Skip to content
Cyberwarzone

Cyberwarzone

Cyberwar and Cybercrime News brought to you by Reza Rafati

Primary Menu Cyberwarzone

Cyberwarzone

  • Home
    • CybercrimeThe latest cybercrime news.
    • CyberwarThe latest cyberwarfare news.
    • CybersecurityThe latest cyber security news.
  • How To’s and Tutorials
  • Downloads
  • Videos
  • Cyberwar & Cybercrime group
  • Cybercrime
  • Eleor

Beware of “your account will be deactivated” Facebook Phishing scam (2022)

6 months ago Reza Rafati

In this post I will explain why you need to be aware of the “your account will be deactivated” scam, and I will share with you some actual phishing domains that are being used in the “your account will be deactivated” Facebook scam.

Taking a look at the “your account will be deactivated” scam

The facebook scam tries to lure Facebook users into providing credentials at the fake Facebook website.

The "your account will be deactivated"  Facebook scam
The “your account will be deactivated” Facebook scam

The first page of the Facebook scam

On the first page, the scammers try to trick the users by stating that some unusual activity had been detected, and because of that activity, the security team decided to deactivate your Facebook account.

The first page of the Facebook account deactivation scam
The first page of the phishing scheme

Your Account will be deactivated soon
We detected unusual activity on your account. Someone may have reported you in non-compliance with our terms of service. We have already reviewed this decision and the decision cannot be changed. To avoid having your account disabled, please verify your account.

Text used on the first page of the Facebook scam

The second page of the scheme

The Facebook user is requested to go to the next page. There the user will be prompted with a form that will request the birthday information of the user.

The final page of the scheme

The final step of the “Your account will be deactivated soon” scam, the scammers try to inform the Facebook user that all needed information has been received and that the account will not be deactivated. In reality, the scammers have received all of the information they wanted.

Fake page telling the Facebook user that everything is OK

The scammers that are operating these types of attacks will keep close track to the data they have received. The scammers will then simply forward the unaware Facebook user towards the official Facebook site.

Facebook informs via your profile

The Facebook Security team always informs Facebook account issues via the official Facebook website (facebook.com), they do this in such a matter, that you cannot miss the warning or information Facebook wants to share with you.

Some advice:

  • Don’t provide your Facebook credentials to anyone
  • If you get a message claiming to be from Facebook, simply start your Facebook as you would always do, and look for any messages from Facebook in your Facebook account

“Your account will be deactivated soon” phishing domains

The scammers which run this scheme utilize multiple domains to host their phishing content. I used the URLscan service to find these domains. This URLscan query quickly provided 21 versions of the phishing attack:

  1. app-bosco[.]dtqhn3ddnq-jqp3vn1ky650[.]p[.]runcloud[.]link
  2. app-kozey[.]mwwh1mboa9-xmz4qm5dx62o[.]p[.]runcloud[.]link
  3. app-baumbach[.]dtqhn3ddnq-jqp3vn1ky650[.]p[.]runcloud[.]link
  4. app-brakus[.]dtqhn3ddnq-jqp3vn1ky650[.]p[.]runcloud[.]link
  5. app-conn[.]dtqhn3ddnq-jqp3vn1ky650[.]p[.]runcloud[.]link
  6. app-berge[.]dtqhn3ddnq-jqp3vn1ky650[.]p[.]runcloud[.]link
  7. app-kilback[.]dtqhn3ddnq-jqp3vn1ky650[.]p[.]runcloud[.]link
  8. app-bogisich[.]dtqhn3ddnq-jqp3vn1ky650[.]p[.]runcloud[.]link
  9. app-bergstrom[.]dtqhn3ddnq-jqp3vn1ky650[.]p[.]runcloud[.]link
  10. app-kertzmann[.]3gotbtia9n-pxr4k0p053gn[.]p[.]runcloud[.]link
  11. app-gutmann[.]3gotbtia9n-pxr4k0p053gn[.]p[.]runcloud[.]link
  12. app-wunsch[.]3gotbtia9n-pxr4k0p053gn[.]p[.]runcloud[.]link
  13. app-bayer[.]3gotbtia9n-pxr4k0p053gn[.]p[.]runcloud[.]link
  14. app-yost[.]3gotbtia9n-pxr4k0p053gn[.]p[.]runcloud[.]link
  15. app-beier[.]kezunlxgra-ewl6n1jmj352[.]p[.]runcloud[.]link
  16. app-schmeler[.]kezunlxgra-ewl6n1jmj352[.]p[.]runcloud[.]link
  17. app-klocko[.]kezunlxgra-ewl6n1jmj352[.]p[.]runcloud[.]link
  18. app-morissette[.]kezunlxgra-ewl6n1jmj352[.]p[.]runcloud[.]link
  19. app-tillman[.]kezunlxgra-ewl6n1jmj352[.]p[.]runcloud[.]link
  20. acnrcvry[.]kezunlxgra-ewl6n1jmj352[.]p[.]runcloud[.]link
  21. scrtypages[.]kezunlxgra-ewl6n1jmj352[.]p[.]runcloud[.]link
Share this information
Tags: facebook, phishing, your account will be deactivated

Continue Reading

Previous Anonymous calls for cyberwar on TikTok in latest video
Next Killnet claims 14 new hacking groups have joined

More Stories

  • Cybercrime

Karakurt Hacking team hits San Benito school district

2 months ago Reza Rafati
  • Cybercrime

Ikea breached by Vice Society Hacking Team

2 months ago Reza Rafati
  • Cybercrime

Black Reward Hacking Team

2 months ago Reza Rafati
Read the full report by Group-IB

You may have missed

  • Cybersecurity

Top cybersecurity tools available today

2 months ago Reza Rafati
  • How to

Build your own SOC in 10 steps

2 months ago Reza Rafati
  • Cyberwar

Threat actors

2 months ago Reza Rafati
  • How to

What is phishing?

2 months ago Reza Rafati
  • Downloads

Cyber warfare in 2023 drawn by AI

2 months ago Reza Rafati



Copyright © All rights reserved. | CoverNews by AF themes.