Twitter & Facebook Phishing Scams – Enable 2FA Now!

    Twitter and Facebook Phishing Scams
    iStock

    Twitter and Facebook are two of the most popular social media platforms, with billions of users around the globe. This makes them a prime target for phishing scammers, as we have covered in our previous articles, here and here. Recently, netizens have reported a wave of new phishing attempts.

    Twitter Phishing Scams

    Twitter and Facebook Phishing Scams_Scott Witt Twitter announcement_20220711
    Source: Twitter

    Users have reported that their verified (blue-tick) Twitter accounts are being hacked and taken over by scammers. The scammers then use this authoritative identity to DM other users with phishing messages such as that below.

    Twitter and Facebook Phishing Scams_Phishing Message on Twitter_20220711
    Source: BleepingComputer

    Posing as a Twitter support worker, the scammers inform the would-be victim that “your account has been flagged as inauthentic”. You will then have to verify it via a link. The link however, is a classic phishing link that will take you to fake phishing pages designed to steal your personal information. Interestingly, this phishing scheme appears to be quite advanced as the fake page will only accept the correct password from the victim.

    Twitter Phishing_Scample Phishing pages
    Sample phishing pages

    If you receive any messages such as the above, think twice before following their instructions!

    Facebook Phishing Scams

    In the case of Facebook, malicious chatbots are sending would-be victims phishing messages with the announcement that “Your page has been scheduled for permanent deletion for not following the Facebook Community Standards…”. Supposedly, you can “appeal” the decision by clicking the button.

    Facebook Phishing_Fake Chat bbot impersonating FB page support_20220711
    Source: HackRead

    Needless to say, you should NOT do as told. Clicking the appeal button will take you to a fake phishing page where you’ll need to log in and authenticate your account with 2FA. Notice the weird, excessively long URL below (official websites like Facebook and Twitter never have URLs like this).

    Facebook phishing_Facebook phishing pages_20220711
    Source: HackRead

    As before, think twice before following instructions like the above. If in doubt, contact the company directly from your account.

    Think you might have clicked on a phishing link? Here’s what to do:

    • Change your Facebook / Twitter password immediately.
    • Enable 2-factor authentication (2FA) for better security. Here’s how to set up 2FA on Facebook:
      • Go to Security and Login Settings.
      • Find Use two-factor authentication and click Edit.
      • Select the security method you want to add and follow the instructions.

    Trend Micro Check

    We recommend our FREE Trend Micro Check tool: an all-in-one browser extension and mobile app for detecting scams, phishing attacks, malware, and dangerous links.

    After you’ve pinned the Trend Micro Check extension, it will block dangerous sites automatically! (Available on Safari, Google Chrome, and Microsoft Edge).

    TMC_CTA_Extension_2022

    You can also download the Trend Micro Check mobile app for 24/7 automatic scam and spam detection and filtering. (Available for Android and iOS).

    TMC_CTA_Mobile_2022

    Check out this page for more information on Trend Micro Check.

    Given you’ll be required to enter personal information on these kinds of platforms, ID Security will also ensure you’re never the victim of a data breach.

    And as ever, if you’ve found this article an interesting and/or helpful read, please do SHARE it with friends and family to help keep the online community secure and protected.

    Post a comment

    Your email address won't be shown publicly.

    0 Comments

      This website uses cookies for website functionality, traffic analytics, personalization, social media functionality and advertising. Our Cookie Notice provides more information and explains how to amend your cookie settings.