All things branding, inbound marketing, inbound sales + growth blog

New Facebook Phishing Scam: Protect Yourself

Written by Remington Begg | February 9, 2015 at 2:30 PM

You love your Facebook page, I know you do. As a marketer you put in a lot of work into your pages; engaging with fans, posting daily content, even spending large sums money to grow those audiences and drive people to your website. Your Facebook page is an investment of time and money. Having someone steal it would be devastating. I'm going to give you information and show you a real-life example so that doesn't happen.

Last week I received a message on my blog's Facebook page saying I was in violation of copyright infringement. It said that the page was going to be removed in 48 hours if I didn't follow a link and fill out a form. It's safe to say my anxiety levels went up a couple notches. This page is my baby, I've been growing it for the past five years. Loosing it would be catastrophic to my brand. But a couple things didn't add up, and I want to share the experience with you so that no one falls prey to this phishing scam.

The Scam

Below is a screen shot of the message I received. As you can see it looks as if it came from Facebook and threatens to remove the page. To stop this terrifying situation from happening they tell you to click on the provided link to verify your page.

I'm very good about posting either my own photos or always giving credit when sharing other people's content, so this message did raise a red flag on my suspicion sensor. But, with so many confusing Facebook privacy settings, you never quite know if you're crossing all the T's and dotting all the I's.

After clicking on the link I was taken to a page that wanted me to verify my Facebook page. As you can see by the images below they wanted my name, phone, email, page password, page URL, and comments. They want my password? Red flag number 2.

They are Facebook, why do they want my Facebook password!

As you can see the phishing scam comes inside an actual Facebook frame. Below is a closer look at the copy trying to trick me into giving my information.

What is a Phishing Scam?

After more research and looking at some code, I figured out that the page is a phishing scam trying to capture my password. Phishing is when someone tries to trick someone else into giving personal information that can be used in an unpleasant way. Phishing scams can come through emails, websites, social networks and phone calls. They are usually designed to steal money or take over your online accounts.

This is a more sophisticated phishing scam because it's an app created on the Facebook domain --Apps.Facebook.com. It uses the Facebook screen and then pulls in an iFrame maliciously created to capture someone's information. I hate evil people.

Whatever you do, don't fill out this form!

Another way to tell that this is a scam is when I tried clicking on the "Terms of Use" link below the comments box, it doesn't work. Looking at the code it showed that this link went somewhere funky, definitely not a Facebook destination.

Bottom line, never give your password to any online page asking for it through a link. The only time you should ever have to use your password is when logging into your accounts. For more help with your social marketing you can download our free eBook on Mastering Social Media for Business below. Be careful out there, the internet can be dangerous place if you don't keep your guard up.