There’s a sneaky scam on Facebook that aims to steal your username and password without you even realizing it. Let’s dive into how this scam operates and learn how to stay safe.
A New Kind of Scam
As someone who has encountered various online scams, this one took me by surprise. It’s the first time I’ve seen this one.
The Deceptive Notification
On my phone, I received a notification related to my business page, South Metro Web. I must confess, I was initially fooled by it. This later made me realize how individuals who aren’t as familiar with technology could easily fall for this trap.
I clicked on the link to see what “copyright infringement” I might have committed.
The Warning Sign
The link redirected me to a website outside of Facebook. That immediately set off alarm bells in my head. Why would a Facebook link take me outside of Facebook?
Considering Your Safety
Normally, I would have stopped right there, but I started thinking about all of you. I decided to proceed and investigate further, for the sake of your safety.
The Request for Credentials
The next screen prompted me to enter my email address and password. That’s when I knew exactly what this scam was all about.
They were after my login credentials.
But they picked the wrong guy this time.
The Tech Boomer is too smart to fall for that.
Testing the Scammers
I knew what was going on, but I decided to enter a fake email address with the password “00000” to see if what I expected would happen.
If this were a genuine Facebook page, it should have informed me that the credentials were incorrect, but I was expecting the site to accept them. However, this is what I got.
Exploiting Two-Factor Authentication
These crooks have thought of everything. They know that many accounts have two-factor authentication (2FA) activated, which is what everyone should have. They asked for my birthday. With this they could try to “social engineer” their way into my account.
I kept going. I entered a fake birthday, Now if this were real, Facebook would have rejected it, citing a mismatch with the email address and password. But guess what?—the next screen declared a successful match. And my Facebook page was OK.
The Scammers’ Motive
Of course everything was fine. This did not come from Facebook This was just a simple form, it wasn’t verifying my credentials. All the scammers were after were my email address, password, and birthday.
Conclusion
I commend Facebook for issuing a warning that the link would redirect me outside of their platform. It’s crucial for all of us to remain vigilant. These crooks aren’t stupid; they’re incredibly slick. I have a strong suspicion that many people have already fallen victim to this scam.
As always, if you have a question about this or any other post, please leave a comment below, or you can email me at larry@thetechboomer.com.
They will literally try anything, it’s so important to be extant vigilant online!
Scams and hacks like this are increasingly sophisticated and it’s so sad that they prey on people who may not be paying attention or are maybe not so tech savvy. I usually have a really good ability to spot stuff like this but I do like that Facebook added the warning about it redirecting to a website outside the platform (which, as you said, is usually a really good indicator that it’s bogus). Thanks for the warning, and for taking a deep dive into this particular example.
Scammers and hackers are getting incredibly smart these days – thank you for the warning, we all need to be on guard for this.