{"id":470213,"date":"2022-11-22T11:34:12","date_gmt":"2022-11-22T09:34:12","guid":{"rendered":"https:\/\/mybroadband.co.za\/news\/?p=470213"},"modified":"2022-11-22T11:38:12","modified_gmt":"2022-11-22T09:38:12","slug":"how-scammers-steal-facebook-credentials-and-break-into-accounts","status":"publish","type":"post","link":"https:\/\/mybroadband.co.za\/news\/security\/470213-how-scammers-steal-facebook-credentials-and-break-into-accounts.html","title":{"rendered":"How scammers steal Facebook credentials and break into accounts"},"content":{"rendered":"<p>Cybercriminals are getting better at tricking Facebook users into handing over their passwords and their two-factor authentication (2FA) codes at the same time, Sophos <strong><a href=\"https:\/\/nakedsecurity.sophos.com\/2022\/11\/21\/how-social-media-scammers-buy-time-to-steal-your-2fa-codes\/\" target=\"_blank\" rel=\"noopener\">reports<\/a><\/strong>.<\/p>\n<p>Their phishing attacks are becoming more sophisticated and often result in a &#8220;soft dismount&#8221; that leads users to believe the activity they approved with their password and 2FA code is legitimate and that no further action is required.<\/p>\n<p>Sophos provided an example of such a phishing attempt it had received.<\/p>\n<p>The attacker leverages Facebook&#8217;s rules to convince the user that they are violating its terms of use and sends fraudulent information saying the account will be suspended.<\/p>\n<div id=\"attachment_470219\" style=\"width: 1210px\" class=\"wp-caption aligncenter\"><a  data-lightbox=\"post-image\" href=\"https:\/\/mybroadband.co.za\/news\/wp-content\/uploads\/2022\/11\/Facebook-phishing-password-request.jpg\"><img loading=\"lazy\" decoding=\"async\" aria-describedby=\"caption-attachment-470219\" class=\"size-full wp-image-470219\" src=\"https:\/\/mybroadband.co.za\/news\/wp-content\/uploads\/2022\/11\/Facebook-phishing-password-request.jpg\" alt=\"\" width=\"1200\" height=\"744\" srcset=\"https:\/\/mybroadband.co.za\/news\/wp-content\/uploads\/2022\/11\/Facebook-phishing-password-request.jpg 1200w, https:\/\/mybroadband.co.za\/news\/wp-content\/uploads\/2022\/11\/Facebook-phishing-password-request-600x372.jpg 600w, https:\/\/mybroadband.co.za\/news\/wp-content\/uploads\/2022\/11\/Facebook-phishing-password-request-800x496.jpg 800w, https:\/\/mybroadband.co.za\/news\/wp-content\/uploads\/2022\/11\/Facebook-phishing-password-request-768x476.jpg 768w\" sizes=\"(max-width: 1200px) 100vw, 1200px\" \/><\/a><p id=\"caption-attachment-470219\" class=\"wp-caption-text\">Image Credit: <strong><a href=\"https:\/\/nakedsecurity.sophos.com\/2022\/11\/21\/how-social-media-scammers-buy-time-to-steal-your-2fa-codes\/\" target=\"_blank\" rel=\"noopener\">Sophos<\/a><\/strong><\/p><\/div>\n<p>They include a facebook.com link in their email \u2014 so as not to raise suspicion \u2014 that takes the user to a fake account with a link to appeal the shutdown.<\/p>\n<p>In Sophos&#8217; example case, the fake account was named Intellectual Property and used Meta Platform&#8217;s logo for an added touch of legitimacy.<\/p>\n<p>The link included in the post does not feature the facebook.com domain, but Sophos notes that it starts with text that looks like a personalised link of the form facebook-help-nnnnnn, where the &#8220;nnnnn&#8221; digits are supposedly a unique identifier for the case.<\/p>\n<p>The link first prompts users to input seemingly innocent information like email address, full name, Facebook page URL, and any additional information.