facebook phishing

Facebook Phishing Scams

Facebook Phishing

Facebook phishing scammers want your personal and financial information. They want the login credentials for your Facebook and email accounts. They want to steal your identity.

One way that online scammers achieve their goals is by sending you fake messages that claim that your Facebook account is about to be disabled or suspended.

In recent weeks the scammers share your photo and add a message to it. This method by-passes Facebook’s own ‘Report Post’ action. If you report the post it actually reports the post they shared but not the phishing message they have added.

Typically, the messages warn that your account has been reported by other users or is in violation of Facebook’s Terms of Service and is therefore about to be closed permanently or disabled. But, claim the messages, you can avoid the pending account closure by clicking a link to “confirm” or “verify” your account.

If you click the link, you will be taken to a fraudulent website that has been built to look like it is part of Facebook. Once on the fake page, you will be asked to log in with your Facebook account email address and password.

After submitting, the criminals have the information you supplied and use it to hijack your Facebook. Once they have gained access, they can use the compromised accounts to launch further spam and scam campaigns, including more Facebook phishing scams. The may also get access to your email as the majority of people use the same passwords.

Keep in mind that, if Facebook needs you to deal with an account issue, you will be notified about the issue when you log in to your account. You will NOT receive such a warning via email or private message that threatens an account suspension if you do not click a link.

If you receive such messages, don’t just delete it….report the page to Facebook to prevent others been hit by the same scam. If you want to delve further and take do the phishing link report it to the host/provider.

Report Phishing to Facebook

You can report the phishing page to Facebook by:

  • Go to the Page you want to report
  • Click on the button with 3 dots
  • Select Report Page
    Choose the option that best describes the issue usually in this case I find ‘harassment’ works best

report page

Alternatively email Facebook with the details to phish@fb.com

Take note of the phishing web address

If a short-link is used, such as ow.ly or bit.ly you can report the it directly to the short link provider, however this does not take down the phishing website but does prevent others reaching the phishing website. If you do click the short link you will be take the website and the URL can be obtained from the address bar. You can find out where to report short links abuse here

Find the Host/Provider 

Once you have the website address you can discover who is hosting a particular site by using a Hosting Checker.


Netcraft provide internet security services that you can report any phishing website to and they will contact the hosting provider on your behalf. You can report a phishing website here

What can Facebook do?

Ultimately using advanced searches on Facebook 1 person from Facebook huge work force could find and take down the phishing pages as quick as they pop up. Looking at the keywords the scammers use the pages can be identified quite easily; For Example this keyword phrase “Your account will be disabled“. There are several keyword phrases but they are easily picked up.

Alternatively they could adopt Netcraft’s Award Incentive for reporting phishing sites and win many prizes including an iPad