Firstly, the phishing email warns that the user’s account “might be disabled and the page removed” due to continual content that is posted that reportedly infringes on the rights of another user. Secondly, if the victim has an issue with the report, they are asked to click the link that goes to the Facebook post in question. After that another link appears directing the victim to separate website to appeal the decision.
In addition, the user is asked to provide their details as part of the fakery – sensitive stuff like their name, and email address. But by the end of the form the victims are asked for their Facebook password.
Now the attacker has all the information the victim has provided and can use it to log into the victims Facebook account. Most importantly, the hacker can collect even more personal information from the Facebook account as well as lock out the victim from their own account. Meanwhile if the victim re-uses passwords for other online accounts like many people, coupled with the known email address, the attacker has access to those too.
This type of phishing attack is successful because it creates a sense of urgency and secondly Facebook do disable accounts for posts that violates their terms and standards.
So, if the victim believes this is done in error there could be determined to put this straight.
And therefore, enough to convince the victim to “part with their personal details. Particularly true too for companies who use Facebook to promote their business”, says Rachelle Chouinard, threat intelligence analyst at Abnormal Security.
But this phishing campaign is interesting to the security researchers since the there was a link to a credential-phishing site within the post, all disguised as a form.
Yet the researchers still note on closer inspection there were clues that would have suggested that something might be off, even while the email and phishing domain might have looked legitimate at first glance.
For example, the sender email address was not related to Facebook at all, it was the email that had Facebook branding and claimed to be from Facebook. Secondly, the reply message directs to a Gmail address. So those are clear warning signs.
The message within the email was designed to instil fear within the victims and panic them into giving their information. Above all, it’s highly unlikely that this type of contact would come from an online service. If you receive something like this then don’t panic, don’t click the link. Instead go to the website directly and view your account. If something isn’t right, it will soon let you know and you can handle it from there, without giving over any of your personal information or password.
If you suspect your account has been phished Facebook recommend changing your password and in the security settings – log out of any devices that they don’t recognise. Well, that is the advice from Facebook’s Help Centre