Facebook phishing with fake Apple offer in Arabic

Posted byAnti-phishing Leave a comment on Facebook phishing with fake Apple offer in Arabic

This screenshot shows an Arabic‑language phishing page that promises 10,000 free iPhones to lure victims into logging in with Facebook. The goal is to steal Facebook credentials.

Threat Analysis: Fake Apple Giveaway Phishing – Facebook Credential Harvesting

How it works:
The victim sees an ad or link promising a chance to receive a free iPhone (or multiple iPhones). The page claims the offer is limited and urges the victim to log in with Facebook to participate. When the victim enters their Facebook login credentials (email/phone and password) and clicks the login button, the information is captured and sent to the attacker.

The goal:
The attacker steals Facebook account credentials to:

  • Take over the victim’s Facebook account
  • Access personal messages and information
  • Post spam, scams, or malicious links from a trusted account
  • Use the account to spread the same phishing scam to the victim’s friends
  • Attempt credential reuse on other platforms

Red flags to watch for:

  • Too‑good‑to‑be‑true offer: Apple does not give away 10,000 iPhones through random Facebook login pages.
  • Login via Facebook for a giveaway: A legitimate giveaway does not require your Facebook password to claim a prize.
  • Suspicious URL: The page is hosted on a domain that is not facebook.com or apple.com. Legitimate Facebook login pages are only on official Facebook domains.
  • Urgency and limited quantity: Phrases like “before they run out” are classic pressure tactics.
  • Poor design / generic Arabic phrasing: The page lacks official Apple or Facebook branding and contains awkward wording.

What to do if you encounter this:

  • Do not enter your Facebook email/phone or password.
  • If you have already entered your credentials, change your Facebook password immediately and enable two‑factor authentication (2FA).
  • Always log in to Facebook by typing facebook.com directly into your browser.
  • Report the phishing page to Facebook (via their official reporting tools).

Protective measures:

  • Remember: if it sounds too good to be true, it is a scam.
  • Never log in to Facebook via a third‑party page – always use the official website or app.
  • Use a password manager – it will not autofill on fake domains.
  • Enable two‑factor authentication on your Facebook account.

Leave a comment

Your email address will not be published. Required fields are marked *