WARNING: Messages from ‘Facebook Recovery’ Are Scams

Facebook users: If you receive messages from an account titled “Facebook recovery,” report them at once and do not follow the directions. They are part of a scam.

Jovi Umawing of Malwarebytes Labs provided details in a blog post, saying that victims are directed to a payment page, where their credit-card information is requested.

The scam message reads (unedited):

Notification: Your Account will be Disabled!

Account FACEBOOK you have already been reported by others about the abuse of account, this is a violation of our agreement and may result in your account is disabled. Please verify your email account to unblock and help us do more for security and convenience for everyone.

Immediately do recover your Facebook account, by clicking on the link below:

“Attention”

If you ignore this message, we can not recover your account and your account will be permanently disabled.

Sorry to interrupt your convenience.

The Facebook Team

FacebookRecoveryScam

Umawing added in his blog post:

Once a user entered the credentials that were requested and clicked “Log In,” data is posted to recovery.php, and then users are redirected to this payment page, which asks for his/her full name, credit-card details and billing address.

We have no idea why all of a sudden the account that claims to be a legitimate entity from Facebook is asking for a form of monetary compensation for the recovery of accounts. Perhaps that is what the phishers meant when they said, “help us do more for security and convenience for everyone.”

If you see posts on your feed that appear similar to the Facebook post we discussed here, whether it continues to bear the same URL or not, it’s best to ignore it and warn your network about an ongoing spam campaign.

Readers: Have you seen any similar messages?

FacebookRecoveryScamPhishingPage FacebookRecoveryScamPhishingPageCreditCard

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s