After the WannaCry and Petya attacks earlier this year, ransomware and malware attacks have evolved to exploit various operating systems and applications. A good example of this evolution is a new phishing attack that exploits Facebook’s “Trusted Contacts” feature.
Facebook’s “Trusted Contacts” feature helps users gain access to their accounts if they forget their password. If this feature is enabled, Facebook will ask you to identify three people; if you’re ever locked out of your account, Facebook will send a part of the recovery code to each of these three users. Then you can combine these codes to gain access to your account.
How does this attack work?
This latest phishing attack works like this:
- An attacker sends you a message, asking for your help to recover their account.
- The hacker sends you a link and makes it seem like you’re one of their trusted contacts.
- The link they send is actually a password reset for your account, so the code it generates is to reset your password.
- Once you send the attacker this code, they can reset your password and take complete control of your account.
In essence, anyone with a Facebook account can become a victim to this phishing attack.
A good defense
As an admin, securing employees’ accounts is one of your top priorities. Even though few enterprises use Facebook for work, this latest Facebook phishing attack is still concerning since many employees reuse passwords for both personal and corporate accounts. We recommend sharing the following tips with your end users to help prevent them from falling victim to the attack:
- Act slowly, don’t let the message’s sense of urgency pressure you into responding.
- Before responding to the message, confirm the identity of the sender through various channels, including calling them or meeting them in person.
- Learn how Facebook’s “Trusted Contacts” account recovery feature works.
- If you’ve used your Facebook password as your password for any corporate platform, then those corporate passwords need to be updated immediately. You never know if a phishing attempt is isolated or is part of a larger attack attempt.
What to do if you’re attacked
Report the account to Facebook immediately, mentioning the possibility of a phishing attack.
If you’re a system administrator, this slew of attacks has probably got you wondering how to resolve other vulnerabilities in your network. With options to automatically deploy patches, restrict users from using certain applications or software, and apply predefined configurations, endpoint management software can help you keep your enterprise’s desktops, mobile devices, and other endpoints secure. You might not be able to control what your users do on their home networks, but you can at least keep your enterprise’s network secure.