PALM BEACH, FL – I have been reviewing and writing about email phishing scams for years and I have seen a ton of them, from outright laughable in their easy discoverability to incredibly convincing, but this latest one I must write about because its one of the most convincing I have ever seen, and it has been happening for over a year now.
I know it well as I once fell for it.
The reason this is one of the most convincing I’ve ever seen is because unlike most phishing schemes which A) originate in email and B) bring you to a fake website, this one brings you to an authentic site, Facebook.com, and tricks you through a secondary landing page (part C – the third phase) which is only displayed after your guard has already been let down by evaluating you are on the authentic site, where, unfortunately, you are receiving the ‘third-stage’ of the scam. Why Facebook continues to allow these ‘notes’ sections to be used is beyond me.
Here is how it goes.
You receive an email with a link to Facebook regarding a copyright violation on one of your pages. Copyright notifications are a good way to get people’s attention because they could bring legal troubles and people will rarely ignore and delete them, especially business owners who may have valuable Facebook advertising accounts with credit cards assigned to pages – a golden target for scammers who will rack up advertising ad spend.
Hovering over the link shows that you will be redirected to Facebook. Many scams cloak these links to hide the true destination, through a variety of means, so you always need to make sure you indeed land on an authentic Facebook page.
When you click that link, you indeed arrive on the authentic site, Facebook.com (the actual link target / destination matches).
The authentic page will look something like this below, which is actually hosted on Facebook.com itself, somehow using its notes feature.
Everything is working as you would expect when logged into the authentic Facebook.com site. Messages, icons, pop-ups. It’s all there.
This is when your guard goes down.
It appears you are looking at an authentic message from Facebook.com, case number and all.
PHASE THREE OF THE SCAM.
Now back to the real page on Facebook. That link, the one that now looks like it has to be fine is not. Hovering over that link will review the true location of the next page.
The next page will bring you to this URL.
“com-100045882614029.com” is the true domain you are actually on. “Support” and “Facebook” are just sub domains of com-100045882614029 and its all on the .com top level domain URL.
Now that you arrived at the fake site, hosted at com-100045882614029.com, none of the ordinary logged in features are working anymore, but you tend to not notice this, since you have already gone through your own subconscious evaluation process – being directed here from an authentic Facebook.com page.
To complete your Copyright Appeal you will be asked to login and verify your identity by text message. The site, while sending all of your entries to its scammer developer, then asks you to enter the code received by text message.
This is your 2FA code. The scammers will then login as you and bypass your two factor security.
About The Author: John Colascione is Chief Executive Officer of Internet Marketing Services Inc. He specializes in Website Monetization, is a Google AdWords Certified Professional, authored a ‘how to’ book called ”Mastering Your Website‘, and is a key player in several Internet related businesses through his search engine strategy brand Searchen Networks®