<\/p>\n<div id=\"attachment_470221\" style=\"width: 1210px\" class=\"wp-caption aligncenter\"><a  data-lightbox=\"post-image\" href=\"https:\/\/mybroadband.co.za\/news\/wp-content\/uploads\/2022\/11\/Facebook-phishing-2FA.jpg\"><img loading=\"lazy\" decoding=\"async\" aria-describedby=\"caption-attachment-470221\" class=\"size-full wp-image-470221\" src=\"https:\/\/mybroadband.co.za\/news\/wp-content\/uploads\/2022\/11\/Facebook-phishing-2FA.jpg\" alt=\"\" width=\"1200\" height=\"879\" srcset=\"https:\/\/mybroadband.co.za\/news\/wp-content\/uploads\/2022\/11\/Facebook-phishing-2FA.jpg 1200w, https:\/\/mybroadband.co.za\/news\/wp-content\/uploads\/2022\/11\/Facebook-phishing-2FA-546x400.jpg 546w, https:\/\/mybroadband.co.za\/news\/wp-content\/uploads\/2022\/11\/Facebook-phishing-2FA-728x533.jpg 728w, https:\/\/mybroadband.co.za\/news\/wp-content\/uploads\/2022\/11\/Facebook-phishing-2FA-768x563.jpg 768w\" sizes=\"(max-width: 1200px) 100vw, 1200px\" \/><\/a><p id=\"caption-attachment-470221\" class=\"wp-caption-text\">Image Credit: <strong><a href=\"https:\/\/nakedsecurity.sophos.com\/2022\/11\/21\/how-social-media-scammers-buy-time-to-steal-your-2fa-codes\/\" target=\"_blank\" rel=\"noopener\">Sophos<\/a><\/strong><\/p><\/div>\n<p>It then prompts the user to prove their account ownership by requesting the password and 2FA code.<\/p>\n<p>&#8220;The dialog here is very similar to the one used by Facebook itself, with the wording copied directly from Facebook&#8217;s own user interface,&#8221; Sophos said.<\/p>\n<p>It then asks the user to wait for up to five minutes to see if the &#8220;account block&#8221; will be removed automatically.<\/p>\n<p>At this point, the scammers immediately attempt to use the username, password, and 2FA combination to gain access to the account without the user realising anything untoward is going on.<\/p>\n<p>Curiously, the scammers then redirect the user to Facebook&#8217;s official Help Centre \u2014 likely to get the victim away from the scam site and back to somewhere genuine.<\/p>\n<hr \/>\n<h2 class=\"my-4\">Now read: <a href=\"https:\/\/mybroadband.co.za\/news\/security\/469913-tiktok-scrambling-to-avoid-possible-ban-in-the-us.html\" rel=\"bookmark\">TikTok scrambling to avoid possible ban in the US<\/a><\/h2>\n","protected":false},"excerpt":{"rendered":"<p>Cybersecurity firm Naked Security by Sophos detailed a phishing attempt scammers use to hijack two-factor authentication-protected Facebook accounts.<\/p>\n","protected":false},"author":341076,"featured_media":470215,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[27],"tags":[161,82829,73842,417,765],"class_list":["post-470213","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-security","tag-facebook","tag-facebook-scam","tag-meta-platforms","tag-phishing","tag-sophos"],"_links":{"self":[{"href":"https:\/\/mybroadband.co.za\/news\/wp-json\/wp\/v2\/posts\/470213"}],"collection":[{"href":"https:\/\/mybroadband.co.za\/news\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/mybroadband.co.za\/news\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/mybroadband.co.za\/news\/wp-json\/wp\/v2\/users\/341076"}],"replies":[{"embeddable":true,"href":"https:\/\/mybroadband.co.za\/news\/wp-json\/wp\/v2\/comments?post=470213"}],"version-history":[{"count":1,"href":"https:\/\/mybroadband.co.za\/news\/wp-json\/wp\/v2\/posts\/470213\/revisions"}],"predecessor-version":[{"id":470253,"href":"https:\/\/mybroadband.co.za\/news\/wp-json\/wp\/v2\/posts\/470213\/revisions\/470253"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/mybroadband.co.za\/news\/wp-json\/wp\/v2\/media\/470215"}],"wp:attachment":[{"href":"https:\/\/mybroadband.co.za\/news\/wp-json\/wp\/v2\/media?parent=470213"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/mybroadband.co.za\/news\/wp-json\/wp\/v2\/categories?post=470213"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/mybroadband.co.za\/news\/wp-json\/wp\/v2\/tags?post=470213"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}