TechThe new Facebook scam bypassing two-factor authentication

The new Facebook scam bypassing two‑factor authentication

CERT Orange warns about a new Facebook scam. Cybercriminals are employing a clever method to bypass two-factor authentication, attempting to lull users into a false sense of security. This could result in users losing access to their accounts.

Fraudsters use a clever method to capture Facebook login data.
Fraudsters use a clever method to capture Facebook login data.
Images source: © GETTY | NurPhoto
Paweł Maziarz

13 August 2024 20:49

In the internet age, scams on social media platforms are becoming increasingly common. As one of the largest platforms, Facebook is particularly vulnerable to various forms of cybercrime.

Cybercriminals have been increasingly using fake messages, purportedly from reliable news services. Scammers post messages that, at first glance, appear authentic, encouraging victims to click on a link leading to a fake page. On the fabricated site, often under the guise of age verification, scammers request login details, resulting in the account being taken over by criminals.

Scammers are becoming increasingly clever

Two-factor authentication secures accounts by requiring an additional step to confirm identity besides the password, significantly making it harder for unauthorized persons to gain access. Even if the password is stolen or guessed, the need to provide an additional code generated by an app or sent via SMS reduces the risk of the account being taken over. This system effectively protects against phishing attacks and other attempts to gain access, providing an extra layer of security.

The CERT Orange team warns about a new, clever way to bypass two-factor authentication.

After moving to the fake site, scammers ask for login details. They know that two-factor authentication is a common method and the service will ask for login confirmation on a mobile device.

They display a static image confirming the two-factor authentication procedure in this situation. The fake message is intended to lull the victim into confirming the login (and thus handing over access details to the account).

Experts warn that this is one of the cleverest ideas recently made by criminals and urge users to pay attention to the website address where they enter Facebook access details.

Related content
© Daily Wrap
·

Downloading, reproduction, storage, or any other use of content available on this website—regardless of its nature and form of expression (in particular, but not limited to verbal, verbal-musical, musical, audiovisual, audio, textual, graphic, and the data and information contained therein, databases and the data contained therein) and its form (e.g., literary, journalistic, scientific, cartographic, computer programs, visual arts, photographic)—requires prior and explicit consent from Wirtualna Polska Media Spółka Akcyjna, headquartered in Warsaw, the owner of this website, regardless of the method of exploration and the technique used (manual or automated, including the use of machine learning or artificial intelligence programs). The above restriction does not apply solely to facilitate their search by internet search engines and uses within contractual relations or permitted use as specified by applicable law.Detailed information regarding this notice can be found  here.