Today, I received a phishing email that was pretending to be from Facebook.
This email warned that my Facebook page would be unpublished because it “violates the Facebook Pages terms”.
The email read as follows:
Your Page, [Name Removed], may be unpublished because it violates Facebook Pages terms. This means that you can still see the Page, but other people won’t be able to see it and you won’t be able to add new people to help you work on your Page.
If you think this is a mistake, Appeal here:[Link Removed]
Thanks,
The Facebook Team
At first, I was a bit panicked. However, upon closer inspection, I could see that the sender of the email was [email protected].
In this case, they had manually set their email sender name to “Page Copyright” in the hope that I wouldn’t bother to click on it and check it.
The fake appeal link in the email led to a note on a newly-created Facebook page called “PAGE COPYRIGHT REPORT”.
To the untrained eye, this looks like an official help page on Facebook. In reality, it is someone abusing Facebook’s “note” feature to launch a phishing scam.
The phishing form.
In the note, there was a link that looked as if it led to another Facebook page called Page-Copyright-Report.
However, when I clicked on it, it actually led me to an external website that looked exactly like Facebook’s help section.
This page contains information about copyright law and intellectual property. At the bottom, it prompts you to “Continue”.
Once you press “Continue”, this bogus site will ask you to fill out a fake appeal form with your email address, phone number, page name and username.
Finally, once you’ve entered all of this information, it will prompt you to enter your password.
Obviously, the goal here is to try and hijack Facebook pages with relatively large fan bases. By doing so, they can spam links to a wide audience.
If you think that you have been successfully scammed by this, make sure that you take the following steps.
- Immediately change your password.
- Enable two-factor authentication on your Facebook account.