Facebook Account Update Phishing Scam Email


Email, purporting to be from Facebook, claims that Facebook is implementing a new login system and that the user must follow a link in the message to update his or her account.  

Brief Analysis

The email is not from Facebook. In fact, the message is a phishing scam designed to steal Facebook login details.


Subject: Facebook Account Update

Dear Facebook user,

In an effort to make your online experience safer and more enjoyable, Facebook will be implementing a new login system that will affect all Facebook users. These changes will offer new features and increased account security.
Before you are able to use the new login system, you will be required to update your account.
Click here to update your account online now.
If you have any questions, reference our New User Guide.
The Facebook Team

Facebook Phishing Scam email


Detailed Analysis

This email, which purports to be from social networking website, Facebook, claims that Facebook is about to implement a new login system. The message claims that Facebook users must follow a link in the message to update their details before they will be able to use the new system.

However, the email is not from Facebook and the claim that Facebook users are required to update their account details is untrue.  

In fact, the email is a phishing scam designed to steal Facebook login details from unsuspecting users. To further the illusion of legitimacy, the email is designed and formatted to resemble a genuine Facebook message. Those who fall for the ruse and follow the link in the bogus email will be taken to the following fake Facebook login page:

Fake Facebook Login Page

The fake login page has been created so that it looks like a genuine Facebook login.

If a victim enters his or her username and password on the bogus page and clicks the “Login” button, the following pop-up notice will be displayed:

Fake Facebook Notification

The notice claims that the account confirmation has been completed. Clicking the “OK” button takes the user to the genuine Facebook website.

Users who submit their login details on the fake page will actually be sending their username and password directly to the criminals running the phishing scam. Because the scam notice redirects to the genuine Facebook website, the victim may not realize that his or her account has been compromised until it is too late.

Once they have stolen this information, the scammers can then log in to their victim’s real Facebook account and pose as the genuine user. They can also change account details thereby effectively locking the genuine user out of his or her Facebook account. Having successfully hijacked the user’s account, the scammers can then use it to post spam and scam messages in the victim’s name and steal any personal information stored in the account.

Phishing scammers  regularly target Facebook users. Users should be very cautious of any email that claims to be from Facebook and asks them to click a link and provide login or other personal information.

Original Source : https://www.hoax-slayer.net/facebook-account-update-phishing-scam-email/