If you have selected few Trusted Contacts on Facebook to recover your account when hacked, then Beware. Yes, a new phishing method made this clear that the trusted contacts on Facebook cannot be trusted blindly.
Earlier this month, Access Now, an international non-profit human rights organization dedicated to defending and extending the digital rights of users at risk noticed a lot of reports of hacked Facebook accounts. They found out that a new method of targeted phishing also known as spear phishing by which a users Facebook account is hacked through a compromised friend’s account.
- A hacker sends a message on Facebook Messenger from a compromised account of someone on your friend list asking for help to recover their account.
- The hacker convinces you that you are in the list of Trusted Contacts on Facebook, and tells you that you will receive a code for recovering their account.
- Then the hacker triggers the “I forgot my password” feature for your Facebook account and requests a recovery code.
- Falling in the trap, you send the code you’ve received to your “friend.”
- Using the code, the hacker can log into your account and then uses it to victimize other people on your friend list.
People fall for such kind of attacks with a lack of knowledge on “Trusted Contacts” feature. Trusted Contacts is a Facebook account recovery feature which will help you get back a locked Facebook account with the help of 3-5 trusted Facebook contacts you selected. Whenever you lose access to your account, these friends(trusted contacts) can generate codes(codes are not text messages)from their Facebook account and forward them to you. It’s your friends that generate the codes for you.
So if you get any messages asking you to send a message with a code from Facebook, don’t send any code to your “friend.” Instead, report the account as soon as possible here.
Access Now found said, “So far we’re seeing the majority of reports from human right defenders and activists from the Middle East and North Africa”. But any person with a Facebook account could fall victim to this attack.