Social engineering hack

Forums › Social networks, social media and tools › Social engineering hack

MadEngineer

4591 posts

Uber Geek
+1 received by user: 2570

Trusted

#303698 1-Mar-2023 16:00

I received a Facebook message from someone I’d not caught up with for a while. Conversation went like:

Hi, how have you been?

Can you do me a favour?

I just bought a new phone and Facebook is not letting me in they ask for code approval from friend so I will send you the code you can it back to me thanks

… with me responding in between.

Then I get a txt message: nnnnnnnn is your Facebook password reset code.

Of course this is a scammer trying to trick me into thinking I’m helping someone reset their password through some friend assist feature but fortunately I realised they were tying to get into mine.

Damn dodgy and I imagine the same method could be used by any password reset function that uses 2FA

You're not on Atlantis anymore, Duncan Idaho.

wellygary

8813 posts

Uber Geek
+1 received by user: 5298

#3043687 1-Mar-2023 16:16

So they had managed to compromise the account of the long lost acquaintance??,

or were they able to impersonate them somehow??

MadEngineer

4591 posts

Uber Geek
+1 received by user: 2570

Trusted

#3043700 1-Mar-2023 16:54

Yeah they had been “hacked” and I called them to check. Their account was taken over and they were using their account to try and get into mine … from mine they’d then try to get into the accounts of all my FB contacts etc etc.

You're not on Atlantis anymore, Duncan Idaho.

xpd

Geek of Coastguard
14116 posts

Uber Geek
+1 received by user: 4579

Retired Mod

ID Verified

Trusted

Lifetime subscriber

#3043704 1-Mar-2023 17:09

If they did that with me, they'd soon find I don't have many friends to try it with..... ;)

XPD / Gavin

LinkTree

networkn

Networkn
32871 posts

Uber Geek
+1 received by user: 15469

ID Verified

Trusted

Lifetime subscriber

#3043776 1-Mar-2023 22:39

xpd:

If they did that with me, they'd soon find I don't have many friends to try it with..... ;)

I'll be your friend!

Wheelbarrow01

1784 posts

Uber Geek
+1 received by user: 2638

Trusted

Chorus

#3043784 2-Mar-2023 00:31

Yea I got the exact same message a few weeks ago. It came from someone who is in a particular Facebook group that I am also in. We had exchanged messages briefly a month or two ago, but I don't know him from a bar of soap and we are not direct friends on Facebook.

After I didn't answer the first message, I got follow up messages that were increasingly desperate (which I also ignored).

Since then I have heard that this type of scam is doing the rounds quite a lot.

ANglEAUT

altered-ego
2436 posts

Uber Geek
+1 received by user: 842

Trusted

Lifetime subscriber

#3043852 2-Mar-2023 10:03

networkn:
xpd: If they did that with me, they'd soon find I don't have many friends to try it with..... ;)
I'll be your friend!

On FB or IRL? Maybe on GZ?

😁

Please keep this GZ community vibrant by contributing in a constructive & respectful manner.

Mighty Ape

Shop now at Mighty Ape (affiliate link).

richms

29104 posts

Uber Geek
+1 received by user: 10222

Trusted

Lifetime subscriber

#3043861 2-Mar-2023 11:11

Yeah and its sad how many people will go along with it. This is why allowing a SMS only as a way to get back into an account for forgetting a password is IMO braindead.

Forgetting a password should be hard to recover from. They make it too easy resulting in scams like this working. I really hate having to give places a mobile number when they are this casual with what they will use it for.

Richard rich.ms

Gurezaemon

~HONYAKKER!~
1417 posts

Uber Geek
+1 received by user: 1567

ID Verified

Lifetime subscriber

#3043862 2-Mar-2023 11:20

My wife had to deal with this from her workmate last week. I eventually managed to get control of her account again, but it involved holding her passport up to the screen for Facebook to verify, twice.

The hacker was actively trying, in real time, to prevent her reauthorizing her own account, by changing passwords, etc. I still have no idea how.

Stealing someone's account is altogether too easy. I eventually convinced her to use the authentication thing instead of SMS, but it was a major PITA.

Get your business seen overseas - Nexus Translations

Senecio

2856 posts

Uber Geek
+1 received by user: 3169

ID Verified

Lifetime subscriber

#3043877 2-Mar-2023 13:11

Half the time people give their accounts away freely. You know all of those seemingly innocuous posts that get 22K replies.

"Your porn star name is:

Your favourite colour
The name of your first pet
The street number of the house you grew up in"

Its all just harvesting personal information that you may have used in your insecure password. And people give this information away freely in the name of a bit harmless fun.

MadEngineer

4591 posts

Uber Geek
+1 received by user: 2570

Trusted

#3043974 2-Mar-2023 16:16

Blue Bob 69

Wait what?

You're not on Atlantis anymore, Duncan Idaho.