Phishing attacks focus on stealing the target’s sensitive information. If you’re always on social media platforms such as Facebook, Instagram, etc., you’re a potential target for these threat actors. Some of the ways phishing works include phone calls, emails promising big wins, or warnings about account closure. If the target believes and panics, they’ll obey the cybercriminal’s instructions and compromise their security.
Recent phishing campaign on Facebook
Security researchers have discovered the latest phishing campaign targeting Facebook passwords. The threat actors aim to steal the login passwords of both personal users and Company pages on the media. According to the Abnormal Security researchers, the attackers send emails panicking their target to believe that Facebook wants to disable and remove their accounts and pages.
The email supposedly comes from the Facebook Team. It also accuses the target of infringing another user’s right through their posted content. The email message will also contain a link that’ll redirect the target to appeal the accusation. Once the victim clicks the first link, it will take him to a Facebook post containing another link to the website for the appeal. All these are to make the issue appear legit.
During the appeal process, the attackers request the sensitive information of the target. The data will include email addresses and their names. After filling out the form, the target will need to use his Facebook password to submit it. As soon as the target does that, the hacker will receive the credentials to access their Facebook page. Once there, he will collect the target’s sensitive information and lock them out of the account.
Apart from Facebook, any other account the target has that uses the same password will be accessible to the hacker.
How security researchers discovered the campaign
Usually, phishing messages or calls frighten the target into acting without thinking. Also, the presentations sometimes look and sound legit to prove their point. For instance, this email phishing on Facebook contains Facebook branding.
However, the researchers discovered that the email address didn’t belong to Facebook on a closer look. Also, the Gmail Address to which the target will respond doesn’t belong to Facebook. Another indicator was the content of the message. Security researchers believe that no legit online service can send that to their users.
The Facebook help Center recommends that users who receive such phishing emails log out of devices that they didn’t activate in their security settings. Also, they should change their passwords immediately and also report the incident.
How Facebook users can avoid phishing incidents
Facebook users must be privacy savvy to ensure that their sensitive information is not shared carelessly online. Also, every user should be wary of suspicious emails. Unfortunately, hackers have improved, and even the emails might appear too legit.
So, the best thing is to avoid emails that you are not expecting. Delete them once you receive them, and don’t click any redirecting links. If Facebook must contact you, it’ll do so through notifications. Moreover, any message request for money, threatening you, or asking for account credentials, is not legit.
Another thing to do is avoid some Facebook buttons that appear on some sites demanding a click. You might lose your account details and sign in through the websites once you do that. Instead, researchers advise that you use another tab to sign in to Facebook to like or share the content.
Other things you should avoid include,
- Using too simple passwords
- Downloading from free or fake sites
- Using public WiFi without a reliable VPN service
- Enter your sensitive information on a public PC or the one other people can access and use
Following the above rules won’t only help with Facebook but also help stay safe on social media as a whole.