PS.:This fake page has been up for days, and its posts, promoting a phishing link, apparently do not violate Facebook’s standards. Duly reported, but what really is the point since Facebook seems to love these?
Yesterday, I received an email purporting to be from Facebook, with the body reading:
Hi,
We are obliged to inform you that your page has been flagged because of unusual and illegal activity, therefore your page might be permanently deleted.
In order to avoid such actions from our side, you need to fill the forms following the link below.
If you decide not to act accordingly, we will immediately delete your page.
Yours,
Facebook Security Team
The ‘from’ address is secure@facebook.com01259.com, which should already scream ‘Fake!’ but my eyes weren’t drawn to that. Nor was it drawn to the fact the email came from AWS, not Facebook. I clicked on the link, because it was hosted at Facebook.
I arrived at this page:
Yes, it’s on Facebook, but it’s actually a Facebook page, which anyone can set up. This is the ‘about’ section from that page. If you click on their link, that’s when you get suckered in, as you have to fill out information about your own page. Beyond this, you have to log in again, and that’s when their fun starts.
After I learned of the scam, I sent out warnings on Twitter and on my public page at Facebook. I then reported the page to Facebook (it’s still there, as it has been since September). There’s also a second one along the same lines, also from September.
Here’s the real kicker: my Facebook post has actually disappeared. Facebook has deleted a warning to other Facebook users about parties using their platform illegally for phishing and identity theft. I’d call this an implicit endorsement of criminal activity.
It’s not unlike Google Plus, which used to delete my posts critical of Google itself—even though these are real warnings.
Please do not be taken in by this identity theft scam—and I’m very surprised that Facebook would actually allow it to happen.
Then again, remember Facebook used to force “malware scanner” downloads on us, so it seems to adopt the same tactics dodgy hackers do.
Interesting to get this letter from the UK today, sent air mail from the Croydon Mail Centre, Surrey, on September 5.
The Nigerian 419 scammers have figured out that email is ineffective, so they are moving on to this brand-new technology: mail.
As with the last time I blogged about clumsy 419 attempts—a terrible PDF—this one brings up more questions. An attorney without his own letterhead or an office address? A matter so urgent on August 19 that it took them 17 days to put it into the post? An executor so ineffective that it takes him nine years to locate next of kin?
These people do not think. If I can be found online, then clearly I’ve established a bit of a reputation. And I didn’t get there by being a moron.
As a public notice, please be wary of the change of medium from the 419ers. They may be reaching out to you soon via the postal system, a method that they commonly used before the days of email.
