Sunday, February 13, 2022

How do Facebook Messenger (and Instagram Message) Link scams work?

Every day large numbers of Facebook users receive a message that appears to be from a friend that invites them to click a link. If they click that link their Facebook friends (social graph connections) receive a similar message -- from them.

Many of the victims post on Facebook that their account has been hacked and that recipients should disregard the message. Most change their account passwords, some close their account.

So how does this work?

It's the old "enter password' trick -- a phishing attack. If you click on the link a Facebook screen asks to verify your account identity. This, of course, is a fake page. The credentials you enter there are used to send messages from your Facebook account.

The attackers don't try to change your password, they just send messages to recruit new credentials. There are lots of scams that can be run using Facebook or Instagram messages so this is a profitable business.

Just change your password and try not to be tricked again.

No comments: