Caution: Facebook Messenger Phishing Alert
February 1, 2022 |
Facebook users are being warned of a phishing campaign that tries to break into accounts, disguised as a Facebook Messenger chat from a friend. This campaign mostly active in Northern Europe at this time is bound to spread around the world.
Here is how it works:
1. You receive a message from a friend in Facebook Messenger whose account has been hijacked.
2. Your “friend” asks for your phone number, telling you that they entered in a lottery contest/draw and want to enter you as well
3. The prize is 8,000 Euros to be split between you and the “friend” who asks you to forward any SMS code you would receive
4. This code is actually generated by Facebook when the hacker uses your phone number to reset your password
5. If you send this code, the hacker will have your phone number and the verification code to change your password
6. The attacker can then log into your account and use all the different apps using your Facebook login (online stores, travels sites, etc…)
8. Also at this point the hacker could try to transfer money using Facebook Pay, harvest more data, scam people by asking for financial help (due to lost wallets or cards), try to get a loan from some of your friends.
9. The hacker could also enable malicious apps on your account that will automatically publish more malicious posts or spread malware in your name, and the hacker will never even have to log back into your account again. Click here on how to get rid of malicious apps on Facebook.
9. After a while they would lock you out of your account. While you struggle to get back in, the attacker would start attacking your friends using the same method and repeat this attack indefinitely.
It seems that this campaign has a high enough hit rate of success to make it worthwhile for scammers.
If you have been hacked:
Facebook has a few a pages to walk you through the steps to resolve your issue:
– facebook.com/hackeed
– facebook.com/help/203305893040179
How to avoid Facebook phishing scams:
If the sender of the message wants to be given codes or credit card information via SMS, the request should not be accepted. The identity of the questioner must always be verified. If the questioner is familiar, you can contact him, for example, by phone and ask if he is aware of this message. This information should not be disclosed to strangers.