CROMWELL, CT (WFSB) – A new phishing scam scares Facebook users into sharing their passwords by threatening them with “Facebook jail.”
The Connecticut Better Business Bureau sought to warn users about the scam and offer tips on how to protect their accounts from hackers.
The BBB said victims reported receiving an email that appears to come from Facebook and says something like:
“Recently, we discovered a breach of our Facebook Community Standards on your page. Your page has been disabled for violating Facebook Terms. If you believe the decision is incorrect, you can request a review and file an appeal at the link below.”
The message may also say that if the user doesn’t act in the next 24 hours, Facebook would permanently delete the account.
The email includes a link that appears to lead to Facebook.com. Since users want to keep their accounts, they may be tempted to click it.
However, the BBB warned people to stay calm and take a closer look.
On closer inspection, they’ll likely find signs of a scam. The signs may include typos, email sender addresses that aren’t related to Facebook, and, if they hover over the link in the email (without clicking on it), they will discover that it doesn’t point to Facebook’s website.
If a person clicks the link, they’ll likely be taken to an official-looking page and prompted to complete a form to appeal the policy violation. They’ll be asked for their login email, phone number, name, and other details. The page will ask the victim to confirm the password when they hit submit. When that’s done, scammers will have all the information they need to hack the victim’s account.
How to avoid Facebook phishing scams, according to the BBB:
- Don’t panic. Always read suspicious emails carefully, looking for signs of a scam, before acting. Scammers love to target social media accounts, so fake alerts are common.
- Verify the claims. Log into the Facebook account directly to verify whether there’s a problem before deciding how to proceed.
- Always log into the account directly. Even if a user thinks an alert is authentic, use the social media app to log in or enter the URL in the browser bar by typing it, not by clicking on a link.
- Guard login credentials carefully. Never enter login information on a third-party website or a page other than the official Facebook website. Never send login information to someone via email or Facebook Messenger. If users entered their login credentials into a fake form, they should immediately change their passwords.
Copyright 2023 WFSB. All rights reserved.