is to get in touch with the organisation in question.
Head to that firm’s official website, get their contact details and reach out. While this will take you some time it will save you a lot more in the time that would be lost and stress caused if you did end up falling victim to such a scam.