The latest phishing scam is targeting Facebook, with victims losing access to their accounts entirely. The scam involves a perpetrator impersonating one of your contacts, and using their compromised account to get access to yours. We’ve been finding out how this scam works, and how you can avoid falling victim to it.
What is a phishing scam?
Phishing, or a phishing scam, is where a perpetrator attempts to trick, coerce or socially engineer a victim into sending personal information to them - either knowingly, or unknowingly. Phishing is often in the form of an email, telephone call or message.
In some cases, victims of phishing scams accidentally download viruses or malware which sends personal information back to the perpetrator. In other instances of phishing, victims may be convinced that they’re speaking to their bank, their boss or their friends and family, and send money or personal information directly.
The phisher is usually after specific personal information, depending on the type of scam. This information might be login details to an email or social media account, banking details or simply your name and address. This information can be very valuable, as it can be used to access your personal finances, take out loans, or it can be sold for a profit on the dark web.
Phishing scams are often cheap to run, and require very little maintenance; thanks to the internet, perpetrators are able to contact a huge number of people quickly and efficiently. Between April 2020 and April 2021, at the height of the Covid-19 pandemic, it was estimated that victims lost £2.3 billion to various online scams.
How does the Facebook Messenger phishing scam work?
Victims of this phishing scam receive a message over Messenger, requesting assistance to help win an online contest. The message states that to win the contest, you need to share a link with a friend, who will then receive an authentication code to verify that they are real.
However, what the victim actually receives is part of Facebook’s password reset process. If they verify who they are with the authentication code, the perpetrator then has access to their account and their details.
These types of scams have fallen out of fashion over the past couple of years; you’re much more likely to receive a phishing scam which prompts you to pay a bill than win a contest. However, the clever thing about this scam is that we’re far less likely to be suspicious of a message coming directly from a friend or family member’s account.
The other compelling part of this phishing scam is that, at first glance, sharing a link and providing an authentication code doesn’t seem like something too far out of the ordinary. We’re much more likely to be wary of messages which request personal information or banking details directly; however this is far more subtle.
How can you avoid falling for this scam?
Just like many phishing scams, taking the time to think this scam through means that the cracks begin to show. There shouldn’t be a reason why a friend or family member needs you to verify their identity, and certainly not through social media.
If in doubt, contact the person who sent you this message directly, outside of the Messenger app or any other application which may use the same details. If they have been hacked, do not click the links in any messages that are sent. You can report a compromised account on Facebook here.
Tweet us @TranscenditUK
