Facebook Notification Scam

This one looks real. Feels real. It’s not real — and you’re in real trouble if you click on the link.

The notification you see pictured on this post has infiltrated my Facebook notifications twice in three weeks. It’s on par with this Facebook scam — same or similar bait, same or similar link that when clicked will give up either your passwords, your personal information or your page control.

If you click that link, it will bring you off-site to a location controlled by the scammer, typically operating outside of the U.S. The page will prompt you to type in your personal information, in the hope that you’ve been fooled into thinking you’re sharing it with Facebook’s security personnel.

A source intimately familiar with this problem agreed to talk to me on the condition of anonymity. This source, an IT expert who specializes in phishing scams, said Facebook aggressively pursues these impostors, deleting hundreds of thousands of fake accounts. Because there are so many of them, there is a lag period in eliminating the crooks, but Facebook’s detection technology does enable it to ferret out these accounts, often within minutes of their creation. The source told me because my Facebook page is a verified professional account, it’s even more of a highly valued target.

An unnamed Facebook spokesperson sent me this statement: “We appreciate AndyWiseChoices.com bringing this scam page to our attention and have removed it. We continue to make improvements to combat phishing scams, including new detection systems, more reporting tools that people can use to flag suspicious activity and adding more people to work on safety and security.”

Here are Facebook’s online resources for preventing phishing scams and for restoring your page if you fall for one:

• https://www.facebook.com/help/166863010078512?helpref=faq_content
• https://www.facebook.com/help/738660629556925?ref=FBB_TipsToKeepYourFacebookAccountAndBusinessPageSecure
• https://www.facebook.com/help/reportlinks?ref=FBB_TipsToKeepYourFacebookAccountAndBusinessPageSecure

Facebook’s spokesperson also offered these suggestions for protecting against phishing scams:

• Secure your account with two-factor authentication: Enable two-factor authentication as an extra layer of protection. Your phone number or email is used as secondary confirmation of your identity.
• Don’t accept friend requests from people you don’t know: Scammers may create fake accounts in an attempt to friend and manipulate people.
• Watch out for suspicious links and malicious software: Keep an eye out for links you don’t recognize, especially if they’re coming from people you don’t know or trust. Be careful not to click on suspicious links, open suspicious files or install malicious apps or browser extensions—even if they appear to come from a friend or a company you know. If you see a post or message that tries to trick you into sharing personal information, please report it.
• Set up trusted contacts: To help you regain access to your account, in case you are ever locked out, you can enable your friends to be your trusted contacts. They’ll be able to send you a recovery code with a URL to help you get back into your account. 

Always remember: the real Facebook will never send you an unsolicited text, email, call or notification that asks you to click on a link to verify your account. It’s Facebook’s account! It issued you the page in the first place. Just like your bank or credit card issuer will never need to verify an account number it gave you to start with, Facebook will never have to verify one of its proprietary accounts.

Simply put: don’t click on links sent from unverified sources.

Copyright 2021 Wise ChoicesTM. All rights reserved.

https://www.ftc.gov/news-events/media-resources/identity-theft-and-data-security/phishing-scams