I’m confused. I got a text message from Facebook saying that my last post was reported by someone and that I need to “verify my membership”. Except it’s not taking me to Facebook’s Web site. What’s going on, and is this a scam?
Let’s start out with the basic fact: Yes, this is a scam. In fact, if Facebook needed to communicate with you, the company would through the Facebook messaging app or through a notification within Facebook itself. Why would it text you? Why would the company send you an email? This is true of all big companies, actually, so if you get an email from Google asking you to go to a third party site and verify your account status, or from your bank asking you to check an unknown deposit it’s almost guaranteed to be bogus. Not entirely sure? Go to that service as you usually would (for example, wellsfargo.com for Wells Fargo Bank) and check your messages within the site’s messaging system.
The important thing is to never tap or click on any links included in these sort of messages. At its most benign it could be porn or some casino site or scam, but it could also be an elaborate phishing attack where it looks completely like the regular site home page and, of course, prompts you to log in. At its worst, simply visiting the site could infect your system or device with malware. ¡No bueno!
A good friend of mine actually received a very similar text message “from” Facebook so I had a chance to investigate a bit. First off, here’s the message he received:
Not too bad an attempt, though they misspelled “avoid” just after the link. But there are a couple of things to notice before reacting in any way. First off, that link. user-page.online? If this were really from Facebook, it’d be something at facebook.com (or perhaps fb.com which is also one of their domains). Not some “.online” site, for sure.
Also notice the phone number. Facebook is based in Northern California and the 224 area code (as revealed by a quick Google search) is greater Chicago. Heck, if you Google the phone number itself you can find that it’s been used for scams as far back as 2004, when people calling from that number were pretending to be with local power utilities. The fact that it’s not shut down is frustrating, but if this were legitimately from Facebook, wouldn’t you think a search on the phone number would show it’s a Facebook support or security phone number?
Next bit of detective work is to learn a bit more about the domain itself. One way to do that is to replace the “fb” in the listed domain with “www”, producing www.user-page.online:
“Hosted by Namecheap”? Absolutely and incontestably not a real Facebook Web page!
With that in mind, going to the fb. user-page.online page is interesting because it produces an error “Can’t reach this page”. But my friend told me that he saw what looked like a legit Facebook login page. My conclusion: the scammers pulled down the page after getting in trouble with the hosting company. The page I ended up was a local one, however the curious “localhost/appManage/simpleIntrt”. How did I get there?
To find out, I cracked open a Linux command shell and used the curl command to see what was going on:
As you can see, the original domain is legit (so namecheap didn’t take down their domain for being scammers) they’re just using what’s known as a 302 redirect to bounce people to that localhost (e.g., your own computer) URL. What is simpleIntrt? I have no idea, nor could I find out by digging around on various info sites. It’s a mystery.
More importantly, it’s also a scam. It’s an attempt by the villains who are trying to steal people’s Facebook account identities to instill fear (“verify your membership to avoid the limitation”, from the original sms text message) and make you react and respond without doing your homework and being cautious. Don’t do it. Ever. Always be skeptical of notifications, whether text, email or phone calls, and skip revealing any information to the scammers before you have confirmed that it’s legit.
In this case, I can only hope that not a single person fell for the phishing scam, but if they did, well, next time they need to be more careful!
Pro Tip: I’ve been writing about scams, spammers and other types of digital attacks for quite a while. Please see my spam, scams and security help area for lots of other tutorials and cautionary tales. Thanks.