Facebook May 18 Deactivation Scam

May 5, 2014 | BY

Over the weekend, I received several legitimate Facebook notifications informing me that my name (and names of others from this friend’s network) were included in spammy posts, claiming that I must try to activate my profile because an impending deactivation of accounts will take place two weeks from now.

The notification (which also shows the content of the spam post) looks something like this:

Screenshot of the email I get from FacebookScreenshot of the email I get from Facebook
(click to enlarge)

The source post originated from an obviously fake profile called Facebook Announcement 2K14, which was created as a community page some time last month.

"All posts here are true!"(click to enlarge)

If you accept its description, “All posts here are true!”, as truth without batting an eye, then it’s highly likely that you’ll fall for whatever this account posts.

In another cases, the spammy post originated from this fake account: FbCeo Mark Zuckerberg, which was created just three days ago:

fake-zuck(click to enlarge)

Below are the messages being propagated by these accounts, respectively:

The two spammy posts in question(click to enlarge)

“Do this before your account gets deactivated!” posts on Facebook are not really new; however, what sets this apart is what appears to be the core target of the scam: most of them are Filipinos. Their objective? ‘Like’ harvesting and profiting via link visits.

When unknowing users followed the directions from these post, any or all of the following may happen without user consent:

  • the affected account auto-‘likes’ certain accounts or the scam purveyor’s own account. Liking an account also follows every post of that account.
  • the affected account auto-follows lists belonging to certain accounts or scam purveyor’s own account
  • the affected account auto-‘likes’ the spammy post
  • the affected account’s look will temporarily change in terms of profile background and shapes and colours of these elements. Sometimes, audio will play in the background.
  • the affected account tags random connections in their network to a post that is posted as a reply to the original spammy post. This seems an easy way for the scammer to monitor or track his or her victims.
  • the affected account is prevented from unfollowing certain accounts or the scam purveyor’s own account

Today, while writing this, a close friend and I continue to receive Facebook notifications telling me that several of our contacts have been duped.

I reported the fake profiles to Facebook and encouraged my friend to do the same. Hopefully, we won’t be the only one pushing for the site to be removed.

If you, dear Reader, have seen something similar or encounter similar fake pages in the future, don’t hesitate to use Facebook’s handy Report/Block… feature. Tinypaste, the service hosting the pages where the scripts are, was also informed about this scam.

Jovi Umawing

  • Carlo Galvez

    you must be right.

  • Pingback: [ΠΡΟΣΟΧΗ] Και νέα απάτη στο Facebook : Ο λογαριασμός σας θα κλείσει 18 Μαΐου | S@fer-Internet.Gr()

  • Pingback: WARNING: Facebook Accounts Are NOT Being Deactivated May 18 - AllFacebook()

  • Pingback: O nouă înşelătorie: "Toate conturile de Facebook vor fi dezactivate pe 18 mai" | Internet Televiziune()

  • Pingback: WARNING: Facebook Accounts Are NOT Being Deactivated May 18 |

  • Isabel Bitas

    What should I do? I belive that facebook is going to end on May.18
    What I should I do? Please help me.

  • Gerick Glockner

    Is this spam/malware have anything to do on something i have recently experienced where all my files in a usb turn into shortcuts? Because my friends were also experiencing the same situation

  • Dean Bernabe

    My friends on facebook belive that me i just thought that maybe thats a scam first i search before i do it when its fake i actualy post it on public so my filipino or american friends that they wont belive anymore

  • Jovi Umawing

    Hello, Isabel Bitas :) What you can do is, if your account already auto-posted a spammy post to Facebook with your friends tagged in it, delete that post. And then begin looking for accounts you don’t remember following that are suddenly showing in your feed. Visit each of those profiles and un-Like and un-Follow them. Some of these profiles may be a list owned by a Facebook user. If so, just remove yourself from this list.

    Please expect that you may have to do this for several days if you can’t un-Follow and un-Like every account or list you were added into in one day. There is no need to change your password, but if you want to, you can.

    It also helps to warn your friends and family members that you didn’t create the spammy post on Facebook and that they have to just ignore/delete it.

    Facebook scams happen all the time. This particular scam has been around for quite a while. The only thing that changes is the “date of deactivation”. It’s best to avoid and doubt anything that sounds too good, titillating, and/or questionable to be true.

  • Jovi Umawing

    Hello, Gerick :) What you and your friends have experienced sounds like it’s not related to this scam because this particular scam does not involve any form of malware.

    Hope this helps!

  • Jovi Umawing

    Good move :) Deactivations scams has happened before. It pays to be aware of scams that particularly targets Facebook users because most of them show up every now and then. Our advise remains the same: never believe them.

  • Pingback: A Week in Security (May 4 – 10) | Malwarebytes Unpacked()