Facebook Users: Protect Your Data Now!

Don’t click on any links in emails you didn’t ask for, and only check the status of your Facebook account on the site’s official page.

A complicated phishing campaign is going on right now that’s aimed at Facebook users. Cybercriminals send fake account deletion notices and put people through a complicated process that includes form input validation and, in some cases, fake two-factor authentication (2FA) to get them to give away personal information.

The attack starts with an email telling a possible victim that their account has been suspended and will be deleted if they don’t send a review request or an appeal. The user has to click a link or button in the email to do this. Even though the next steps of the attack can be different, there are always multiple redirects and, at the end, a page with a form where users are asked to enter personal information like their full name, email address, phone number, Facebook password, etc.

Criminals add form validations, security checks, and fake 2FA to make the process look real and make sure that users only enter valid information. When the form is finally sent, attackers may stop the attack by sending victims to the real Facebook Help Centre page.

If you get a strange email that says it’s from Facebook, don’t click on any links it tells you to.

And if you want to check the status of your account, do it on your own. You can use your Facebook app or type the address of the official Facebook website into your browser.