• Skip to main content
  • Skip to secondary menu
  • Skip to primary sidebar
  • Skip to footer
WebSetNet

WebSetNet

Technology News

  • Technology News
    • Mobile
    • Games
  • Internet Marketing
  • System Admin
    • Windows
    • Linux
    • Mac & Apple
    • Website Scripts
      • Wordpress

Facebook Phishing Scam: Attackers Use Trusted Contacts Feature To Trick Victims

August 5, 2020 by Martin6

A new phishing campaign is being carried out against users of Facebook. The scheme targets individuals and relies on abusing the platform’s Trusted Contacts feature in order to trick victims into surrendering personal information.

The attack was first identified by Access Now, a non-profit advocacy group that organizes around the cause of a free and open Internet. While the scam could be launched against anyone with a Facebook account, the organization reports early targets of the attack have been human right defenders and activists from the Middle East and North Africa.

At the heart of the phishing attempt is Facebook’s Trusted Contacts feature. First introduced by the social network in 2013, Trusted Contacts is a system developed to help people regain access to their account when they have been locked out or forgot their password.

When a user has Trusted Contacts enabled, Facebook will ask the person to identity between three and five people. When the user attempts to gain access to their account, Facebook will send part of a code to each one of the designated users, which they are then to pass on to the user. When those partial codes are combined, the user can regain full access to their account.

The threat actors carrying out the phishing attack will send a message through Facebook Messenger through an account they have already compromised so it appears as though it is coming from a friend. In the message, the attacker will ask for help recovering their account and claim that the user is one of their Trusted Contacts.

The attacker then triggers the “I forgot my password feature” for the account of the potential victim. Doing so will send a code to that person that is intended to help them recover their own account. But because they have been primed by the attacker to believe the code is part of the Trusted Contacts system, they surrender the account recovery code.

With that code, the threat actors can then gain access to the victim’s account. That includes full access to any information stored on their account including messages. The attackers can then continue to perpetuate the attack by sending a message through the newly compromised account to the victim’s friends.

There are a number of ways potential victims of this attack can prevent it from happening. First, attempt to confirm with the friend that they are who they claim. Contact the friend on a different platform, either via text or another messaging app.

Also, users are advised to take their time when reacting to urgent messages. Often times, attacks like these rely upon creating a panicked situation in which a person simply reacts rather than thinks about what they are being asked to do. Take a step back and think about the situation before responding.

It’s also worth learning about Facebook’s Trusted Contacts feature and possibly activating it yourself. Knowing about the feature would be an immediate tip off that it doesn’t work as the attacker suggests, and having it activated may help quickly recover an account if hackers find another way in.

Facebook also has a resource for those who believe their account may have been compromised. Anyone who is concerned about such a situation can visit the social network’s Hacked page and follow the instructions on screen to determine if an account is compromised and take action.

Source

Related posts:

  1. A new Minecraft: Bedrock Edition patch update is rolling out to all players
  2. Apple iMessage tips and tricks: Master iMessage on iPhone, iPad, Mac and iPod
  3. How to send a text on an iPhone
  4. How to Install Software from Source Code… and Remove it Afterwards
  5. How 20 Leading Brands Use Facebook to Engage Audiences
  6. Mobile Tracking – A Comprehensive Understanding of What, Why, & How
  7. 47 secret WhatsApp tips and tricks you might not know about
  8. 47 secret WhatsApp tips and tricks you might not know about
  9. How to send Free SMS in India
  10. Increasing resilience against Solorigate and other sophisticated attacks with Microsoft Defender

Filed Under: Uncategorized

Primary Sidebar

Trending

  • How to fix Windows Update Error 80244019
  • Windows 10 Update keeps failing with error 0x8007001f – 0x20006
  • How To Change Netflix Download Location In Windows 10
  • Troubleshoot Outlook “Not implemented” Unable to Send Email Error
  • How do I enable or disable Alt Gr key on Windows 10 keyboard
  • How To Install Android App APK on Samsung Tizen OS Device
  • 3 Ways To Open PST File Without Office Outlook In Windows 10
  • FIX: Windows Update error 0x800f0986
  • How to Retrieve Deleted Messages on Snapchat
  • Latest Samsung Galaxy Note 20 leak is a spec dump revealing key features
  • Install Android 7.0 Nougat ROM on Galaxy Core 2 SM-G355H
  • 192.168.1.1 Login, Admin Page, Username, Password | Wireless Router Settings
  • Websites to Watch Movies Online – 10+ Best Websites Without SignUp/Downloading
  • How to Backup SMS Messages on Your Android Smartphone
  • How to delete a blank page at the end of a Microsoft Word document
  • Fix: The Disc Image File Is Corrupted Error In Windows 10
  • Android 11 Custom ROM List – Unofficially Update Your Android Phone!
  • Samsung Galaxy Z Fold 3 could be scheduled for June 2021, with S Pen support

Footer

Tags

Amazon amazon prime amazon prime video Apple Application software epic games Galaxy Note 20 Galaxy S22 Plus Galaxy S22 Ultra Google Sheets headphones Huawei icloud Instagram instant gaming ip address iPhone iphone 12 iphone 13 iphone 13 pro max macOS Microsoft Microsoft Edge Mobile app office 365 outlook Pixel 6 Samsung Galaxy Samsung Galaxy Book 2 Pro 360 Samsung Galaxy Tab S8 Smartphone speedtest speed test teams tiktok Twitter vpn WhatsApp whatsapp web Windows 10 Windows 11 Changes Windows 11 Release Windows 11 Update Windows Subsystem For Android Windows 11 Xiaomi

Archives

  • June 2022
  • May 2022
  • April 2022
  • March 2022
  • February 2022
  • January 2022
  • September 2021
  • August 2021
  • July 2021
  • June 2021
  • May 2021
  • April 2021
  • March 2021
  • February 2021
  • January 2021
  • December 2020
  • November 2020
  • October 2020
  • September 2020
  • August 2020
  • July 2020

Meta

  • Log in
  • Entries feed
  • Comments feed
  • WordPress.org