Fake “Security System Page” scams are making the rounds on Facebook and are trying to lure users into handing over their payment card details.
Earlier in January, Christopher Boyd, a malware intelligence analyst at Malwarebytes, came across a scam that informs a victim they have been locked out of their Facebook account as a result of other users’ complaints. The message urges the user to re-confirm their page by visiting a link modified by the LinkedIn URL Shortener, which is itself an unusual choice for Facebook scammers.
The link leads to “report-fanpage(dot)gzpot(dot)com/Next/login(dot)htm”. This site contains the following scam page:
Your page has been reported by others about the abuse, this is a violation of our agreement and may result in your page disabled Please verify your email account to prove this is your page and help us to do more for security and comfort for everyone.
Please check your account as proof of the legitimate owner of the account that you use. Make sure you enter the correct details below.
If you ignore this warning, your page will be lost forever and can not be restored. Sorry to disturb your comfort.
Well, at least they’re polite while trying to fool their victims.
Entering in their email, password, and birth date subsequently leads a user to another page, where they are prompted to enter in their card number, expiration date, security code, zip code, and country. Should they choose to pay via PayPal, a “Confirm PayPal” button leads to a phish for that service, as well.
In the time since he wrote his initial report, Boyd has detected several other Facebook Security scams that mimic the ruse described above. In fact, some of them have used the exact same alert message to warn users of locked accounts and the need for login details.
Regardless of their wording, all the ploys were after one thing: users’ payment card details.
Rest assured that while all of the scams observed by Boyd have been taken down, more will likely pop up and seek to compromise your information. Make sure you refuse to give them the time of day.
If the scams are sent to you as a Facebook message or post, take a screenshot and report it to Facebook Security. If you know the Facebook user who sent it to you, you might also want to let your friend know that their account was likely hijacked.
And if they pop up in an advert, simply close them. These scammers can’t compromise your information unless you physically enter it into the scam prompts. You have the power to not let that happen.
If you are on Facebook, and want to be kept updated with news about security and privacy risks, and tips on how to protect yourself online, join the Graham Cluley Security News Facebook page.