Beware of the insidious “fake verified account scam“: consists of a new attempt at phishing on WhatsApp which has the objective of steal your Facebook login details to obtain sensitive data. This scam is perpetrated by cybercriminals by sending an alarmist message in which they play the “part” of the customer support service. Half (the company that develops WhatsApp, as well as Facebook, Instagram and other social platforms). In particular, bad actors warn users of alleged violations of Facebook’s terms of use linked to their profile, threatening them with account closure within a few hours if they do not act promptly to resolve the issue. The pressure exerted by criminals is a tactic that has the sole objective of pushing the user to follow instructions which, in fact, lead the latter to hand over their account access data to the scammers. To defend yourself, you must learn to pay attention to the alarm bells contained in similar messages, ignoring the requests received.
How the fake verified account scam works
The fake verified account scam mechanism it is, conceptually, very simple. Cybercriminals pose as an official “helpline” (Meta’s), contacting victims with a message that may appear authentic. The message content is designed to generate concern and push the user to make hasty decisions.
Often, the text contains specific information about violations that never occurred, giving the message aaura of credibility. To add an extra layer of urgency, the scammers claim that the user’s Facebook account will be deactivated within 12 hours if you don’t respond immediately, increasing the sense of urgency that could push you to follow the criminals’ instructions.
What should the user do to resolve the situation? Click on a link contained in the message you received, which takes you to a web page, which looks like this.
If the user, in addition to visiting the page in question, also provides access credentials to his Facebook account, he will directly deliver the data to enter his Facebook profile to the cyber criminals who contacted him on WhatsApp and allowing the latter to complete the phishing attempt.
How to protect yourself from the fake verified account scam
For defend oneselfit is important to recognize some typical warning signs of this type of scam. First of all, keep in mind that the official support channels of Meta (and more generally of companies) have check marks, which indicate that these are truly verified accounts. Also take into account that security communications from Facebook occur exclusively through official channels such as in-app notifications, email or Messenger, and never via WhatsApp. If a message generates urgency or requires quick action, you would do well to become suspicious.
If you receive messages urging you to click on suspicious links, do not follow the instructions received. In fact, under no circumstances should you provide sensitive information regarding your accounts. Beyond that, enable two-factor authentication on your social accounts, including Facebook and WhatsApp e block and report suspicious numbers from which similar scam messages come.
