Now, scammers entered into the biggest social networking site Facebook and trying to make money with it. How?
How the New Facebook Scam Wants to Steal Your Log-in Details and Money
This is all because of Users’ carelessness and non-observation. We all know that millions of people use Facebook. Daily we do activities like adding strangers (you may or may not), making conversations, sending and receiving data, etc.
Some will use it for Personal use and some may use it for Business purposes. But, these few people called SCAMMERS using Facebook to earn money and login details from innocent people like you. We give you all the information regarding the scam and we suggest you few things to be aware of such scams which are happening on our social networking sites.
A new wave of scam messages is being received by Facebook users, and its authors may have a good deal of success in stealing logins and Credit Card details. The scam involves replies made to users’ posts informing them that their accounts may have to be suspended due to reports of abuse.
The only way to prevent the suspension, according to the scam messages, is to enter your login credentials and update your payment information in Facebook’s system. If you log in and update your credit card information, then you are in danger.
If you see a message posted in response to one of your messages on Facebook from an account called “Facebook recovery,” report it immediately. “No, your account is not in danger of being suspended. Instead, you are targeted by a Scammer in Facebook”.
As noted on the Malwarebytes blog, the scam messages look like this:
We’ve seen a certain j.mp shortened URL being shared by what we believe are rogue (if not compromised) accounts within Facebook a couple of days ago.
In the above image we recovered, the URL in question is part of a message from another account called “Facebook recovery” a truly fake one, if I may add, that is up to task of notifying users that their accounts have been reported for abuse and will likely be disabled if they don’t act on the notice ASAP.
Notification: Your Account will be Disabled!
Account FACEBOOK you have already been reported by others about the abuse of account, this is a violation of our
agreement and may result in your account is disabled. Please verify your email account to unblock and help us do more
for security and convenience for everyone.
Immediately do recover your Facebook account, by clicking on the link below:
If you ignore this message, we can not recover your account and your account will be permanently disabled.
Sorry to interrupt your convenience.
The Facebook Team
Observe the below image. The URL in that image hides the Phishing Page:
The blurb on the page is the same as the spammed message on Facebook.
Once a user enter the login credentials and asked to click Log In, data is posted to recovery.php, and then users are redirected to this payment page, which asks for his/her full name, credit card details, and billing address:
We have no idea why all of a sudden the account that claims to be a legitimate entity from Facebook is asking for a form of monetary compensation for the recovery of accounts. Perhaps that is what the phishers meant when they said “help us do more for security and convenience for everyone”.
We have looked at the stats for the j.mp URL and found that it didn’t yield that many clicks from the time of its creation up to the present. We do notice that most of the days, no clicks were recorded.
It’s highly likely that the URL is not shared during these days, making it less visible than your average malicious URL. Less visibility means that potentially less companies would be able to block it due to flying under the radar. VT results for the j.mp URL shows this. Furthermore, the majority of clicks are mostly from Asian countries and the United States.
After a simple search in Facebook regarding “FACEBOOK RECOVERY”, there are nearly 35+ accounts with this string.
Most of the accounts are sharing questionable links. One of the group is offering Facebook support with a Phone number ” 1-888-901-5314″ which is fake technical support scams.
Checking the number it’s advertising—1-888-901-5314—we found that several users reported calling the number asking for assistance regarding their accounts and was charged with no less than $150 to, say, delete their accounts on Facebook.
Here, the secret revealed is, the number which is given as Technical support is the same number of McAfee. The page itself no longer exists, but able to retrieve a cached copy of it to show below:
If you see posts on your feed that appear similar to the Facebook post we discussed here, whether it continues to bear the same URL or not, it’s best to ignore it and warn your network about an on-going spam campaign.
If any of you people faced or facing such situations let us know. We try to solve your problem as well.