A family member just received a threatening message about abuse and termination of her business pages within 24h for "violating policies".
In spite of reassurance (and evidence from Google searches that this is a known scam) she is still concerned so hopefully Facebook are too.
The particular cause for concern is the link embedded in the message which purports to be https://apps.facebook.com/notifyforfanpages. Naturally we have not clicked the link & being on the iPad it is difficult to investigate whether it is a true link (problem 1).
Assuming it to be spam I tried to report it on the iPad but even following the help center advice I was unable to find the icon to click (forward/share) and was unable to do so (problem 2).
At this point I decided to investigate on a "proper" computer & found they the link was not false; in other words https://apps.facebook.com/notifyforfanpages exists and looks very convincing, titled "Security Center on Facebook". Naturally seeing a page like this on the Facebook.com domain many people would assume that they have to follow instructions to confirm their details (problem 3).
I don't have the sandboxed system I'd need to test further - and am already uncomfortable opening the above page which has who knows what running in the browser trying to infect my device - so can't say what may be extracted from the unwary. I leave it to Facebook to investigate further.
I realise you cannot stop every dumb user from clicking through to links which may harm them or their bank balance but the above message is particularly worrying because of its use of the Facebook.com domain. I therefore expect you to take prompt action to close the /notifyforfanpages "app" for the protection of the unwary, and at least investigate how you can stop app developers using them to lull users into following link bait.
A good proportion of your user base is business engaging with their clients/customers on Facebook which is now embedded in our daily lives. Not all businesses have highly qualified technical security teams they can rely on to catch this abuse and, like my family member, are vulnerable to it. I believe it is therefore in Facebook's interest to move rapidly on this one.
Regards Nigel Boor
(Infrequent but concerned user)


2 thoughts on “Message to Facebook

  1. Hi NIgel, this happened to us and the link was clicked on, resulting in FB a/c details being given out to the quite FB-looking app.
    The hackers then used the details to log on and delete our admin rights to our widely followed community page! We’re in contact with FB to resolve this, now that the page has re-emerged (reinstated)with their inappropriate posts and
    Did you write this info to FB, and get any response or resolution?
    Thanks, Michael

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s