Facebook Messenger phishing page detected

Posted byAnti-phishing Leave a comment on Facebook Messenger phishing page detected

This screenshot shows an Arabic‑language phishing page impersonating Facebook, designed to steal login credentials (email/phone and password). The page is hosted on a suspicious domain and uses a fake registration or login prompt.

Threat Analysis: Facebook Phishing – Credential Harvesting

How it works:
The victim receives a phishing email, SMS, or social media message claiming a security alert, account suspension, or the need to verify their information. The link leads to this page, which mimics the Facebook login interface. The victim is asked to enter their email address or phone number and password, then click a button (likely labeled “login” or “register”). The credentials are captured and sent to the attacker.

The goal:
The attacker steals Facebook account credentials to:

  • Access private messages and personal information
  • Post spam, scams, or malicious links from a trusted account
  • Spread the phishing attack to the victim’s friends
  • Use the same email/password combination to compromise other accounts (if credentials are reused)

Red flags to watch for:

  • Suspicious URL: The page is hosted on a domain like نتجاهاص.xyz – a random, non‑Facebook domain. Legitimate Facebook login pages are only on facebook.com.
  • Poor Arabic grammar / typos: The text contains errors and awkward phrasing that would not appear on an official Facebook page.
  • Unsolicited login request: Facebook does not send links requiring users to log in to resolve account issues.
  • Minimal design: The page lacks Facebook’s full branding, security notices, and two‑factor authentication options.
  • No personalization: Genuine Facebook login pages often show a profile image or account selection after entering an email.

What to do if you encounter this:

  • Do not enter your email/phone or password.
  • If you have already entered your credentials, change your Facebook password immediately and enable two‑factor authentication (2FA).
  • Always access Facebook by typing facebook.com directly into your browser.
  • Report the phishing page to Facebook (via the official reporting tools).

Protective measures:

  • Bookmark the official Facebook login page and use that bookmark.
  • Use a password manager – it will autofill only on legitimate facebook.com domains.
  • Enable two‑factor authentication on your Facebook account (using an authenticator app).
  • Be suspicious of any unsolicited message that asks you to log in.

Leave a comment

Your email address will not be published. Required fields are marked *