|If you are using Google's Chrome web browser you may notice that it labels this website as 'Not Secure' - that's simply not true. For more info, see: "Google and Http"|
Old Articles About Me
ALAN ZISMAN ON TECHNOLOGY
Yet Another Facebook Scam
By Alan Zisman ©2022-02-22
Another day, another Facebook scam.
To understand it, you need a little bit of background on Facebook. Two things:
-- Thing One: while it often seems like 'anything goes' on Facebook, the social network tries to apply what it refers to as 'community standards' to posts - sometimes posts are censored, with the person posting receiving a message that the post appears to violate community standards. There is a process for appealing these decisions, though it's not entrely clear (at least to me) on what basis either the original decision or the appeal are made. You might want to take a look at the online document 'The Facebook Community Standards - what is and isn't allowed'.
-- Thing Two: along with individual Facebook users, Facebook carries a large number of groups and pages; users are encouraged to 'follow' groups and 'like' pages, and can generally post original posts or comments on posts in these groups and pages. (Some groups may limit the ability of individuals to post to them - or require that posts be approved by the group's moderator before they appear online).
Individuals such as you or I can create groups and pages for topics or activities that we're interested in. Since the distinction between groups and pages is fuzzy, take a look at 'Facebook Page vs. Group: Which One Is Right for You?'
While I follow or like quite a few groups and pages, I've created or become involved in administering or moderating several of each.
This morning, when I first took a look at my Facebook account, as usual, there were half a dozen or so Notifications - in the web browser on my laptop, Notifications are accessed by clicking on an icon showing a bell, in the top-right of the Facebook window. Typical notifications might tell me that someone has replied to a comment I made in a group, that someone else has 'liked' something that I've posted, that a group I follow has added an event, etc.
Along with some of those, this morning I saw two unusual ones.
'Page Center Community standards mentioned Western Swing Music Society in a post: 'Please Review...' and a second one with identical wording mentioning MacLean Park Music - both the Western Swing Music Society and MacLean Park Music are Facebook pages that I administer.
Huh? These sound ominous.
To follow up on a notification, you click on it in the list. Typically, that takes you to the comment that's being referred to. Clicking on the first Page Center Community Standards notification got me the full text of the notifcation:
Scarier and scarier. 'Otherwise, we will close your account permanently'. Well, there's a link to click. Here goes.
OK, that's straightforward - 'Confirm that this is your account'. Click Next.
Hmm - now the page wants me to enter my email and password to 'confirm' my Facebook account. The tab on my web browser claims this is Facebook - but the address bar near the top isn't anything like a Facebook.com web address. That seems fishy.
So I didn't enter any identifying information, and just closed the page.
Back up a couple of steps. A search for 'page center community standards Facebook' got me Facebook's 'Community Standards | Transparency Center' page - the one I referenced up above as the #2 hit. #s 1, 3, 4, & 5 got links to different Facebook pages - each with the name Page Center Community Standards - Home, just as if each was an individual user.
I clicked on the first hit. It claimed to be an 'RV Park' with a page that was set up Feb 16 2022. The next one was a 'Vegetarian/Vegan Restaurant' set up the same day. The next page wasn't available. #5 claimed to be a 'Video Game'. Each of the three that were accessible showed one or two posts - the first two had identical posts, claiming to be from Facebook noting that the page 'had been detected for activities that go against Facebook policies for copyright infringement'. The 'Video Game' page's post said it had been 'Deactivated' following a complaint of 'Service Violation'. Each of these posts included a link that at first glance might appear to go to Facebook - but rather than listing Facebook.com, they went to somewhere else with the word 'Facebook' appearing after the domain name and a slash. (In these cases, the address - rather than using the common '.com', like Facebook.com, was a 'dot-to' address - .to indicates websites registered in Tonga (!).
I clicked on these links - don't do that! A warning popped up from security software on my system (MalwareBytes's Browser Guard), warning of phishing and strongly suggested that I not continue. I took the hint. (Since I know I have this software installed, I knew this was not one of those fake security warnings that some people have seen).
I doubt these websites actually have anything to do with the Pacific Ocean island country Tonga - anyone can register a dot-to domain name. (My website, 'zisman.ca', is registered with the Canada national domain, which makes an effort to only register dot-ca domain-names to individuals and organizations with an actual Canadian presence). According to the Wikipedia article about the .to domain, this is one of the few domains that does not maintain a publicly accessible database of domain-name holders, making it popular with websites involved in copyright infringement.
So - it appears likely that these faux warning notifications were trying to obtain my Facebook log-in name and password in order to highjack my account - unlike the increasingly common cases where someone copies a Facebook user's name and photo and uses them to set up a new Facebook account, and then sends out requests to the original user's Facebook friends asking them to friend the new account, this one wants to actually take over my existing account, for its own purposes.
(Note that if you've activated Two-Factor Authentication on Facebook, someone even with your user-name and password would be unable to log in pretending to be you. I strongly recommend that you use so-called 2FA for Facebook and other online services (Gmail, for instance) where it's available).
Most of you don't administer pages or groups on Facebook, so you probably won't run into this particular scam... but there will be others trying to steal your online accounts and identity. Some things to look for:
-- pay attention to web addresses. If you look up above the screen-capture image asking me to enter my Facebook log-in and password, you should notice that it's not a Facebook address. Instead, it's some other web address, this time with the dot-vu domain - another Pacific Island, Vanuatu. While Facebook.com might have a legitimate reason to ask you to log in, random other web pages should not be asking for your Facebook log-in.
-- note that some slightly more sophisticated scams might try to confuse you - if I was doing this (which I'm not!) I might try to send you to a page on my website (zisman.ca) with an address like: http://zisman.ca/facebook - in fact, that page does exist, but if you click on it, you'll get a tutorial I wrote a couple of years ago on using Facebook, not a page pretending to be from Facebook. You've got to pay attention!
-- there can be other hints - grammar can be awkward - these notifications used awkward and run-on sentences and phrases like 'To be careful!' that (hopefully) the real Facebook would not use. And the notifications and related pages all had an icon with an orange envelope rather than the familiar Facebook white 'F' on a blue circle. But don't count on these! A scammer with better English-language skills and a spoofed icon would still be a scammer.
Ultimately, it's up to you. Security software helps - MalwareBytes warned me that the linked pages might be dangerous. Two-Factor Authentication can limit the damage if your user-name and password 'get out there'. But it's best to learn to pay attention to web addresses - just as you should learn to pay attention to sketchy neighbourhoods if you're taking a bus in a strange city at night. Don't assume that if you get a message saying you need to enter your log-in credentials that it's actually from who it's claiming to be.
What did I do?
I reported the pair of faux-warning notifications I received to Facebook.
Each post on Facebook - including these notifications - has (at least in the web browser interface on a desktop or laptop computer) three horizontal dots in the top-right corner of the post. Click on the dots and a menu pops up with a variety of options including Report Post.
Choosing the Report Post option brings up a list of reasons - I picked Something Else and then Fraud or Scam from the second page of reasons. I repeated these steps for the second notification I'd received.
I noticed that one of the multiple 'Page Center Community Standards' pages listed in my search no longer existed - hopefully, by reporting the scammy posts, one or two of the others will also be shut down.
Two days later, Facebook replied:
They seem to have decided that someone pretending to be Facebook's Community Standards is not in violation of Facebook's Community Standards. Curious!
Don't get scammed - stay mindful of where you are online and what information you're entering. And enable two-factor authentication wherever it's an option.
Older blog postings....