Phishing of Facebook under the pretext of boosting likes

Posted byAnti-phishing Leave a comment on Phishing of Facebook under the pretext of boosting likes

These two screenshots show a Facebook engagement scam (“like boosting”) combined with a fake Facebook login page. The scam promises to increase likes, views, or engagement on social media posts, but instead steals the victim’s Facebook credentials.

Threat Analysis: Facebook “Like Booster” Scam – Credential Harvesting

How it works:
The victim encounters a link (via social media, email, or messaging app) promising free or cheap likes, followers, or engagement for their Facebook posts. The first screenshot shows a page with “Statuts” and “Like” buttons – a typical interface for a fake engagement service. The victim is told they need to log in to Facebook to activate the likes or to connect their account. Clicking the login button leads to a fake Facebook login page (second screenshot), which asks for:

  • Email or phone number
  • Password

After the victim enters their credentials and clicks “Log In,” the information is captured and sent to the attacker. The victim may then be redirected to a fake “processing” page or a survey wall, but no likes are ever delivered.

The goal:
The attacker steals Facebook credentials to:

  • Take over the victim’s Facebook account
  • Use the account to post spam, scams, or malicious links
  • Sell the account or its data on criminal markets
  • Launch further phishing attacks from a trusted account

Red flags to watch for:

  • Suspicious URL: The link leads to holidaypure.com (or similar), not facebook.com. Legitimate Facebook login pages are only on official Facebook domains.
  • Promise of free likes / engagement: Facebook does not allow third‑party services to boost likes via a simple login. Any such offer is a scam.
  • Login required on a third‑party site: A legitimate engagement service would not ask for your Facebook password. You would grant permissions via Facebook’s official OAuth (which does not require entering your password on the service’s site).
  • Unsolicited offer: Receiving a link promising free likes is almost always a phishing attempt.
  • Fake Facebook login page: The second screenshot mimics Facebook’s interface but is missing security indicators (e.g., proper URL, two‑factor prompt).

What to do if you encounter this:

  • Do not enter your Facebook email/phone or password.
  • If you have already entered your credentials, change your Facebook password immediately and enable two‑factor authentication (2FA). Also check for any unauthorized activity or connected apps.
  • Never use third‑party services that ask for your Facebook password – use only official Facebook tools or legitimate marketing platforms that authenticate via OAuth.
  • Report the phishing page to Facebook.

Protective measures:

  • Bookmark the official Facebook login page and use that bookmark.
  • Use a password manager – it will not autofill on fake domains.
  • Enable two‑factor authentication on your Facebook account.
  • Be suspicious of any service that promises free likes, views, or followers in exchange for your login credentials.

Leave a comment

Your email address will not be published. Required fields are marked *