AP Photo/Andrew Harnik
Facebook CEO Mark Zuckerberg testifies before a House Financial Services Committee hearing on Capitol Hill in Washington, Wednesday, Oct. 23, 2019.
- A clever Facebook scamming attempt makes use of the social network's "Notes' feature.
- People are writing notes that imitate official Facebook copyright warnings, then using them to trick users into giving up their passwords.
- There is a constant arms race between tech company security teams and scammers, hackers, and fraudsters trying to exploit their users.
Scammers have a crafty way to try to trick users into giving up their Facebook passwords - and they're using the social network itself to pull it off.
The phishing attempt tries to scare users by thinking their Facebook pages are at risk of being taken down for copyright reasons, and uses Facebook's "Notes" tool to make the hoax more legitimate.
It's another example of how scammers, hackers, and fraudsters are in a constant arms race with tech companies in their attempts to exploit the companies users', and how even the companies' own products can be co-opted to deceive people.
Business Insider found the phishing attempt when it was sent to our tips email, so here's how it works.
First, a user receives an email purporting to be from Facebook, warning them that their Facebook page was flagged by an unspecified "third party" and is at risk of being taken down.
"We received a report from a third party that the content you posted on your page infringes or otherwise violates their rights," the warning reads. "You manage a Page representing a company, organization or other entity that we have reason to believe you are not authorized to represent."
BIAnother clue it's fake: Okta is an independent company, rather than a service owned by Facebook.
It then invites users to follow a link to verify their identity, and this is the part that distinguishes it from a more rudimentary phishing attempt. Normally, the scammers might redirect the user to a website imitating Facebook - but instead, the user is taken directly to the real Facebook, to a Note that imitates an official copyright complaint.
It looks official, the user can see they're logged in and definitely on the real Facebook, and the note author is the generically named page "Policy Issues." If the user isn't very familiar with Facebook's user interface and Notes tool, it'd be easy to assume this is an official, Facebook-sanctioned warning - rather than an unauthorized imitation.
BI
The user is then told to follow a second link to continue the appeal process. This appears to be another official Facebook link, but it disguises a bit.ly short link that takes the user to facebook.com.fbmailcopyrights.com, a phony site pretending to be the real Facebook.
BI
The user is then asked to fill in various details, including their name, page name, and email address. Their password isn't requested until the last minute, in a realistic-looking "security" prompt after they hit send.
BI
Once the user does that, their account is compromised.
Using two-factor authentication - a security measure that requires entry of a code sent to a user's device before the login process finishes - can help mitigate some risk, by ensuring the phishers aren't able to access the user's account (though the password is still compromised). Users should also avoid re-using passwords, to ensure that if they accidentally expose the password for an account on one service their accounts elsewhere aren't at risk too. And before entering sensitive information, always make sure to check the URL to ensure the website is the real deal - rather than just a clever pretender.
A Facebook spokesperson said that the company had disabled the page behind the fraudulent note. In a statement, they said: ""We encourage people to report suspicious messages and posts like this one, and we educate people about keeping their account secure, including by not using their Facebook password anywhere else online. More information is available in our Help Center: facebook.com/help/phishing."
Got a tip? Contact this reporter via encrypted messaging app Signal at +1 (650) 636-6268 using a non-work phone, email at rprice@businessinsider.com, Telegram or WeChat at robaeprice, or Twitter DM at @robaeprice. (PR pitches by email only, please.)
Read more:
Next Story
Colon cancer rates are rising in young people. If you have two symptoms you should get a colonoscopy, a GI oncologist says.
I spent $2,000 for 7 nights in a 179-square-foot room on one of the world's largest cruise ships. Take a look inside my cabin.
An Ambani disruption in OTT: At just ₹1 per day, you can now enjoy ad-free content on JioCinema
RBI announces auction sale of Govt. securities of ₹32,000 crore
Catan adds climate change to the latest edition of the world-famous board game
Tired of blatant misinformation in the media? This video game can help you and your family fight fake news!
Tired of blatant misinformation in the media? This video game can help you and your family fight fake news!
JNK India IPO allotment – How to check allotment, GMP, listing date and more
