{"id":18552,"date":"2022-03-21T04:10:16","date_gmt":"2022-03-21T12:10:16","guid":{"rendered":"https:\/\/www.palada.net\/index.php\/2022\/03\/21\/news-12285\/"},"modified":"2022-03-21T04:10:16","modified_gmt":"2022-03-21T12:10:16","slug":"news-12285","status":"publish","type":"post","link":"https:\/\/www.palada.net\/index.php\/2022\/03\/21\/news-12285\/","title":{"rendered":"Facebook phish claims “Someone tried to log into your account”"},"content":{"rendered":"

Credit to Author: Christopher Boyd| Date: Mon, 21 Mar 2022 12:07:49 +0000<\/strong><\/p>\n

Watch out for bogus Facebook phishing messages winging their way to your mailbox. The ruse is quite simple: The mail senders are relying on the recipient\u2019s sense of panic to respond without thinking about it.<\/p>\n

The mail looks professional enough, and seeks to imitate what would be a fairly typical looking message from Facebook. As for the panic aspect, the phishers have pinned the hopes of this attack onto the old faithful \u201cSomeone is trying to login as you, so you’d better do something about it ASAP\u201d routine.<\/p>\n

The phish<\/h2>\n

The mail itself combines a fairly clean design with minimal messaging. There\u2019s a tendency with some phish attempts to overstuff the mail with all manner of nonsense to look more convincing. When that happens, we often see increasing amounts of typos or broken mail design. This one simply gets to the point. It reads as follows:<\/p>\n

\n

Someone tried to Iog into Your Account, User lD\u00a0<\/em><\/p>\n

A user just logged into your Facebook account from a new device Samsung S21. We are sending you this email to verify it’s really you.<\/em><\/p>\n

Thanks,<\/em><\/p>\n

The Facebook Team<\/em><\/p>\n<\/blockquote>\n

So far, so good. However, it goes a bit off the rails with the two clickable buttons presented. The first one says \u201cReport the user\u201d which makes sense. The second one just says \u201cYes, me\u201d instead of something more plausible such as \u201cYes, it\u2019s me\u201d or even just \u201cIt was me\u201d. This may set some alarm bells ringing.<\/p>\n

The functionality<\/h2>\n

What happens when you click the button(s)? The expected process is to be whisked away to a phishing page and enter your details. Not here. This one follows the same pattern as a mail we covered a little while ago.<\/p>\n

You may remember the phish attempt claiming to have detected unusual sign-in activity from Russia<\/a>. That mail didn\u2019t bother with phishing pages. Instead, it popped open a pre-formatted mail in your client of choice for you to respond to the creators. Anybody replying would likely receive additional requests for login details or much more besides.<\/p>\n

This phish follows the same path, opening one of two pre-filled response styles depending on which button you select. “Report the user” is the most interesting one, pre-filling the subject line as \u201cSend statement\u201d.<\/p>\n

What is sent back may be a booby-trapped document of some kind, or perhaps phishing done through a form. It\u2019s also possible the dialogue will simply continue via mail. Whatever they\u2019re up to, they should be treated with the cold shoulder they so richly deserve.<\/p>\n

Go to the source<\/h2>\n

Always remember to navigate directly to the sender of supposed security alerts. If it’s genuine, you should be able to address whatever issue you’ve been sent. If there’s no sign of it, consider sending it along to them directly. It may be a scam sample they’ve not seen before, and this can in turn help them to protect a wider userbase. Above all else: don’t panic, because this is how attackers can trick you into doing something you’ll regret.<\/p>\n

Report, block, and go about your day.<\/p>\n

The post Facebook phish claims “Someone tried to log into your account”<\/a> appeared first on Malwarebytes Labs<\/a>.<\/p>\n

https:\/\/blog.malwarebytes.com\/feed\/<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"

Credit to Author: Christopher Boyd| Date: Mon, 21 Mar 2022 12:07:49 +0000<\/strong><\/p>\n

We take a look at a Facebook phish which tries to pressure potential victims into responding to mails that they really shouldn’t.<\/p>\n

The post Facebook phish claims “Someone tried to log into your account”<\/a> appeared first on Malwarebytes Labs<\/a>.<\/p>\n","protected":false},"author":4,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"colormag_page_container_layout":"default_layout","colormag_page_sidebar_layout":"default_layout","footnotes":""},"categories":[10488,10378],"tags":[3589,11539,16802,10511,3924,3985,10574],"class_list":["post-18552","post","type-post","status-publish","format-standard","hentry","category-malwarebytes","category-security","tag-facebook","tag-fake","tag-mail","tag-phish","tag-phishing","tag-scam","tag-scams"],"_links":{"self":[{"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts\/18552","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/users\/4"}],"replies":[{"embeddable":true,"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/comments?post=18552"}],"version-history":[{"count":0,"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts\/18552\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/media?parent=18552"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/categories?post=18552"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/tags?post=18552"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}