Facebook users at risk: New scam bypasses two‑factor security
13 August 2024 15:41
CERT Orange warns about a new Facebook scam. Cybercriminals use crafty methods to lull users into a false sense of security by bypassing two-factor authentication, which could result in users losing access to their accounts.
In the digital age, scams on social media platforms are becoming increasingly common. As one of the largest platforms, Facebook is particularly vulnerable to various forms of cybercrime.
Recently, cybercriminals have been using fake messages, allegedly from reliable news services, more frequently. Scammers post entries that, at first glance, appear authentic, encouraging victims to click on a link leading to a fake page. On this fabricated site, often under the guise of age verification, scammers request login details, leading to the account being taken over by criminals.
Scammers are becoming increasingly clever
Two-factor authentication secures accounts by requiring an additional step to confirm identity and the password, significantly making it harder for unauthorized persons to gain access. Even if the password is stolen or guessed, the need to provide an additional code generated by an app or sent via SMS reduces the risk of the account being taken over. This system effectively protects against phishing attacks and other attempts to gain access, providing an extra layer of security.
The CERT Orange team warns about a new, clever way to bypass two-factor authentication.
After moving to the fake site, scammers ask for login details to the account. However, they know that the common method is two-factor authentication, and the service will ask for login confirmation on a mobile device.
They display a static image confirming the two-factor authentication procedure in this situation. The fake message is intended to lull the victim into confirming the login (and thus handing over access details to the account).
Experts warn that this is one of the cleverest ideas recently made by criminals, and we should pay attention to the website address where we enter Facebook access details.