OFFICIAL SECURITY BLOG

Facebook “Enter Details Here to Enable Your Account”

July 30, 2014 | BY

We at Malwarebytes do our best to keep you, dear Reader, apprised with the latest threats we encounter that target Facebook users. As you may know, Facebook is one of the few prime targets of online crime, particularly fraud.

Here’s one in-the-wild phishing campaign that we spotted homing in on users.

Unfortunately, we couldn’t trace back the origin of this campaign; however, it’s highly likely that it started off as an email pretending to be a notification. As such, be wary of any received emails containing URL(s) that may lead you to us-facebook[dot]com. Successful access to the said site immediately forwards to us-services-facebook[dot]com, as pictured below:

us-services-facebookclick to enlarge

Warning Account Disabled.

Be sure you have provided a contact email address that belongs to you or are logged into an account that belongs to you. For security reasons, we cannot provide information about the reported account if you email us from an address associated with another user’s account.

Please Fill Your Correct Information Below To Verify Your Account.

Apart from asking for email address and password—credentials used to access a Facebook account—from the user, it also wants to get his/her webmail and corresponding password, date of birth, security question and answer, and country of origin—information that are irrelevant at best when enabling disabled accounts in general.

Once entries are filled in and the user clicks “Confirm”, they are then directed to this page:

Insta-buy Facebook credentials?click to enlarge

A “Payment Verification” page when users only want their accounts enabled? Uh-oh.

Unfortunately, this section cannot be skipped, which effectively forces users to make them think they’re “buying” Facebook Credits—perfect excuse to ask for payment details. Finally clicking “Confirm” after filling in credit card details opens the legitimate Facebook page on users’ “Statement of Rights and Responsibilities“.

So, has all that hoop-jumping led to the re-enabling of your account? No. Your account had never been disabled to begin with.

Although Google already blacklisted this website, prevention is still key: Ignore emails and posts in online social networks that potentially carry phishing links.

Other related post(s):

Jovi Umawing