Fraud is the “account deactivation message” on Facebook from “Meta” that has been widely spread in the last few hours in our country.

As reported by ellinikahoaxes.gr, since January 12, 2025, many Facebook users have received automated messages seemingly asking them to verify their account, which has allegedly been deactivated. This is a scam, as the message refers to a link that mimics the Facebook home page, with the ultimate goal of intercepting data from unsuspecting users.

The said message was shared by many users on social media.

What is valid

Several users expressed their skepticism over a misleading message they received from accounts using the – misspelled – nickname “Meta Maganer”. In said message unsuspecting users are informed that their account is supposed to be disabled and they need to re-verify it via a hyperlinkwhich is at the end of the message. Such a thing, however, is not the case, as the hyperlink served does not point to a Facebook or Meta website in general. in fact, this is a scam as myantispyware updates.

Hyperlink analysis

At the time of writing the ellinikahoaxes.gr article, three variations of the hyperlink in the misleading messages have been found. As shown below, in none of the three cases do the hyperlinks start with facebook/helpwhich takes the user to the notification management area, that is, where the deactivation of an account should appear. Instead, the hyperlinks in question refer to the addresses facebookassistancesecurity, check-meta2fa.tempisite and facebook-business-2fa, which are in no way related to Facebook.

Furthermore, through the use of the Whois tool, it is revealed that the misleading hyperlinks they use a Vietnamese company to host the websitesnamed Nhan Hoa Software Company Ltd. This immediately proves that these are fake pagesas well as on the actual Facebook pages, The websites are hosted by Meta Platforms, Inc.

Furthermore, ellinikahoaxes.gr, attempted to load the addresses in a protected environment and in all of them he received a notification that this is a phishing scamthat is, with the aim of extracting sensitive data. The fraudulent websites they mimic the Facebook home pagewhere the user is asked to fill in their login information, however the URL does not match that of the actual Facebook website.

Additionally, the Scam Adviser hyperlink rating does not exceed 2 percentwith many indications that this is a data interception scam. Specifically, it appears that the malicious websites use iFrame, a technology that allows one web page to be loaded inside another. Would-be fraudsters often use an iFrame’s vulnerabilities to commit cross-site scripting, a type of cyberattack that can, among other things, install malware and intercept data.

Therefore, users who received this message, or a variant thereof, should not open the hyperlink under any circumstances.

Countermeasures

Unlucky users who followed the fraudulent hyperlink can take the following measures:

  • Disconnect from any WiFi they use to avoid downloading malware over the network to other devices.
  • Scan their device for viruses and malware that may have been downloaded once they opened the hyperlink. Most devices have anti-virus software pre-installed.
  • Change their passwords, particularly for services such as bank accounts. The use of unique and strong passwords is considered necessary. There are specialized password management applications for this use.

Conclusion

This is a scam. The deceptive message leads to a website that mimics the look and feel of Facebook but, as demonstrated above, seeks to intercept data from unsuspecting users. This conclusion is reached when looking at Phishing alerts when opening the addresses in question, their Scam Adviser scores, as well as the sources of the messages. Under no circumstances should users open the hyperlink in question.