You love your Facebook page, I know you do. As a marketer you put in a lot of work into your pages; engaging with fans, posting daily content, even spending large sums money to grow those audiences and drive people to your website. Your Facebook page is an investment of time and money. Having someone steal it would be devastating. I’m going to give you information and show you a real-life example so that doesn’t happen.
Last week I received a message on my blog’s Facebook page saying I was in violation of copyright infringement. It said that the page was going to be removed in 48 hours if I didn’t follow a link and fill out a form. It’s safe to say my anxiety levels went up a couple notches. This page is my baby, I’ve been growing it for the past five years. Loosing it would be catastrophic to my brand. But a couple things didn’t add up, and I want to share the experience with you so that no one falls prey to this phishing scam.
Below is a screen shot of the message I received. As you can see it looks as if it came from Facebook and threatens to remove the page. To stop this terrifying situation from happening they tell you to click on the provided link to verify your page.
I’m very good about posting either my own photos or always giving credit when sharing other people’s content, so this message did raise a red flag on my suspicion sensor. But, with so many confusing Facebook privacy settings, you never quite know if you’re crossing all the T’s and dotting all the I’s.
After clicking on the link I was taken to a page that wanted me to verify my Facebook page. As you can see by the images below they wanted my name, phone, email, page password, page URL, and comments. They want my password? Red flag number 2.
They are Facebook, why do they want my Facebook password!
As you can see the phishing scam comes inside an actual Facebook frame. Below is a closer look at the copy trying to trick me into giving my information.
What Is A Phishing Scam?
After more research and looking at some code, I figured out that the page is a phishing scam trying to capture my password. Phishing is when someone tries to trick someone else into giving personal information that can be used in an unpleasant way. Phishing scams can come through emails, websites, social networks and phone calls. They are usually designed to steal money or take over your online accounts.
This is a more sophisticated phishing scam because it’s an app created on the Facebook domain –Apps.Facebook.com. It uses the Facebook screen and then pulls in an iFrame maliciously created to capture someone’s information. I hate evil people.
Whatever you do, don’t fill out this form!
Bottom line, never give your password to any online page asking for it through a link. The only time you should ever have to use your password is when logging into your accounts. For more help with your social marketing you can download our free eBook on Mastering Social Media for Business. Be careful out there, the Internet can be dangerous place if you don’t keep your guard up.
I’d have been very suspicious with all the spelling/grammar mistakes on the form, eg “please be carefully by filling out this form” and “we made abble this form”.
I had a hilarious phishing email yesterday that was supposedly from Facebook that told me I had a notification and I should “read the message disgustedly”.
By the way, the link you were asked to click – didn’t the URL raise your suspicions before you even clicked on it?
You didn’t mention the dreadful spelling and poor English used on the form – but then you used “loosing” instead of “losing” in your introduction.
The first, and really only, red flag necessary is the atrocious grammar. Would somebody in Facebook legal actually write “we made abble this form….?”. Considering the fact that Ryan V. himself writes “LOOSING it would be catastrophic to my brand”, I can see why it took so many clues for him to figure out this was phishing.
Hi there – received a message similar to this a short while ago. I mistakenly click on the link, but being suspicious, I didn’t enter any details.
I returned to my FB settings and created a new password there and went through security settings etc. Is this enough to put my mind at ease? I’m worried that because I clicked on the link, hackers already have access.
Would really appreciate an answer to this. Thanks.