Facebook users may receive emails that pretend to be from Facebook saying that they have violated policy regulations by annoying or insulting other Facebook users. The email further says that unless certain personal and financial information including 6 digit credit card number is submitted within 24 hours, the user's account will be done away with.
According to Hoax-Slayer, a typical phishing scam reads like this:
LAST WARNING : Your account is reported to have violated the policies that are considered annoying or insulting Facebook users. Until we system will disable your account within 24 hours if you do not do the reconfirmation.
Please confirm your account below:
The Facebook Team
Copyright facebook © 2011 Inc. All rights reserved.
Meanwhile, recipients who click the link will be presented with a fake Facebook "Account Disabled" web form. The form asks for Facebook login details including email, password, Facebook security question, Facebook security answer, the first six digits on the user"s credit card number and their country of residence.
"The emails are entirely bogus," said Lisa Vaas on Sophos' Naked Security blog.
As Facebook itself says on its security page:
Spammers and scammers sometimes send phony emails that have been made to look like they"re from Facebook or another reputable website. These emails can be very convincing, and the "From" field can even be spoofed to include "Facebook" or “The Facebook Team."
If an email looks strange, don"t click on any of the links in it, and delete it from your inbox immediately. Be especially wary of emails that ask you to update your account, tell you to open an attachment, or warn you to take some other urgent action.
Moreover, Hoax-Slayer warns users not to click on any links in the email itself and pointed out that, neither Facebook nor other reputable social media sites would ask for this information. All these phishing scams boil down to a naked grab for your account details and the mere request is a surefire way to suss out bogosity.