Your Trusted Contacts Can Hack Your Facebook Account. A considerable lot of us believe in and follow to assist your friend when they require you, yet not when the request come through Facebook.
In the event that you get a message from any of your Facebook Friends requesting urgent help to recover their Facebook account, since they’ve included you as one of their ‘Trusted Contacts’— simply don’t indiscriminately trust it.
Researchers have detected a new Facebook phishing scam that can even trick an experienced technical user into falling victim to the scam, helping an attacker gain access to your Facebook account.
For those unaware, Trusted Contacts is a recovery feature made by Facebook, which enables you to pick 3-5 friends who you trust to enable you to access your record in the event that you forget your password or your account is locked.
According to a public security alert published by AccessNow, the attack initiates by an already compromised account of one of your friends, asking for urgent help to get back into his/her Facebook account.
The attacker sends a message saying that he/she is having difficulty in accessing the account and asks you to check your email to verify a recovery code and share with the attacker, as you are listed as one of his/her Trusted Contacts on Facebook.
“So far we’re seeing the majority of reports [falling victims to this new Facebook phishing scam] from human right defenders and activists from the Middle East and North Africa,” Access Now added.
Realizing that a companion is stuck in an unfortunate situation, evidently one would share the code without even batting an eye. However, in actual, the code you received is not the key to unlock your friend’s account, but instead, the attacker initiated “Forgot my password” request for your account in an attempt to hijack your Facebook account.
The most ideal approach to guard yourself is to contact the individual and check in the event that he/she has truly sent you a recovery message or email requesting help. Also, it is worth remembering that when you get locked out of your account, your “Trusted Contacts” don’t just send you a recovery code — each of them send a part of a recovery code.
With a specific end goal to get over into your record, you need a part from all of your Trusted Contacts that you have chosen. To understand how this feature works, you can head on to this post.