fake Facebook page

On the 1 March 2023, i connected on my Facebook page and found a strange notification from the page "Socail Network Registry 1011999162" . I clicked on the notification and found out the message below.

https://www.facebook.com/Socail-Network-Registry-1011999162-117752521246073/

As a Cyber Security and OSINT lover, i was wondering why Meta will publish such message on a third party. 

I checked the page creation date and found out that the page is created on the 01.03.2012,the same date that the message was sent, which was alarming for me.

As you read above, the message is tricking users to click on a link to reactivate their account because the page was reported for identify theft.

The message contains an URL on which you should click to reactivate your account.

I took the user and verify from Browserling - Live interactive cross-browser testing

The image above, shows a fake Facebook page logo and registration to trick people to enter their credential. The intention is probably stealing the credential and ask money later to recover the account.

The actor behind the page sends the same notification to many third parties located in Austria including my page as well.

I checked the URL on Virus Total and got the following information:

https://www.virustotal.com/gui/url/1d43e62c0c1d4ed58919330306f534648b04650adc7f87047d204b55cbf0068e

The domain was submitted 2 hours ago. The final URL is available, so I checked the final URL and I got another useful information:

Whois Lookup Captcha (domaintools.com)

The domain was created on the 2023-03-01.

At this point, we can be pretty sure that the domain is a phishing domain to trick people to click on the link to enter their credential.

Be always careful before entering your credential and do not forget to use 2FA to secure your account