Alert circulating on Facebook warns users not to click on a message claiming to be from FB Security because it is a “hacker” and a “virus”.
The warning is loosely derived from information about a genuine phishing scam campaign that is currently targeting Facebook users. Certainly, users should not follow links in messages purporting to be from Facebook Security because the links lead to scam pages designed to steal personal and financial information. However, the message in its current form is confused, inaccurate and potentially misleading and these problems significantly lessen its usefulness as a security warning.
IF U GET A MESSAGE FROM FB SECURITY IT IS NOT FROM FB!!!!!! IT IS A HACKER AND IT WILL TELL YOU THAT YOU HAVE VIOLATED FB RULES SOME HOW !!!!!!!!! IT TELLS YOU YOU HAVE 24 HRS TO RESPOND OR THEY WILL CLOSE YOUR ACCT!!!!!!! DO NOT CLICK ON IT!!!!!!! IT IS A VIRUS !!!!!!!!!!!!! !!!!!!!!!!!PLEASE RE POST!!!!!!!!!!!
According to an urgent sounding warning that is right now rapidly gaining momentum on Facebook, users should be fearful of any message claiming to be from FB Security because “it is a hacker”. Users are further warned not to click on the message because “it is a virus”. The warning claims that the message will tell users that they have violated Facebook rules and must therefore respond within 24 hours or their accounts will be closed. The warning begs recipients to repost the information to alert other users.
Although greatly garbled and confused, the message does have some relevance to a current and genuine security threat. For several weeks, phishing scam emails purporting to be from “Facebook Security” have been targeting Facebook users. These scam messages are designed to trick users into divulging their Facebook account login details and other personal information to Internet criminals. Several variants of the scam messages have been distributed. As suggested in the message, some claim that the recipient has violated Facebook’s Terms of Service. Other versions claim that the account has been fraudulently accessed via an “anonymous proxy”. Still others make the vague claim that the account may have been compromised and users must therefore verify their details. While some versions state that the account will be terminated if the recipient does not respond within 12 or 24 hours, other versions do not list a specific timeframe for the supposed termination. Links in many of the scam messages point to bogus Facebook pages that ask victims to submit their Facebook login details and other personal and financial information. Others lead to rogue Facebook applications. These phishing scam messages are discussed in more detail in another Hoax-Slayer article.
Thus, the advice in the warning message to avoid clicking on these “Facebook Security” messages is valid. That said, however, the message – at least in its current form – is so confused and misleading that its potential value as a security warning is severely compromised.
The warning calls the Facebook Security messages both a hacker and a virus in the one breathless, panicky, apostrophe riddled, ALL CAPS paragraph. Clearly, it cannot be both, and making such silly claims simply muddies the water. Certainly, following the link in one of the scam messages and submitting your personal information via the bogus page or rogue app could subsequently allow a criminal to access your account. But, of course, the message itself is not “a hacker” and just receiving it will not somehow magically give a “hacker” access to your computer. And, these phishing scam messages are certainly not computer viruses nor will clicking a link in one of the messages give you a computer virus.
Another problem with the warning is that, in referencing the supposed Facebook Terms of Service Violation, it describes just one of several, constantly morphing, tactics currently being used by these phishing scammers. This could cause users to focus on just one of these current threats while ignoring many others that are equally dangerous.
And, finally, the panicked, hyperventilating, over-the-top style of the message means it is likely to be utterly ignored by many Facebook users, already thoroughly jaded by a seemingly endless procession of “urgent”, all cap “warnings”, almost all of which are either outright hoaxes, or simply too misleading and inaccurate to have any real relevance.
To be useful, it is essential that circulated security warnings are accurate, up-to-date and clear in the description of the perceived threat. Otherwise, they tend to rob themselves of any real credibility and, ultimately, fail epically as valid methods of warning people about possible threats to the security of their computers.