A family member just received a threatening message about abuse and termination of her business pages within 24h for "violating policies".
In spite of reassurance (and evidence from Google searches that this is a known scam) she is still concerned so hopefully Facebook are too.
The particular cause for concern is the link embedded in the message which purports to be https://apps.facebook.com/notifyforfanpages. Naturally we have not clicked the link & being on the iPad it is difficult to investigate whether it is a true link (problem 1).
Assuming it to be spam I tried to report it on the iPad but even following the help center advice I was unable to find the icon to click (forward/share) and was unable to do so (problem 2).
At this point I decided to investigate on a "proper" computer & found they the link was not false; in other words https://apps.facebook.com/notifyforfanpages exists and looks very convincing, titled "Security Center on Facebook". Naturally seeing a page like this on the Facebook.com domain many people would assume that they have to follow instructions to confirm their details (problem 3).
I don't have the sandboxed system I'd need to test further - and am already uncomfortable opening the above page which has who knows what running in the browser trying to infect my device - so can't say what may be extracted from the unwary. I leave it to Facebook to investigate further.
I realise you cannot stop every dumb user from clicking through to links which may harm them or their bank balance but the above message is particularly worrying because of its use of the Facebook.com domain. I therefore expect you to take prompt action to close the /notifyforfanpages "app" for the protection of the unwary, and at least investigate how you can stop app developers using them to lull users into following link bait.
A good proportion of your user base is business engaging with their clients/customers on Facebook which is now embedded in our daily lives. Not all businesses have highly qualified technical security teams they can rely on to catch this abuse and, like my family member, are vulnerable to it. I believe it is therefore in Facebook's interest to move rapidly on this one.
Regards Nigel Boor
(Infrequent but concerned user)