Facebook phishing attack impersonates security staff

Users of Facebook have begun getting messages claiming to be from a member of the security team of the popular social networking site – but it’s part of a scam to try and steal Facebook credentials and credit card information. 

The scam, reported by David Jacoby of security firm Kaspersky Lab, involves an attempt to trick users into believing their account is about to be deleted.

Potential victims receive a message from an account with the name “Facebook Security” and the Facebook logo as its profile picture. The message says, “Last warning: Your Facebook account will be turned off because someone has reported you. Please do reconfirm your account security by: =>” followed by a URL link.

The link leads to an external site that looks like Facebook, where users are asked to enter their account information and then confirm their identities by entering a credit card number. Once users fall for the scam, their accounts are also changed to a phony “Facebook Security” account and the same message is sent to everyone on their contacts list.

Warn users in your organization to look out for this and similar social networking scams.