How scammers steal Facebook credentials and break into accounts

This topic is empty.

Viewing 1 post (of 1 total)

Author

Posts
2022-11-22 at 18:16 #383522

Nat Quinn
Keymaster

Cybercriminals are getting better at tricking Facebook users into handing over their passwords and their two-factor authentication (2FA) codes at the same time, Sophos reports.

Their phishing attacks are becoming more sophisticated and often result in a “soft dismount” that leads users to believe the activity they approved with their password and 2FA code is legitimate and that no further action is required.

Sophos provided an example of such a phishing attempt it had received.

The attacker leverages Facebook’s rules to convince the user that they are violating its terms of use and sends fraudulent information saying the account will be suspended.

Image Credit: Sophos

They include a facebook.com link in their email — so as not to raise suspicion — that takes the user to a fake account with a link to appeal the shutdown.

In Sophos’ example case, the fake account was named Intellectual Property and used Meta Platform’s logo for an added touch of legitimacy.

The link included in the post does not feature the facebook.com domain, but Sophos notes that it starts with text that looks like a personalised link of the form facebook-help-nnnnnn, where the “nnnnn” digits are supposedly a unique identifier for the case.

The link first prompts users to input seemingly innocent information like email address, full name, Facebook page URL, and any additional information.

Image Credit: Sophos

It then prompts the user to prove their account ownership by requesting the password and 2FA code.

“The dialog here is very similar to the one used by Facebook itself, with the wording copied directly from Facebook’s own user interface,” Sophos said.

It then asks the user to wait for up to five minutes to see if the “account block” will be removed automatically.

At this point, the scammers immediately attempt to use the username, password, and 2FA combination to gain access to the account without the user realising anything untoward is going on.

Curiously, the scammers then redirect the user to Facebook’s official Help Centre — likely to get the victim away from the scam site and back to somewhere genuine.

How scammers steal Facebook credentials and break into accounts (mybroadband.co.za)
Author

Posts

Viewing 1 post (of 1 total)

You must be logged in to reply to this topic.

Cybercriminals are getting better at tricking Facebook users into handing over their passwords and their two-factor authentication (2FA) codes at the same time, Sophos reports.

Their phishing attacks are becoming more sophisticated and often result in a “soft dismount” that leads users to believe the activity they approved with their password and 2FA code is legitimate and that no further action is required.

Sophos provided an example of such a phishing attempt it had received.

The attacker leverages Facebook’s rules to convince the user that they are violating its terms of use and sends fraudulent information saying the account will be suspended.

Image Credit: Sophos

They include a facebook.com link in their email — so as not to raise suspicion — that takes the user to a fake account with a link to appeal the shutdown.

In Sophos’ example case, the fake account was named Intellectual Property and used Meta Platform’s logo for an added touch of legitimacy.

The link included in the post does not feature the facebook.com domain, but Sophos notes that it starts with text that looks like a personalised link of the form facebook-help-nnnnnn, where the “nnnnn” digits are supposedly a unique identifier for the case.

The link first prompts users to input seemingly innocent information like email address, full name, Facebook page URL, and any additional information.

Image Credit: Sophos

It then prompts the user to prove their account ownership by requesting the password and 2FA code.

“The dialog here is very similar to the one used by Facebook itself, with the wording copied directly from Facebook’s own user interface,” Sophos said.

It then asks the user to wait for up to five minutes to see if the “account block” will be removed automatically.

At this point, the scammers immediately attempt to use the username, password, and 2FA combination to gain access to the account without the user realising anything untoward is going on.

Curiously, the scammers then redirect the user to Facebook’s official Help Centre — likely to get the victim away from the scam site and back to somewhere genuine.

Quick Links

Points of Interest

Legal Info