A concerned client contacted us about a private message they had received on Facebook. It said:

WarmingPageScam

“Dear Customer,
Your page will be Disabled!
Please re-confirm your account to avoid blocking. It is caused someone has reported you that there were irregularities of content, for violating terms of service. If you are the original owner of this account, please re-confirm your account to avoid blocking.
Please reconfirm your account here.
Confirm your account here:
–> http://unblock-page.at.ua/facebook_security.html
If you don’t confirm, our system will automatically block your account and you will not be able to use it again.
Thank you for helping us improve our service collaboration.
Facebook (TM) Security.”

So we’re clear, do not go to that URL. It’s a strikethrough for that reason.

At first glance, it looks very official. Due to it coming through FB Messenger, it’s not a space where you typically think scams may be lurking. However, you should because they are.

Things to look for are grammar, spelling errors, repetitive statements and of course, an unofficial website link.

This particular scam message came from another business page: Warning Page. It’s been reported so we suspect it will be taken down shortly after we post this. While the Profile Picture is an official looking Facebook icon – it’s just a picture. It lends no more official weight to the page than a picture of a kitten would.

Warning

As you can see, another user caught on to the scam too under “Visitor Posts”.

The biggest red flag is the URL they ask you to click on. If you go to the webpage itself, it’s just a place holder. There’s no content. The “Lorem Ipsum” is standard Latin place holder text that developers use to show what text will look like in a space. However most glaringly is that IT’S NOT FACEBOOK! All official Facebook contact will send you back to Facebook.

unblockwebsite

The link generated a convincing Facebook looking login page where you would give your name and your password. Some ask for your email address and password as well.  Once you do so, the hackers have your credentials. They can login to your account, change your password and lock you out. They are then free to spam all of your friends on your personal account, posing as you. They can also take over your business pages and spam all of the fans – all while posing as that official page. The damage could be catastrophic for both you personally and for your business (or any business pages that you manage).

If you receive one of these messages, ignore it! Try going to the page that sent the message and report it.

Report_Page

Itsascam

This will give the heads up to Facebook that these people are actively trying to scam their users.

If by chance you fell into their trap, what can you do? If you still have access to your account, CHANGE YOUR FACEBOOK PASSWORD IMMEDIATELY! If you use the same password on your email, CHANGE IT TOO! You may even have to shut down all of your credit cards. Call your bank and ask them to advise you. Then think of any accounts that you may have that use your email address as the user name and you use that same password. CHANGE THOSE AS WELL!  Think Paypal, Amazon, LinkedIn, eBay, Twitter…. Yes, all of them. Hint: This is why it is not recommended that you use the same password for everything. Once hackers have your password for one, they have them for all.

If you’ve lost access to your account, you’ll have to go to the Facebook Help CentreIf they’ve hacked your email, you’re going to need to contact your service provider. Remember that “Forgot your password” emails go to your email – so if you’ve lost control of your email account you need to do damage control ASAP.

TIME IS OF THE ESSENCE. Hackers are in this business of scamming people for a reason. They move quickly to capitalize on any vulnerability. They are everywhere. Please do not fall victim to them. Be aware. Be skeptical. Stay safe.