Facebook supports Facebook Phishing

TL;DR: Facebook is aware of phishing attacks against its users and doesn't do anything about it.

Christian Hujer, CEO / CTO at Nelkinda Software Craft Pvt Ltd
First Published:
by NNelkinda Software Craft Private Limited
Last Modified:
by Christian Hujer
Approximate reading time:

1 The Suspicious Message

Today, I received the following message from a friend.

Figure 1-1: The phishing message

This was immediately suspicious for a number of reasons. The English was not my friend's style. The English sounded click-bait. The video preview was black.

2 The Suspicious Post

Following the video link in the message leads to this post:

Figure 2-1: The phishing post

3 The Phishing Site

And following that link leads to:

Figure 3-1: The phishing site

A tech-savvy eye immediately recognizes this as a phishing attack. The looks of the site are like that of Facebook. But the site is not Facebook. The address bar shows "". The grammar of the text is wrong. The copyright year is 2018. The looks of the site seemed "oldish". This site is obviously not Facebook. This site simply wants to steal your Facebook account credentials.

4 Facebook's Response: Shrug

So I've reported this to Facebook, and this was Facebook's response:

Figure 4-1: Facebook's response: All okay

This means that Facebook knows that there are phishing attacks going on, against Facebook users, on Facebook. And it means that Facebook doesn't do anything about it.

5 My Friend

I had immediately messaged my friend on WhatsApp. I told them that they were phished and should immediately change their Facebook password. Plus, they confirmed that they did obviously not send this message on Facebook.