“Recently there have been reports citing copyright violations of your Facebook posts,” claims an e-mail. The notification looks convincing: It has a Facebook logo and header, and it comes from a seemingly legitimate address (noreply@facebook-support.com or similar). It prompts you to click a link to proceed to Facebook and declare that you are the copyright holder of the materials posted on your page and avoid being suspended from the platform.
The thing is, the link will bring you to a legitimate Facebook site and a form where you are supposed to fill in your page URL as well as your name, birthday, phone number, e-mail address, and Facebook password.
But if you take a closer look at this form, you’ll see that it is an app within Facebook. It has nothing to do with those who run Facebook (its URL begins https://apps.facebook.com/something). Any data you submit through this form will go directly to the scammers. Facebook is taking these apps down as it discovers them, but the campaign is still active.
This kind of phishing is very difficult to spot, but you can still verify whether the e-mail you got from Facebook is genuine:
- Log in to your account, click Settings – Security and Login – See recent e-mails from Facebook. If the e-mail you got in your mailbox is not on the list, it’s not actually from Facebook.