In what is being called one of the largest Facebook scams in history, millions of users have been duped into handing over their account credentials. The scam, which has been active for months now, tricks users into submitting their login information on a fake Facebook login page. Unconfirmed estimates suggest that nearly 10 million users have fallen prey to the scam. This is a huge issue, as attackers can use stolen credentials to hijack accounts and post spam or malicious links.
How the Scam Worked
The scam was perpetrated using a phishing technique known as “cloaking.” Cloaking is a method of hiding malicious content from security filters by using different codes or URLs depending on the viewer. In this case, the attackers used a script that would show a fake Facebook login page to users who were not logged into Facebook. This page looked identical to the real Facebook login page and even had the same URL. However, the script would check to see if the user was already logged in. If they were, it would redirect them to the real Facebook homepage.
This meant that only users who were not logged in would see the fake login page. And since most people are already logged in when they visit Facebook, it’s likely that many users were never even aware that they were being targeted by the scam.
The fake login page would then collect the user’s credentials and redirect them to the real Facebook homepage. At this point, the attacker would have full access to the victim’s account. They could then post spam or malicious links, which would be seen by all of the victim’s friends and followers.
How to Protect Yourself
The best way to protect yourself from this type of scam is to be very careful about where you enter your login information. Only enter your credentials on pages that have a URL that starts with “HTTPS.” This means that the page is using a secure connection and your information will be encrypted. You should also look for signs that the page might be fake, such as misspellings or grammatical errors.
Guardio is a cybersecurity company that develops technology to assist in combat new risks, creating a highly secure environment, and enhancing people’s online experiences. The Guardio Browser extension is designed to allow you to browse the web safely. Our browsers maintain pieces of our most sensitive and personal information, such as communications, financial information, crypto passwords, and e-commerce accounts. Guardio acts as the first line of defense against any potential dangers, rather than merely removing them once they’ve already reached your device and caused damage as previous solutions do.
Guardio keeps you safe while you’re surfing the web by blocking malware and scams. With Guardio, you’ll never have to second-guess clicking on links again.
If you think that you may have already fallen victim to this scam, you should change your password immediately and run a security scan on your computer. You should also report the incident to Facebook so that they can investigate and take action against the attackers.
What Can We Learn From This Scam?
This scam is a good reminder of how important it is to be vigilant about security online. Taking some simple precautions can protect you from becoming a victim of identity theft or account hijacking. Stay safe out there!