Facebook Apps Phish Wants Government Approved ID

Facebook “Page Disabled” Phish Wants your Card Details

Fake Facebook Security pages are quite a common sight, and there’s a “Your page will be disabled unless…” scam in circulation at the moment on random Facebook comment sections which you should steer clear of.

The scam begins with a message like this, courtesy of Twitter user Alukeonlife:

Warning!!! Your page will be disabled. Due to your page has been reported by other users. Please re-confirm your page in order to avoid blocking. You violate our terms of service. If you are the original owner of this account, please re-confirm your account in order to avoid blocking.

If the multiple exclamation marks and generally terrible grammar didn’t give the game away, the following request certainly might:

To complete your pages account please confirm Http below:

Note that they use the Linkedin URL shortener, which is somewhat unusual – perhaps the scammers think people are growing suspicious of endless bit(dot)ly and goo(dot)gl URLs being sent their way, and are attempting to throw a business-centric sheen on their shenanigans. They won’t get away with it without a fight, however – Google Safe Browsing flags the final destination as a dubious website: and fires up a “Deceptive site ahead” warning:

Caught!

As for the scam page itself, which is located at

report-fanpage(dot)gzpot(dot)com/Next/login(dot)htm

it looks like this:

Fake warning page

!! Warning Page !!

They just can’t stop with those exclamation marks, can they? Anyway, the page asks for Email / Phone, Password and date of birth.

With most Facebook scams, the ride would end here – in this case, we have a little further to travel (and it’s nowhere good).

After harvesting your Facebook credentials, they then go after payment information:

Avoid!

They ask for card number, expiration date, security code, post / zip code and country. It reads as follows:

Upgrade your payment

Should the victim enter their information and hit the button, they’ll be forwarded on to the real Facebook Security Facebook page. There’s also a “Confirm Paypal” button which leads to a phish for that service, too:

Fake Paypal

The above page is located at

report-fanpage(dot)gzpot(dot)com/Next/paypal(dot)com(dot)htm

Make no mistake, this is one phishing scam that could cost you a lot more than your Facebook login. Should you be sent any attempts at panicking you into entering your logins on a so-called “Security Page”, you should give both destination URL and comment sender a very wide berth.

Christopher Boyd

ABOUT THE AUTHOR

Christopher Boyd

Former Director of Research at FaceTime Security Labs. He has a very particular set of skills. Skills that make him a nightmare for threats like you.