The deceit should be easy to spot even by regular users

Nov 10, 2014 17:49 GMT  ·  By

Cybercriminals have initiated a fresh email campaign aiming at Facebook credentials, and this time, they’re using the trick with the temporary account lock that can be removed with a simple security check.

The scam is not new and Facebook is not the only brand they used it on. Apart from names from major companies offering online services, banks have most often been used for this type of deceit.

Security check scam is still run by crooks

Crooks would send the message invoking the detection of an alleged unauthorized log-in attempt on the recipient’s profile. As a result of this event, they claim that the account has been locked until information proving ownership is provided.

Of course, the link to completing the action is offered in the email. As soon as launched, the address loads a fake log-in page for the alleged service, in this case Facebook.

The message in the current phishing campaign looks quite convincing, Hoax Slayer reports, with the help of Facebook graphics inserted for a more official look.

Facebook does send such emails to its users when fraud is suspected. One way to make sure that malicious intent is not at play would be to log into the account by typing the address manually in the web browser.

However, a quick glance at the bait text should be enough even for the average Joe to spot the scam. Lack of more details about the incident makes the email suspicious.

Turn on 2FA and the crooks will fail in their attempt

If the recipient follows the link and enters the data in the fields available in the fake page, all the information is automatically sent to the crooks; they can then use it to take over the account, if the two-factor authentication (2FA) security feature has not been enabled.

2FA is a supplemental code for validating the log-in information and verify the identity of the user. If the feature is turned on, the code is sent automatically to the mobile phone number tied to the account; it comes as a text message that needs to be entered during the authentication process.

Given the popularity of the social network website, there will always be value in its accounts and crooks will always try to trick unsuspected users into giving up their credentials. A Facebook profile is quite valuable, as it can be used to spread malicious campaigns.

Recently, a study containing the top five of the most used scams on Facebook has been published. At the top is the one promising a tool that reveals the identity of the profile visitors.

Facebook security check (3 Images)

Fake email claiming to be a security check from Facebook
Temporary lock on account suspected of fraudulent accessLegitimate Facebook security check
Open gallery