What to do if you get a message like the one we describe It’s your friends who need to generate the codes for you, as shown in the screenshot below: Note: Facebook does not send these text messages to your friends. If you lose access to your account, these friends can generate codes from their Facebook account and forward them to you. To activate this feature, you select three to five of your Facebook friends. How does the Trusted Contacts feature work? It’s an account recovery feature in Facebook that’s aimed at helping you regain access to your Facebook account and the email accounts and phone numbers linked to it. How Facebook’s “Trusted Contacts” feature really works Learn how “Trusted Contacts” actually works : It doesn’t work the way the phishing message in this attack suggests.Figure out what is really happening before you take action. This might make you think you have to hurry, and it could impair your ability to evaluate the situation objectively. In general, try to stay calm when you get a message where the sender appears to want to trigger a strong emotional reaction, like anger or fear. Confirm with your friend: Try to verify your friend’s identity by telephone or in person.But if you get an odd message, ask yourself, are you already aware of being on a list of “Trusted Contacts” for any of your Facebook friends? Treat urgent, unexpected messages with suspicion : Phishing messages often appear to come from a trusted friend.To help you stay safe, we encourage you to follow these recommendations: How to defend yourself against the attack That makes it an especially effective attack vector. When a message comes from a “friend,” people tend to trust it. It’s replicated across users’ social networks. In the cases we have observed, the attacker doesn’t stop after compromising just one account. Using the code, the attacker can now steal your account from you, and use it to victimize other people.In an effort to help, you send the code you’ve just received to your “friend.”.Then the attacker triggers the “I forgot my password” feature for your Facebook account and requests a recovery code.The attacker asks for your help recovering their account, explaining that you are listed as one of their Trusted Contacts on Facebook, and tells you that you will receive a code for recovering their account.You get a message from an attacker on Facebook Messenger, who is using the compromised account of someone on your Friends list. Here’s how the attacker attempts to exploit your trust in order to extract the information needed to steal your account: If you need access to your account, Facebook will send part of a code to each of these users that can be combined to gain access to your account.Īnyone who has a Facebook account could fall victim to the attack, but so far we’re seeing the majority of reports from human right defenders and activists from the Middle East and North Africa. If you enable Trusted Contacts, Facebook will ask you to identify three to five people. Trusted Contacts is a system created by Facebook to help you gain access to your account if you forget your password or your account is locked. The new attack targets people using Facebook, and it relies on your lack of knowledge about the platform’s “Trusted Contacts” feature. Read more about a recent spear phishing attack here. Spear phishing is an attack that targets a particular person and uses special messages that are more likely to appear genuine to a specific person. This is usually done through mass spam messages. Phishing is a method of obtaining unauthorized access to an account or service by tricking an authorized user into providing their credentials. Earlier this month, Access Now’s Digital Security Helpline began to get reports of hacked Facebook accounts that allowed us to identify a new method for targeted “ phishing ,” also known as “spear phishing.” Today, we’re publishing details of the attack so that users are better informed and able to identify this attack.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |