Facebook pages are typically used by organizations and public figures to connect with their community. Anyone can make a Facebook page, even cybercriminals. Using social media, cybercriminals spoof brands and organizations to trick people into trusting them. In this recent scam, cybercriminals use real Facebook pages to impersonate Facebook itself.
The scam starts with a fake email that looks like it’s from Facebook. The email states that your account has been deactivated and will be deleted in 48 hours unless you click a link. If you click the link, you’re taken to a real Facebook post from a page named “Page Support” that uses the Facebook logo. The post directs you to click another suspicious link that takes you to a fake login page. If you enter your login credentials, you’ll give cybercriminals access to your Facebook profile and the ability to scam your friends and family.
Don’t be fooled! Follow the tips below to stay safe from similar scams:
- Watch out for a sense of urgency in emails. Phishing attacks rely on impulsive actions, so always think before you click.
- Remember that this type of attack isn’t exclusive to Facebook. Cybercriminals could use this technique on any other social media platform.
If you receive an urgent notification, verify that it’s legitimate. Navigate directly to the organization’s website or official app to view details.
Stop, Look, and Think. Don’t be fooled.
Protect your network! Learn more about security awareness training for your team.