Beware: Facebook’s login alert used to scam users
Malicious actors hide behind even the most mundane of alerts.
Everyone who’s ever tried logging in to Facebook from a new device is familiar with the “someone tried to log into your account” email.
According to a blog post by Christopher Boyd, lead malware intelligence analyst at Malwarebytes, scammers try to leverage the familiar message to their benefit.
Bogus Facebook phishing messages are making their way to users’ inboxes. As with many other phishing scams, threat actors bank on the victim’s sense of urgency in an event of an unknown sign-in attempt.
Boyd claims that the novel scam is dangerous because the message impersonating Facebook is made to look credible enough to fool anyone.
The email combines a minimal design with a clear message: “A user just logged into your Facebook account from a new device Samsung S21. We are sending you this email to verify it’s really you.”
The email presents users with two clickable buttons. One says, ‘report the user,’ while the second one displays the ‘yes, me’ option.
Interestingly enough, clicking on the ‘options’ does not lead a victim to a phishing site. Instead, it popped open a pre-formatted mail in your client of choice for you to respond to the creators.
„Anybody replying would likely receive additional requests for login details or much more besides,“ Boyd writes.
Once victims click on one of the two options, they‘re prompted with a pre-filled response form with an email subject line saying, ‘send statement.’
According to Boyd, the victims likely receive an infected document meant to further phish for credentials. An attempt to infect the system with malware cannot be ruled out.
To avoid falling victim to a similar scam, security researchers advise to always navigate directly to the sender of supposed security alerts. The service provider will always be able to assist with a real issue.
It’s also advised not to hurry with a response as scammers always try to abuse vulnerabilities coming from rushed decisions.
More from Cybernews:
Subscribe to our newsletter