Too many friends asked me about that stolen Facebook pages in the last week. Almost all these Facebook pages were stolen by phishing. Phishing is an old method of hacking by giving a visually identical Facebook page telling you that you need to give them some information because of anything. After you tell them the information including the OTP sent to your phone or e-mail, your account and/or your pages will be stolen.
If you are an admin of your own Facebook page or your business’s fanpage, you may see a post like this.
note: the post is in Arabic as this page is managed by people publishing in Arabic.
In the above screenshot, you see a page/account declaring it is a Support Account Security which implies it is related to Facebook / Meta company. But it is not. It is a stolen page used by hackers to publish a phishing link.
This Facebook page is publishing a “recommendation” of your own fanpage but saying “alert, your account is at risk, blah blah blah”. What security page tells you that your account is at risk by recommending you?!
The phishing link is the post is incomplete on wide screens such as laptop or tablet, but if you see the post on your smartphone, it will be shown complete like this.
Let’s dissect this phishing link.
The starting of the phishing link is a facebook link for redirection.
If you add any link as a value of
u= parameter, you’ll be redirected to that link.
In this phishing link, the link of the hackers is this link which if a website hosted by hackers on vercel company. Vercel is a known hosting company to host your websites.
I do not recommend you to open/click the phishing link unless you are a security expert. Why? because the hackers sometimes create a hacking campaign with many levels of security, or many layers of hacking methods. For example, maybe this phishing link lead to a website that is a phishing website which is already known but the hacker added a code to steal browser cookies, and another code to inject a code in your operating system memory. It’s complicated. Sometimes, it is simple, but sometimes it is simple enough to trap an expert.
After you open the phishing link, Facebook warns you that you are going outside Facebook. And if you want that, click on “Follow Link”.
After that, the phishing website itself appears. The phishing webpage seems related Facebook but it is not. It tells you that your Facebook account is at risk and blah blah blah. So, if you believe they are Facebook, you will click on “continue”.
Another phishing webpage will appear and tell you to fill in your Facebook account information and Facebook fan page information.
This is the Facebook page used by hackers to publish their phishing link to other pages on Facebook. This is already a stolen page.
The hackers stole this Facebook page and renamed it to seem as legit as possible and changed the profile picture and cover. It was specialized in diet and nutrition and probably owned by a nutritionist in Cairo, Egypt.
After stealing too many Facebook pages and accounts, hackers use them for stealing more and more from people.
This is a story published by hackers on a stolen Facebook page to encourage people to click a suspicious story link.
I reported this phishing link to Google safe browsing here to let them block the phishing website and put security alert in front of everyone trying to open this phishing website.