Social media platforms are a prime target for hackers and scammers. They hijack accounts to steal data, spread malware and dangerous lies.
A hacker who gains access to one of your accounts can use your information to get into other accounts. A security researcher was recently able to access Facebook accounts that were logged in with Gmail credentials. Tap or click here for our report.
Facebook Messenger is used by nearly a billion people every month. Of course, this makes it irresistible to cybercriminals. A new phishing attack that steals login credentials is making the rounds on Messenger. Here’s how it works and ways to avoid it.
Here’s the backstory
With so many people using Messenger, Facebook employs chatbots to communicate with customers. This is standard practice for many big companies. Chatbots act as live support and either answer your questions or use them to direct you to the proper customer support representative.
Trustwave discovered a phishing campaign targeting people who manage Facebook pages. It starts with an email claiming your page will be terminated within 48 hours due to violating Facebook’s Community Standards. As many break these rules without realizing it, the threat seems legitimate.
Here’s an example of what the message might look like:
You can appeal the decision by clicking on the “Appeal Now” link. This opens a Messenger conversation with a chatbot. If you’re not logged into Messenger, you’ll be prompted to do so. This is a legitimate Messenger chatbox. The chatbot is an imposter, however.
Something is off about that account
The profile behind the “chatbot” is a typical Facebook page with no followers and no posts (red flags under any circumstances). Yet this seemingly inactive page is rated as “Very responsive,” which means the manager responds to 90% of messages within 15 minutes.
The page even uses the Messenger logo as its profile picture. A little on the nose, don’t you think?
The fake chatbot sends yet another Appeal Now button in the conversation. Clicking that takes you to a site masquerading as a Facebook “Support Inbox.” Trustwave quickly pointed out that the case number in the Page Support URL does not match the one in the Support Inbox URL.
Scroll down past the “Open” and “Appeal” buttons that don’t even function, and you’ll find fields to fill in name, phone number and email address. Submit the information, and you’ll get a popup asking for your password. If you haven’t felt suspicious up to this point, this should do it.
Your information is all sent to the scammers’ database. But they’re not through with you yet.
One last parting gift
You’re next redirected to a phony two-factor authentication page that requests the six-digit PIN just sent to your phone via text. It doesn’t matter what you enter — they have all your information, and now they’re just trying to appear more legitimate.
The final step in the scheme is to redirect you to the actual Facebook Help Center page. Fortunately, the fake Facebook Support page and the phishing website have been taken down. That doesn’t mean this type of scam can’t happen again.
What to watch out for
There are steps you can take to keep your Facebook account safe. In fact, these general guidelines work for just about any account you have:
- Never click on a link or download an attachment from an unsolicited email or message.
- Set up two-factor authentication (2FA) on all accounts that offer it, including social media and banking sites. The added security method dramatically reduces your chances of being hacked, as you must verify any login attempts manually.
- Typos and sloppy errors are major red flags.
- Keep your operating systems, apps and devices updated with the latest official software and patches.
- Have trustworthy antivirus software on all your devices. We recommend our sponsor, TotalAV. Right now, get an annual plan of TotalAV Internet Security for only $19 at ProtectWithKim.com. That’s over 85% off the regular price!