Facebook hackers looking to steal your credentials are stepping up attacks in the form of legitimate-looking warnings. The scheme involves a fake copyright infringement notice.
Angela Begin came close to losing the social media accounts that helped fuel her company's growth over the last 15 years. But when she nearly clicked on an email message that appeared to come from Facebook, she almost did.
To engage clients and attract new members, Begin and her trainers at 20 Minutes to Fitness post daily fitness tips and testimonials on Facebook and Instagram.
The message she received stated her page violated Facebook’s copyright infringement standards and threatened to deactivate her account unless she clicked on the attached link.
“I just couldn't imagine losing everything that we've built. Because, again, that's where our fans and friends go and see who we are," she said.
Cybersecurity expert Keyaan Williams said his research found millions of people all around the globe are getting these messages every day.
“The scammer has set up a fake website that looks like Facebook, and that's how people's credentials are stolen," Williams said. With the credentials, "they have access to everything on their Facebook account.”
Williams said that small businesses may be more likely to click on a copyright infringement warning to ensure they aren't running afoul of Facebook’s rules. And there's more at stake than losing Facebook.
“If that Facebook account is tied to a business, they have access to the business account information to the personal account information to all of the people in that person's address book,” he added.
Always check the source of the message. Hovering over the link will tell you if it's from Facebook or a fake.
Facebook's help page said they will never send an email seeking your password.
If an email or Facebook message looks strange, don't open it or any attachments. Instead, report it to phish@fb.com or through the report links on Facebook.