A new mighty hack campaign has been spotted recently in the wild. It’s targeted against Facebook certificates and credential log-ins and consists of crooks sending e-mails to Facebook users stating that there was a fraud attempt for accessing their accounts. The fraud can be checked by simple security checks, but users rarely do so. The fraud is not new, and Facebook users are not the only victims to it. The most spread ones of such kind are targeted to bank accounts mainly as well.
Phishing E-Mails out of Facebook’s Name
What users typically see when entering their primary Facebook e-mail is a message, stating that there was an attempt for entering their account from an unknown or unusual IP address for example. The message contains a link for verification of the account, altogether with information that it has been temporarily locked. Once the users click on the link it starts loading fake web-site looking like the real one, Facebook in this case. The message looks quite reliable, moreover it has Facebook graphics inserted in its design, leading users to believe it has been sent by the official Facebook support.
“Catching” Fake Facebook Security Messages
There is a quite easy way to “catch” it though – the first sign is that the message is not being sent by an official Facebook e-mail.
Of course Facebook themselves also sent out such messages when in doubt of a fraud. Another way for users to avoid hacking their account will be to log into their account by manually typing the web-address into the browser if such e-mail has been received.
The third sign of malicious messages would be that they do not contain any more information in the body (no copyright information, terms & conditions, etc.). Missing such details should lead users to suspicion.
2FA Verification Method Recommended
Facebook user data can be quite valuable for crooks. It contains information for friends, e-mails, pictures, even phone numbers which can be used by hackers for spreading malicious software and phishing e-mails even further.
Users should be sensitive protecting their accounts. Therefore, it’s much advisable for them to turn on the two-step account verification (2FA) for their Facebook account as well. If the verification is enabled, they will in addition to entering their username and password will get a text message on a mobile number provided in their account to type into the page upon each account log in. If the page they have been lead to is a fake one, they won’t receive anything. This way hackers will not have a chance to enter it at all.
Last, but not least – be alert for a “temporarily locked account” message when you enter your account. Such will appear on the real Facebook page for sure.