Watch out for this recent scheme on Facebook:
If you encounter this anywhere on Facebook, please know that it is not legitimate, and Facebook/Meta did NOT send this to you. Do not click the link. Do not respond to the message.
You can and should click the 3-dots button to the upper-right, to report the message/account to Facebook as a fake or impostor. That will help Facebook detect and remove the ruse.
True Facebook messages about your reports & violations would appear in the Support Inbox for your Facebook account. That can be a bit tricky to find, but try this link if you want to visit yours. You can trust what you read on that website.
How Bad This Scam Can Get
If someone is tricked into clicking the link, some browsers will protect the user and warn about the dangerous site ahead:
But other, less-secure browsers might load that link straight away, and then this alert appears:
This is still all fake! The user’s FB account is perfectly fine, and the above text is 100% fiction. But when a person clicks the blue button there, the next page prompts them to type in their Facebook credentials. After that, the scammers quickly capture and use that info to log into that Facebook account.
Once inside the victim’s account, they will:
- Change the FB password, locking the true owner out.
- Change the account recovery methods, so that the true owner cannot reset his/her password.
- Start using the account to scam everyone on the Friends List of the account.
- Start using the account for other criminal enterprises on Facebook and beyond.
If The Worst Has Happened To You
If you have been fooled by this phishing effort, contact Facebook for help with your account ASAP. You may certainly try to reset your password first, but if that fails, Facebook will have to put you through some considerable verification steps and other processes to fix the situation.
You’ll need this Facebook article to begin the recovery process. Click on “I think my Facebook account was hacked…” and then click the get Started button. Answer the next questions as best you can and hopefully Facebook will repair your account… soon.
You might also contact your friends and family, via email or phone, to let them know about your stolen account. Tell them something like, “Don’t trust anything coming from my FB account, until I explicitly tell you I’ve recovered it!”
For more reading on this, check out the Malwarebytes Blog.