“Trusted Contacts Can Hack Your Facebook Account”, the new phishing scam on Facebook



Facebook Phishing Scam: Your Trusted Contacts Can Hack Your Facebook Account

Many of us believe in and follow the proverb, “A friend in need is a friend indeed.” While it is good to help out your friends when they need you, but not when the requests come through Facebook.

Researchers at Access Now, an international non-profit organisation which looks into issues affecting open and free Internet, recently discovered a new phishing scam that abuses the “Trusted Contacts” feature on Facebook and tricks you into handing over your credentials to the attackers.

For those unaware, Trusted Contacts is a recovery feature created by Facebook, which allows you to choose 3-5 friends who you trust to help you gain access to your account if you forget your password or your account is locked.

According to a public security alert published by AccessNow, the phishing attack is carried out by someone who has already taken over the Facebook account of your friend. The attacker sends a message saying that he/she is having difficulty in accessing the account and asks you to check your email to verify a recovery code and share with the attacker, as you are listed as one of his/her Trusted Contacts on Facebook.



At this point, they try to log into your account using the “Forgot my password” button. The idea is that when you check your email to get your “friend” information, you end up passing the password recovery code of your own Facebook account to the attackers, thereby granting them access to hijack your account.

“The new attack targets people using Facebook, and it relies on your lack of knowledge about the platform’s Trusted Contacts feature,” Access Now warns.

“So far we’re seeing the majority of reports [falling victims to this new Facebook phishing scam] from human right defenders and activists from the Middle East and North Africa,” Access Now added.

The best way to keep yourself safe is to contact the person and check if he/she has genuinely sent you a recovery message or email asking for help. Also, it is worth remembering that when you get locked out of your account, your “Trusted Contacts” don’t just send you a recovery code — each of them send a part of a recovery code. In order to get back into your account, you need a part from all of your Trusted Contacts that you have chosen. Read more on Trusted Contacts by clicking here.

Kavita Iyer

An individual, optimist, homemaker, foodie, a die hard cricket fan and most importantly one who believes in Being Human

Recent Posts

Windows 10 October 2018 Update Rolls Out Again, Still Full Of Flaws

Windows 10 October Update Still Incompatible With Some AMD GPUs After a delay of over a month, Microsoft finally re-released…

13 hours ago

10 Best Anime Torrent Websites In 2018

All forms of animated media or often referred to as Anime has millions of fans across the globe. Anime is…

16 hours ago

iPhone X, Samsung Galaxy S9, Xiaomi Mi 6 Hacked At Pwn2Own Tokyo 2018

iPhone X, Samsung Galaxy S9, and Xiaomi Mi 6 fall prey to hacking in the Pwn2Own hacking competition in Tokyo…

1 day ago

Microsoft Releases The New Light Theme In Windows 10 19H1 Insider Build 18282

Microsoft rolls out Windows 10 19H1 build 18282 to Insiders with a new light theme Microsoft released Windows 10 Insider…

1 day ago

Microsoft finally re-releases Windows 10 October 2018 Update

Microsoft resumes rollout of Windows 10 October 2018 (version 1809)update Microsoft has finally re-released its latest Windows 10 October 2018…

2 days ago

iPhone X explodes after iOS 12.1 Update

Recently Apple Support has responded to a report of an exploding iPhone X, where the victim is claiming that while he was…

2 days ago