Following up on our previous blog post about rogue Facebook Recovery accounts floating around within the said social network, it appears that such accounts, or possibly others claiming to be Facebook Security “officers”, were sending “Your account will be deleted” or “Your account will be banned” messages to users, eliciting them to fill out a form in order to avoid getting deleted or banned.
One of the messages contained the URL, db[DOT]tt/dNfzUHBl?Confirmation_identity, which leads to a page served on Dropbox. Whoever owned it must’ve restricted access to it for the time being, so we’re keeping an eye on it for now.
Another message links to a notification created via the Facebook App feature. It has the following URL:
This too has been removed from the network due to the Facebook security team’s pro-active searching and taking down of dubious pages. We were able to retrieve the third-party site it links to. Note the blue tick beside “Facebook for Business” is deliberately placed by scammers to make it appear more believable:
While there is a Facebook for Business page (see screenshot below), there is no “special” Facebook for Business form that users need to fill in.
Facebook for Business has the URL https://www.facebook.com/business/, and it opens the official user interface (UI), as you can see below, if users want to avail of entrepreneurial services that the social network has in offer.
Going back to the phishing page, once users supply the needed information on the form, they are directed to this “thank you” page:
Facebook for Business Thank you for contacting Facebook for Business. Please wait for reply message via email address. We have accepted your submission for approval, we will contact you shortly for your verification request, it may take up to 48h. Sincerely, Facebook for Business
According to the latest statistics, 30 million businesses already own at least a fan page on Facebook. Although it is not clear how many fell for this scam campaign or if there were indeed a particular target in mind, we implore users—those who who manage or own a business page on Facebook and those who don’t—practice extreme caution when dealing with posts or private messages about their accounts possibly getting banned or deleted.
Unless users have severely violated the Facebook Community Standards, there shouldn’t be cause for concern, much less believe such random messages.
Jovi Umawing (Thanks to Steven for finding this)