Fake Facebook Security pages are quite a common sight, and there’s a “Your page will be disabled unless…” scam in circulation at the moment on random Facebook comment sections which you should steer clear of.
The scam begins with a message like this, courtesy of Twitter user Alukeonlife:
Heads up Facebook page admins, there’s a new comment-scam propagating around pages on Facebook. Looks like this: pic.twitter.com/mkVtBo8dX1
— Luke (@alukeonlife) January 5, 2016
Warning!!! Your page will be disabled. Due to your page has been reported by other users. Please re-confirm your page in order to avoid blocking. You violate our terms of service. If you are the original owner of this account, please re-confirm your account in order to avoid blocking.
If the multiple exclamation marks and generally terrible grammar didn’t give the game away, the following request certainly might:
To complete your pages account please confirm Http below: https(dot)lnkd(dot)in/bNF9BUY?Facebook.Recovery.page "Attention" If you do not confirm, then our system will automatically block your account and you will not be able to use it again. Thank you for the cooperation helping us improve our service. The Facebook Team
Note that they use the Linkedin URL shortener, which is somewhat unusual – perhaps the scammers think people are growing suspicious of endless bit(dot)ly and goo(dot)gl URLs being sent their way, and are attempting to throw a business-centric sheen on their shenanigans. They won’t get away with it without a fight, however – Google Safe Browsing flags the final destination as a dubious website: and fires up a “Deceptive site ahead” warning:
As for the scam page itself, which is located at
report-fanpage(dot)gzpot(dot)com/Next/login(dot)htm
it looks like this:
!! Warning Page !! Your page has been reported by others about the abuse, this is a violation of our agreement and may result in your page disabled Please verify your email account to prove this is your page and help us to do more for security and comfort for everyone. Please check your account as proof of the legitimate owner of the account that you use. Make sure you enter the correct details below. If you ignore this warning, your page will be lost forever and can not be restored. Sorry to disturb your comfort.
They just can’t stop with those exclamation marks, can they? Anyway, the page asks for Email / Phone, Password and date of birth.
With most Facebook scams, the ride would end here – in this case, we have a little further to travel (and it’s nowhere good).
After harvesting your Facebook credentials, they then go after payment information:
They ask for card number, expiration date, security code, post / zip code and country. It reads as follows:
Upgrade your payment Recovery of payments on Facebook Payment page you were laid off, please upgrade your credit card again to return the payment in Facebook Caution If you do not update your credit card your payment page will be disabled
Should the victim enter their information and hit the button, they’ll be forwarded on to the real Facebook Security Facebook page. There’s also a “Confirm Paypal” button which leads to a phish for that service, too:
The above page is located at
report-fanpage(dot)gzpot(dot)com/Next/paypal(dot)com(dot)htm
Make no mistake, this is one phishing scam that could cost you a lot more than your Facebook login. Should you be sent any attempts at panicking you into entering your logins on a so-called “Security Page”, you should give both destination URL and comment sender a very wide berth.
Christopher Boyd
COMMENTS
Pingback: Facebook ‘Page Disabled’ Phishing: How To Spot The Scam And What To Do()
Pingback: A Week in Security (Jan 03 – Jan 09) - News4Security()
Pingback: More Fake Facebook “Security System Page” Scams… | Malwarebytes Unpacked()
Pingback: Fake Facebook 'Security System Page' scams want your payment card details()
Pingback: Página de seguridad de Facebook falsa quiere tus datos | Mejor Antivirus()