Phishing attempt against Facebook page owners.

Today, I received a phishing email that was pretending to be from Facebook. The email warned that my Facebook page would be unpublished because it “violates the Facebook Pages terms”.

The email read as follows:

Your Page, [Name Removed], may be unpublished because it violates Facebook Pages terms. This means that you can still see the Page, but other people won’t be able to see it and you won’t be able to add new people to help you work on your Page.
If you think this is a mistake, Appeal here:

[Link Removed]

The Facebook Team

At first I was a bit panicked. However, upon closer inspection, I could see that the sender of the email was [email protected]. They had manually set their email sender name to “Page Copyright” in the hope that the victim wouldn’t bother to click on it and check.

The fake appeal link led to a note on a newly-created Facebook page called “PAGE COPYRIGHT REPORT”:

Facebook Phishing Scam

To the untrained eye, this looked like an official help page on Facebook. In reality, it was just somebody abusing Facebook’s “note” feature to launch a phishing scam.

The phishing form.

In the note, there was a link that looked as though it led to another Facebook page called Page-Copyright-Report. However, when you clicked on it, it actually led to an external website that looked exactly the same as Facebook:

This page offered up some information about copyright law and intellectual property. It then prompted you to “Continue”. Once you press “Continue”, you are asked to fill out a fake appeal form with your email address, phone number, page name and username.

Finally, once you’ve entered all of this information, it prompts you to enter your password:

Obviously, the goal here is to try and hijack Facebook pages with relatively large fan bases so that they can spam links and reach a wider audience.

If you think that you have been successfully scammed by this, make sure that you 1) change your password and 2) enable two-factor authentication on your Facebook account.