If you receive a message saying your Facebook account has been blocked for copyright violation, don’t panic. It’s most likely just another phishing scam.
The latest phishing campaign aimed at stealing Facebook accounts is gathering momentum. Users are receiving mass e-mails threatening bans for copyright violations. The aim is to steal the users’ login credentials. We explain the anatomy of the new scheme and how not to swallow the bait.
Who, me?
The message says something like: “Your Facebook account has been disabled for violating the Facebook Terms. If you believe that this decision is incorrect, you may file an appeal at this link.”
What could the problem be? A video you posted last year of your friends dancing to a hit song? Could that really be it? Well, maybe: The link does lead to a notice about music copyright infringement. The address of the page is facebook.com, and the notification page contains a link to an appeal form. So far, seems plausible.
Afraid of losing your account and without seeing any red flags in the link address, you might even enter your full name and username, as requested. Next, however, is a request no one should mindlessly obey: “For your own security, please enter your password.”
And … scene. Your login and password (i.e., your entire account) now belongs to cybercriminals.
We’ve said it before and we’ll say it again: Don’t follow links in suspicious e-mails. Even the savviest users can get caught off-guard by a well-written, well-designed message that gets through the spam filter, contains what looks like a good link, and generally seems legitimate.
What’s the trick?
On closer inspection, the scam isn’t really that clever. At every stage, there are warning signs. What’s important is to stay calm and alert. Panic can lead even cautious people down dangerous paths.
Let’s start with the e-mail. First, the text itself gives the scammers away. Although it lacks the kind of egregious language errors we often see in spam, anyone familiar with Facebook’s communications will note that the letter doesn’t read quite right. Then, to trick spam filters, attackers introduce small intentional typos into the body of the e-mail. In this case, they used the old upper-case-I-instead-of- lower-case-L trick. If your mail client uses a serif font, the substitution is easy to spot.
How the Scam Works:
- Email Spoofing: Scammers often send these notices via email, making it appear as if they are from Facebook. However, genuine copyright infringement notifications are delivered directly within the Facebook platform.
- Urgency and Threats: The scammers create a sense of urgency, warning of account suspension or removal of content unless the user clicks on a provided link promptly.
- Phishing Links: The links within these fake notices lead to phishing websites designed to trick users into entering their Facebook login credentials.
Protect Yourself:
- Verify the Source: Authentic copyright violation notifications from Facebook are sent through the platform’s internal notifications, not via email. Always verify the source before taking any action.
- Take your time and do not panic.
- Check the Email Address: Genuine Facebook emails come from addresses ending in “@facebook.com.” Be cautious if the email is from a different domain.
- Avoid Clicking Suspicious Links: Hover over links to preview the destination URL. If it looks suspicious or differs from Facebook’s official domain, do not click.
- Enable Two-Factor Authentication (2FA): Adding an extra layer of security through 2FA helps protect your account even if login credentials are compromised.
- Always log in to your account through the app or by entering the URL in your browser’s address bar (by typing it, not by clicking a link), even if you suspect you’ve received an actual notice of terms-of-service violation
Report and Share:
If you receive such a fake copyright violation notice, report it to Facebook immediately. Additionally, share this information with your friends and family to raise awareness and prevent others from falling victim to this scam.
In the ever-evolving digital landscape, staying informed is our best defense. Let’s empower each other to navigate the online world safely.
Stay vigilant and stay secure!
