Skip to content
No results
  • News
  • Latest
    • Cybersecurity
    • How To’s and Tutorials
    • Cybercrime
    • Cyberwar
  • CWZ tools
    • Cybersecurity Cover Letter Creator for Job Seekers
    • IOC online editor
    • Create YARA rules online
    • SNORT rule generator (online)
    • Online Favicon checksum tool – MMH3, MD5 and more
    • ChatGPT 4 instruction assistant tool
    • Get domains from text (Free and Online)
  • Downloads
    • Cybersecurity A to Z: Essential Terms for Your Security (Infographics)
  • Videos
  • Contact
    • About us
    • Cookie Policy (EU)
    • Privacy Policy
CYBERWARZONE
  • News
  • Latest
    • Cybersecurity
    • How To’s and Tutorials
    • Cybercrime
    • Cyberwar
  • CWZ tools
    • Cybersecurity Cover Letter Creator for Job Seekers
    • IOC online editor
    • Create YARA rules online
    • SNORT rule generator (online)
    • Online Favicon checksum tool – MMH3, MD5 and more
    • ChatGPT 4 instruction assistant tool
    • Get domains from text (Free and Online)
  • Downloads
    • Cybersecurity A to Z: Essential Terms for Your Security (Infographics)
  • Videos
  • Contact
    • About us
    • Cookie Policy (EU)
    • Privacy Policy
CYBERWARZONE

Beware of “your account will be deactivated” Facebook Phishing scam (2022)

  • Reza RafatiReza Rafati
  • August 17, 2022
  • Cybercrime, Eleor

In this post I will explain why you need to be aware of the “your account will be deactivated” scam, and I will share with you some actual phishing domains that are being used in the “your account will be deactivated” Facebook scam.

Table of Contents

  • Taking a look at the “your account will be deactivated” scam
  • The first page of the Facebook scam
  • The second page of the scheme
  • The final page of the scheme
  • Facebook informs via your profile
  • “Your account will be deactivated soon” phishing domains

Taking a look at the “your account will be deactivated” scam

The facebook scam tries to lure Facebook users into providing credentials at the fake Facebook website.

The "your account will be deactivated"  Facebook scam
The “your account will be deactivated” Facebook scam

The first page of the Facebook scam

On the first page, the scammers try to trick the users by stating that some unusual activity had been detected, and because of that activity, the security team decided to deactivate your Facebook account.

The first page of the Facebook account deactivation scam
The first page of the phishing scheme

Your Account will be deactivated soon
We detected unusual activity on your account. Someone may have reported you in non-compliance with our terms of service. We have already reviewed this decision and the decision cannot be changed. To avoid having your account disabled, please verify your account.

Text used on the first page of the Facebook scam

The second page of the scheme

The Facebook user is requested to go to the next page. There the user will be prompted with a form that will request the birthday information of the user.

The final page of the scheme

The final step of the “Your account will be deactivated soon” scam, the scammers try to inform the Facebook user that all needed information has been received and that the account will not be deactivated. In reality, the scammers have received all of the information they wanted.

Fake page telling the Facebook user that everything is OK

The scammers that are operating these types of attacks will keep close track to the data they have received. The scammers will then simply forward the unaware Facebook user towards the official Facebook site.

Facebook informs via your profile

The Facebook Security team always informs Facebook account issues via the official Facebook website (facebook.com), they do this in such a matter, that you cannot miss the warning or information Facebook wants to share with you.

Some advice:

  • Don’t provide your Facebook credentials to anyone
  • If you get a message claiming to be from Facebook, simply start your Facebook as you would always do, and look for any messages from Facebook in your Facebook account

“Your account will be deactivated soon” phishing domains

The scammers which run this scheme utilize multiple domains to host their phishing content. I used the URLscan service to find these domains. This URLscan query quickly provided 21 versions of the phishing attack:

  1. app-bosco[.]dtqhn3ddnq-jqp3vn1ky650[.]p[.]runcloud[.]link
  2. app-kozey[.]mwwh1mboa9-xmz4qm5dx62o[.]p[.]runcloud[.]link
  3. app-baumbach[.]dtqhn3ddnq-jqp3vn1ky650[.]p[.]runcloud[.]link
  4. app-brakus[.]dtqhn3ddnq-jqp3vn1ky650[.]p[.]runcloud[.]link
  5. app-conn[.]dtqhn3ddnq-jqp3vn1ky650[.]p[.]runcloud[.]link
  6. app-berge[.]dtqhn3ddnq-jqp3vn1ky650[.]p[.]runcloud[.]link
  7. app-kilback[.]dtqhn3ddnq-jqp3vn1ky650[.]p[.]runcloud[.]link
  8. app-bogisich[.]dtqhn3ddnq-jqp3vn1ky650[.]p[.]runcloud[.]link
  9. app-bergstrom[.]dtqhn3ddnq-jqp3vn1ky650[.]p[.]runcloud[.]link
  10. app-kertzmann[.]3gotbtia9n-pxr4k0p053gn[.]p[.]runcloud[.]link
  11. app-gutmann[.]3gotbtia9n-pxr4k0p053gn[.]p[.]runcloud[.]link
  12. app-wunsch[.]3gotbtia9n-pxr4k0p053gn[.]p[.]runcloud[.]link
  13. app-bayer[.]3gotbtia9n-pxr4k0p053gn[.]p[.]runcloud[.]link
  14. app-yost[.]3gotbtia9n-pxr4k0p053gn[.]p[.]runcloud[.]link
  15. app-beier[.]kezunlxgra-ewl6n1jmj352[.]p[.]runcloud[.]link
  16. app-schmeler[.]kezunlxgra-ewl6n1jmj352[.]p[.]runcloud[.]link
  17. app-klocko[.]kezunlxgra-ewl6n1jmj352[.]p[.]runcloud[.]link
  18. app-morissette[.]kezunlxgra-ewl6n1jmj352[.]p[.]runcloud[.]link
  19. app-tillman[.]kezunlxgra-ewl6n1jmj352[.]p[.]runcloud[.]link
  20. acnrcvry[.]kezunlxgra-ewl6n1jmj352[.]p[.]runcloud[.]link
  21. scrtypages[.]kezunlxgra-ewl6n1jmj352[.]p[.]runcloud[.]link
Share This Message
Copyright © 2023 - WordPress Theme by CreativeThemes
Manage Cookie Consent
To provide the best experiences, we use technologies like cookies to store and/or access device information. Consenting to these technologies will allow us to process data such as browsing behavior or unique IDs on this site. Not consenting or withdrawing consent, may adversely affect certain features and functions.
Functional Always active
The technical storage or access is strictly necessary for the legitimate purpose of enabling the use of a specific service explicitly requested by the subscriber or user, or for the sole purpose of carrying out the transmission of a communication over an electronic communications network.
Preferences
The technical storage or access is necessary for the legitimate purpose of storing preferences that are not requested by the subscriber or user.
Statistics
The technical storage or access that is used exclusively for statistical purposes. The technical storage or access that is used exclusively for anonymous statistical purposes. Without a subpoena, voluntary compliance on the part of your Internet Service Provider, or additional records from a third party, information stored or retrieved for this purpose alone cannot usually be used to identify you.
Marketing
The technical storage or access is required to create user profiles to send advertising, or to track the user on a website or across several websites for similar marketing purposes.
Manage options Manage services Manage vendors Read more about these purposes
View preferences
{title} {title} {title}