Beware: Facebook Phishing Scam in the Wild

I woke up this morning to see 45 emails via Facebook. Looks like I started spamming my friends’ walls with messages like ‘How to make $6000 with hot colon?’. Luckily, I have friends who know me better than to post such nonsense in their walls and they said so.

Finally, the Facebook team had sensed the ruse and suspended my account. So, when I tried to login this morning I was asked my security questions and it let me change my password.

So, how did this happen?

Pandalabs reports that there is a phishing scam in the wild that is stealing Facebook passwords. if you land in the fake Facebook page and enter your login credentials, your info is stolen and you will be redirected to the real Facebook login page.

I was working on a website last night full steam and must have tried to login to one of these fake login pages without skipping a beat. Silly me.


Yes, secure browsers and anti-phishing efforts work after the scam has been reported. But, nothing can replace personal vigilance when it comes to surfing the web. I did leave my guard down last night.

I am so glad that the Facebook team suspended my account while I was sleeping.

How to Avoid Facebook Phishing Attacks?

( Facebook blog)

  • Remember, Facebook will never ask for your password in an email, Facebook message, or any medium that isn’t the login page. Though you will need to re-enter your password when you set a security question, change your contact email, or send a virtual gift.
  • Be extra aware of weird Wall posts. Don’t click on any links—on a Wall or elsewhere—if you don’t know where they go.
  • Set a security question for yourself on your Account page. If somehow something malicious shuts you out of your account, you will need the answer to that question in order for our User Operations team to let you back in. (If you’ve already set your security question, you won’t see a prompt for it on your Account page.)
  • Be extra aware of what website you are using to log in to Facebook (and other websites). Phishing websites can be made to look like other websites (like the Facebook log in page), and might try to disguise their urls. Be smart: starts out looking like a legitimate Facebook website, but that part means it’s fraudulent. Set and use a browser bookmark to make sure you always log in from
  • If you see a Wall post that looks like spam on a friend’s Wall, tell the author to delete it and reset their password immediately.
  • Use a modern web browser to benefit from anti-phishing protection
  • Check out This is another method for blocking specific domains that host phishing sites.

If you think you’ve been phished or find a phishing site,

  • Reset your password on your Account page.
  • Report the issue to Facebook here.
  • Submit phishing sites here and here.

I thought my Gmail was hacked last week but it turned out to be a Gmail bug that was marking my messages as read when I didn’t open them.

Plus, I have written several articles on how to detect Paypal phishing attacks. The above advice holds true for Internet use in general and more so for financial websites like your bank account, credit card accounts, etc.

Practice safe browsing!

Explore Tags: , , , , , , ,

Comments are closed.