A new phishing technique is currently in use among hackers which aims to steal your Facebook passwords - including the administrators of company Facebook pages.
The hacking technique was explained by cybersecurity researchers at Abnormal Security. They said that the scam starts with a phishing email claiming to be from the 'Facebook Team'. The email reads that users' accounts may get disabled due to posting content that has been notified as violating the rights of another user.
The victim, later, is asked to click on a link to appeal the report which takes then to a Facebook post that is home to the link to another website.
READ | Taliban stops issuing driving license to women in Afghanistan's Kabul: Reports
To 'appeal', the user is also asked to provide their personal information such as their name, email id, and Facebook password which is sent directly to the attacker.
If the user re-uses their Facebook email id and password to access other websites or apps, they have access to those too. Because this phishing technique creates a sense of urgency, Rachelle Chouinard, threat intelligence analyst at Abnormal Security, said, "This is often enough to convince recipients to provide their personal information, particularly if they are using their Facebook account for business purposes."
The language of the email is designed to create fear in the victim, scaring them into forfeiting their account. It is highly unlikely for a company to send a message like this but if an email like this disturbs you, log in and check your account, all the information will be available there, rather than sharing your password for 'appeal'.
READ | I am talking about would I marry...': Bill Gates on getting married again
Facebook's Help Centre says users who doubt their account is being hacked should report it, and change their password. They should also make sure to log out of any devices that they don't recognise.
It's also recommended that users turn on multi-factor authentication to increase account security. ZDNet also contacted Google and they confirmed that the Gmail account used as part of the phishing campaign has been removed now.
