VPN Articles and News

Facebook Disabled Page Scam Can Steal Your Financial Data

By Paul Liu
Sunday, August 14th, 2016

Have you created a Facebook page related to your hobby or business? If the answer to this questions is “Yes” then you may want to read this article very carefully. That’s because there’s a new scam doing the rounds which specifically targets Facebook Page owners and is capable of stealing a lot more than your Facebook account details. The scam was initially discovered by Luke Williams who is a part of Royal National Lifeboat Institution’s social media team and later analyzed by Malwarebytes which develops industry leading internet security software.

The modus operandi used by scammers to propagate the “Disabled Page” scam is very simple. They first post comments in the comments section of Facebook pages warning owners that the page could be disabled at any time since it has been reported by other users. The comments are usually posted by an account named “Facebook Security” although the said user is not associated with the social networking site in any way. The message also warns the owners that they would need to reconfirm their Facebook account since their Page has violated Facebook’s Terms of Service.

The next part of the scam invites Page owners to reconfirm their account by clicking on a link cloaked with LNKD.in URL shortner. The scammers have decided to use LNKD.in since a lot of people now don’t click on links cloaked with BIT.ly or Goo.gl URL shortners. The cloaked URL even contains the words “Facebook.Recovery.page” at the end so as to appear legitimate. The message even warns the Page owners that if they do not reconfirm their accounts, they would be blocked automatically and won’t be able to use Facebook again.

When the panicked Page owner clicks on the cloaked link, he/she is redirected to a page containing a Security warning. The message displayed on this page reiterates that the user’s Facebook page has been reported by others for abuse and it may be disabled at any time for violating Facebook’s Terms of Service. The message then asks the user to provide email address (or phone), password and Date of Birth details so that the page ownership could be verified. The message even encourages the user to check his/her Facebook account in order to provide correct details and reminds them that the step is necessary for the security of all Facebook users.

The scam doesn’t stop even after the Page owner has provided his/her Facebook account details! In the next step, the user is asked to provide credit card details so that their Payment Page doesn’t get disabled. And once the user has provided his/her credit card details, the page redirect them to a page asking for their PayPal details.

The Disabled Page scam is a clever phishing scam that can not only steal your Facebook login credentials but also your credit card and PayPal account details. Always remember that Facebook doesn’t use such questionable methods to contact users or warn them about violation of Terms of Service. If you have any questions regarding your Facebook page, you should contact Facebook’s support team directly instead of clicking on such suspicious links.