Fraudsters have devised a new way to try to bypass 2FA protection within the Facebook platform, according to Sophos researcher Paul Ducklin.
Cyber criminals send out fake copyright infringement alerts threatening to remove the pages unless the user tries to appeal.
In the first step of the appeal, the victim is required to provide their username, password, and two-factor authentication (2FA) code from their mobile device, allowing fraudsters to bypass two-factor authentication (2FA).
Two-factor authentication (2FA) is an additional layer of protection and usually requires that a unique code be sent to the mobile device that must be entered in order to access the platform, but fraudsters are finding increasing ways to circumvent it.
Doklin explained his findings in a blog post, where he said: The new case is characterized by the use of fraudulent pages created within Facebook, which gives phishing emails an additional air of legitimacy.
He added: This method is not considered new, but it is interesting, as the e-mail is short and simple, and the link in the e-mail moves to the actual Facebook site, and the way to work within the fraudulent site is reasonable.
The fake emails provide evidence that they are not legitimate, but convincing enough to convince social media officials to want to gather more information about supposed copyright infringement complaints, which means clicking on the phishing link.
The email threatens to delete the victim’s page unless an appeal is filed within 24 hours.
The researcher found that the message transports the victim to a site belonging to the Central African Republic (CF.) domain hosted within a cloud hosting service that provides him with a certificate (HTTPS), which makes the detection process more difficult.
Once on the site, users are required to enter the password twice, access the Facebook app via their mobile device, and enter the two-factor authentication (2FA) code found in the Settings and Privacy section of the app.
Once they have access to the victim’s data within Facebook, attackers can sell the information, use it to hijack or remove pages, keep the data for ransom, or make fraudulent in-app purchases.
Facebook said: We recommend being careful not to click on any suspicious links, and if the user is compromised, he can get help in securing his Facebook account.
The company added that it recommends the use of an external authentication application as a primary security method, and there is a list of tips within Facebook to avoid phishing attempts.