All of the below pages – which offer up Facebook phishing in the guise of “Security pages” – have all recently been unplugged and taken out of action, but that doesn’t mean we can’t poke them with a stick and give you some advice on what to avoid should you see them elsewhere.

At least one of them was reusing the text template from the scam which asks for both login credentials and payment information. That would be the first example of the bunch, which was located at

apprecoverypages(dot)hst(dot)im

Fake login

The text read as follows:

Your page has been reported by others about the abuse, this is a violation of our agreement and may result in your page Disabled. Please verify your email account to prove this is your page and help us do more for security and comfort for everyone.

Please check your account as proof of the legitimate owner of the account that you use. Make sure you enter the correct details below:

After grabbing email / phone, password and date of birth it took potential victims to a carbon copy of the last attack’s request for payment information.

Next up is a page which was located at

5b-semoga(dot)ws(dot)gy

It had a nice line in rotating Facebook logos (it may not look like much in a static screenshot but trust me, it was mesmerising in a very “So you’ve fallen into a wormhole to the 1990’s” fashion).

"Facebook security"

As before, it kicked things off with a message about locked accounts and impending doom:

Account facebook you have already been reported by others about the abuse of account, this is a violation of our agreement and may result in your account is disabled.

Security Facebook Team recommends you to do so Recovering an account, we are not responsible if your account has been permanently disabled.

They grabbed email, password, date of birth, then asked the potential victim to re-enter an email / password combination. From there, it was all about password resets:

Password reset probing

After that? You guessed it, yet another request for payment details using the same template.

Uh oh

Finally, we had one more clone at

vbwxzat(dot)tk

and it did pretty much what you’d expect it to at this point; warnings of locked accounts and requests for login details, swiftly followed by demands for payment details. Also: more rotating facebook logos.

Another one!

Payment time...again

This one also popped an advert when the initial page was interacted with – in this case, we were told we’d won something. Hooray!

Winner?

Or – to put it another way – not hooray.

In all cases, the above style of Facebook scams should be closed when encountered. They won’t gobble up your card details or login credentials unless you physically enter them into the site, and if you have any adverts popped on screen you should ignore and close those too.

You definitely don’t need to get tangled up in shenanigans such as the above – no matter how much time and effort has gone into the lovely logos…

Christopher Boyd