Do you use a Facebook Fan Page to organize an online community group or manage your brand’s social media presence? Many companies, nonprofits and individuals alike use Facebook Fan Pages to communicate with huge numbers of people. Now, a recent cyber scam is exploiting popular Fan Page owners to hijack their accounts.
Of course, Facebook phishing scams are nothing new, but the latest scam takes a different tactic by impersonating Facebook’s security team and hooking its victims with flattery.
The “Fan Page Verification Program” Is a Scam
This latest Facebook phishing scam pretends to be an official message from Facebook security, addressing owners of Fan Pages about a “verification” program in the wake of recent security breaches:
Dear Facebook User,
You are receiving this message to notify you about the new security feature from Facebook called “Fan Page Verification Program”.
After many Fan Pages have been stolen lately leaving us no choice but Deleting them forever, we had to come up with an original solution about the Fan Page’s Security.
Luckily, your Fan Page, has a lot of likes and provides High Quality Content, which qualify it for this program.
It’s no secret that social media hacking is on the rise these days. The fact that this latest cyber scam is impersonating Facebook and claiming to offer protection proves just how sneaky these hackers can be.
Also, this particular phishing scam attempts to ingratiate itself to Fan Page administrators by way of simple flattery. Sophos’ Naked Security blog has explains:
“[The phishing scam] does a nice job of flattering suck-up to entice victims into coughing up that their Facebook login details, telling targets that they’ve had ever so many stolen Pages lately, and that they simply can’t think of what to do about it except just, well, throw up their hands and delete them all…[a]ll the stolen Pages, that is, except yours, which, gosh, is so popular with its ‘High Quality Content.””
Nice compliments, right? Well, they’re nice right up until the point where they cost you access to your Facebook Fan Page.
Clicking the URLs in the message will take Fan Page administrators to a form that asks for their Facebook login information, and then prompts them to pick a 10-digit “Transferring Code.”
Potential victims are also told that failure to complete this process by May 30th, 2013 will result in the permanent deletion of their Facebook Fan Page. Seems like it’s a smart idea to “verify” your Page, then, right?
Wrong. What you’re really doing is just giving away the keys to your Facebook page. Next thing you know, anyone subscribed to or following your Fan Page will be getting spammed with all sorts of nonsense. Definitely not good for business.
How to Go Fishing for Phishers
Unfortunately, using social media carries a certain amount of risk. There’s always some type of scam or hoax going around that’s designed to capture your personal information, and the scams evolve so quickly that they can be difficult to spot.
If you’re a Fan Page administrators, it run contrary to your instincts to ignore a message that seemingly comes straight from the so-called “Facebook Security Team.”
But If you receive something form an entity claiming to be Facebook, and the message has a ton of oddly-capitalized letters or other grammatical errors, it’s most likely a hoax.
Another red flag is that the message doesn’t address its recipients by name. Any official message from Facebook will include specific information about your actual Fan Page, including the name of the page and a profile picture.
Be Sure You’re Browsing Securely
Even still, the best way to make sure you’re dealing with an official Facebook message is to look for the “https” in your browser when you click on any links. A secure URL looks like this:
It indicates that your browser has been able to verify that the website you’re visiting is the one it claims to be.
Do you have any good tips for fighting phishing scams on Facebook? Share with us in the comments!