Facebook Last Warning Phishing Scam Stealing Login, Credit Card Data

Facebook is undoubtedly one of the most used social media networks with 1.86 billion monthly active users. That’s why its users are also under constant threat by hackers and cyber criminals. Recently, we discovered a phishing scam targeting Facebook users by tricking them into giving away their login credentials and personal information.

The screenshot shows how cybercriminals are running their phishing campaign.

In this scam, the cyber criminals are spamming on Facebook pages and groups notifying that their account has been reported by users and to protect their account from permanent deletion the users are required to click on an ow.ly URL link and fill a forum with their personal information including Facebook login email and password.

It seems as if the criminals behind this scam are pretty desperate for people’s Facebook account and that’s why they are coming up with “Last Warning” kind of subject line. For unsuspecting users, the scam can do a lot of damage.

According to the scam post: “Your account has been reported by other users; security system received a report that your account has violated Facebook’s policy. Please confirm your account by clicking the link below. Attention, All account are not verified within 24 hours will be deleted from our database, and users will not be able to use it again. Facebook Team Security, Disable Warning | Facebook Copyright 2017 © 2017 by Facebook, Inc.”

If you know how phishing scams work you will simply ignore the warning but if you are new to such tricks and somehow fall for it then upon clicking the link you will be taken to a domain hosted on 16mb.com (HTTP://[retracted].16mb.com/login_mail.php) while the domain used to spread the scam is dl.dropboxusercontent.com. (Click here to know the difference between Dropbox and Dropboxusercontent.)

Who.is record shows dropboxusercontent.com is owned by Dropbox while 16mb.com is owned by Kyriakos Kyriako from Cyprus.

Once the user is taken on the fake login page, they are asked to log into the page with their Facebook email and password and add their date of birth to confirm they own the account.

According to the first warning message: “Security team have received reports from other users that your account violated our policies, and your account will be permanently disabled. Please re-confirm your account to avoid blocking. This is due to many hackers, if you are the original owner of this account, please re-confirm your account to avoid blocking. Please confirm your account below.”

This page asks users to “verify” their account by login with their Facebook login email and password.

Once done with login details the victim is sent to another fake page which asks them to put the secret question and its answer.

“Validation security question, please confirmation your security question to activation, your account use a Facebook provider. Validate your account in this forum.” 

This page asks users to add their secret question and answer

Once done with the security question the user is taken to the third and final round of this phishing scam which aims at stealing their credit card data. It must be noted that no matter what, Facebook never asks for user financial information or other personal details other than a government issued ID card and other documents. 

“Enter your credit card. Payment page you were laid off, please update or re-enter your credit card again to return the payment in Facebook and avoid page deactivated. Facebook will save your credit card information for future purchases. You can always remove or manage this information in your account settings,” according to the warning message.

This page asks users to put their credit card details

Once the user adds their credit card data and clicks “Upgrade” they are redirected to the official and verified Facebook page of “Facebook Security.” This is done to trick users into believing that the whole scam was legit and their account was severely in danger.

The Facebook security page where users are redirected.

In this scam, the cybercriminals are not just after your Facebook account but also your card data information to damage you financially. We suggest not clicking short URLs on Facebook and always do a Google search about such warnings. Also, we at HackRead have alerted Dropbox to suspend the link as soon as possible.


DDoS attacks are increasing, calculate the cost and probability of a DDoS attack on your business with this DDoS Downtime Cost Calculator.

Waqas

Waqas Amir is a Milan-based cybersecurity journalist with a passion for covering latest happenings in cyber security and tech world. In addition to being the founder of this website, Waqas is also into gaming, reading and investigative journalism.