Hi Guys,

Another day, another scam!

Please be on the lookout for a new Facebook password-stealing scam that is currently spreading around the world. If you are one of the billions of people who use Facebook, here is what to look out for.

How Does the scam work?

  • You receive an email from Facebook telling you are account is about to be closed. The email looks like this:

“Subject: Restriction Alert

Hi,

We just received a report from a third party that the content you posted infringes or otherwise violates their rights.

Accordingly, your account has been repeating these actions, this means your Account might be disabled, and your page might be removed.

If you believe these reports are not being made in good faith or are inaccurate, please click on the link below.

<I removed the link so that you do not click it by accident>

We are glad to help you,
The Facebook Team.”

  • If you click on the link, you are taken to a real Facebook page where you are asked to enter your password before continuing.
  • As soon as you do this it is game over. The attacker now has your password and can lock you out in seconds.

How Do You Stay Safe?

This is a tough one as the attacker is actually using the Facebook infrastructure to target you. The link you receive is a real Facebook page, albeit a poisoned one with the password stealer.

  • Do not open any email the the subject ‘Restriction Alert’. If you are concerned that this might be a real email, just login to your Facebook account in the usual way and the warning, if real will be displayed to you as soon as you login or it will be in your notifications centre.
  • Also, click on the email address that the email came from. In the above case the email is not from a Facebook address. It is from messaging-service@post.xero.com. This is a massive red flag.
  • If you do open it, do not click the link
  • If you do click the link, do not enter your password.

Please pass this tip on to any family, friends, or colleagues who use Facebook

All the very best and have a great rest of your day.

Max Roberts,
Incognito Privacy Care Team

This scam was first reported by the team at Abnormal Security