Facebook Accounts Breached and Used For Stealing Money
We have learned a new Facebook account scam campaign running in the wild, which includes taking over accounts and spamming the victim’s friend’s list with messages asking for monetary help. A Facebook user from Punjab, North India has today reported us about a new campaign, when he received a message from one of his Facebook friends via Messenger.
Facebook Accounts Breached and Used For Stealing MoneyThe IncidentSuspicion ReportWhat Could’ve Happened?How Can This Be Done?What You Should Do?
The Incident
The user who reported us the campaign asked to remain anonymous, but shared a conversation screenshot with us which led to primary suspicion. And for better explanation purposes, we consider him as Mr.X. The conversation (below) was between Mr.X and his friend, who is of the same region. The conversation went onto Mr.X asking his bank account number to send money, where the fraudster has given him a phone number and asked him to send via PhonePe or Google Pay. (PhonePe and GPay are payment platforms in India based on the UPI system to facilitate transactions between bank accounts. These can be done through their registered mobile numbers too since they’re linked to respective bank accounts).
Suspicion Report
Everything went well until the scammer said the account (phone number shared) will be on the name of “Sanjiv”. This led Mr.X to suspect the asker, as to why would anyone (that too a modern-day user) ask to send money to a different account rather than his? Well, this could be justified if they’re having issues with the bank account, but here’s the real catch. The asker (Mr.X’s victimized friend) in conversation don’t speak Hindi, but Punjabi, his native language. This strong suspicion cautioned Mr.X to back off from making the transaction, and check for the facts before reacting. Thereby, he made a call to his friend (to the one asking money here) directly and verified. To his friend’s surprise, he realized that his account may have been hacked, as he didn’t make any monetary requests to him!
What Could’ve Happened?
Simply, an account breach. Here, the scammer has somehow taken over his friend’s Facebook account to cleverly request for help. This could be defined as a social engineering attack too, where the scammer impersonates the victim to gain money from his close contacts, as they’d be easily falling for this trick. Since Mr.X realized that his friend never speaks Hindi, and also never asked for money to another account, he was saved. Others who cannot find the hints would probably be scammed. There have been reports of similar attacks happening with few Facebook accounts, where scammers are gaining unauthorized access to receive money from victim’s contacts.
How Can This Be Done?
There are several ways an account can be hacked. Not just Facebook, any online platform that needs the user to access with his login credential are prone to social engineering tricks. These are phishing emails/pages, keylogging, session hijacking, malware infections, DNS spoofing, etc. Out of all, usage of simple crackable passwords like “123456” or “password” or guess-able passwords like your phone numbers are vulnerable. Regarding Facebook, your username would be your email address, and the password can be guessed using malicious softwares like brute force attacks or others. In terms of phishing, where a scammer would send a similarly looking login page to lodge your credentials or keylogging, where your device is infected with a malware that logs everything you type in, are common ways of breaching one’s account.
What You Should Do?
Being cautious and just not stupid! Monitor your account’s recent activity periodically and try keeping a strong password that’s hard enough to be cracked. Using browser-based passwords managers are convenient, but they’re often not updated with strong protocols to secure data. Thus, using dedicated and reliable password managers like these can help. Note: If you suspect that you’re a victim of Facebook account hack, report here and learn how to be more secure on the platform.