A new scam targeting Facebook page owners uses Facebook messages and a fake verification page to obtain user logins and passwords.
The phishing scam begins with a Facebook message from a “Security Team” profile that uses Facebook’s security logo. The message tells admins that their page is in violation of terms of service and threatens to permanently suspend the user’s account. Then it offers users the option to “verify” their account if they believe the situation is a mistake. Users are taken to a link where they are asked to provide their page name, email address or phone number, and password.
A few signs would help page owners recognize this message as phishing. First, the social network’s official page about security is called “Facebook Security” not “Security Team.” Clicking the profile which sent the message would reveal that the page was not legitimate.
More tellingly, the message links to the following web address: apps.facebook.com/PageSecurityTeam. URLs that begin with “apps.facebook” are third-party applications. Facebook would likely use a URL that begins with “facebook.com.” Users should be careful entering their information into fields within page tabs, apps.facebook.com canvas pages, and off-Facebook.com websites.
This scam was first reported by Facecrooks, which points out scams like these and offers recommendations for how users can protect their information.
Images via Facecrooks