Facebook reinitialization code is targeted by the bad guys to steal user’s credential

Bangaly Koita 2 years ago

 

As we explained in the previous article (HOW TO PROTECT YOUR PASSWORD ON SOCIAL NETWORKS – osintafrica), most of the users on the social media such as Facebook and others are not aware of how to protect their account, this is due to the fact that the users are not trained for and did not receive any information related to that topic.

On Facebook, the password can be reset by simply entering the mobile number following by the password reset code. By knowing that, many bad guys use this opportunity to take over the user’s account without his or her consent.

Let’s give an example:

 

As you see in the screenshot, the message is in French.

Message details:

  • Sender or bad guy – Good morning, how are you?
  • Receiver or victim – Good morning, I am fine and you?
  • Sender or bad guy – Well, give me your mobile phone’s number
  • Receiver or victim – “Sent his or her number”
  • Sender or bad guy – Send me the code that you received
  • Receiver or victim – 92997418 is your Facebook password reset code

 

As you see on the message description, the bad guy asked the user to send his or her password reset code, once received they can use the code to reset the user password and take over the account. The technique used is very tricky and hard to detect by many users. The bad guy used the user’s emotion to steal his or her credential.

This issue is becoming more frequent actually. One important thing to mention is that most of the users who lose their password do not try to recover their account. They just open another account, which make the situation worse as more fake account more people will fall into the same situation.

This activity should be taken into account by Facebook by finding a proper solution to stop it. Below, we will give some recommendations that could help the users to prevent this activity from happening.

Recommendation:

  • Do not send the password reset code to anyone requesting it (the password reset code is confidential, it should not be shared)
  • Enable 2FA.
  • Use a more complex password (at least 8 digits with uppercase, lowercase and numbers and other characters as possible).
  • Inform customers about different attack aim to steal their password and how to protect their account (This part could be done by Facebook or other voluntaries as OSINTAFRICA).

 

You may have missed

Windows files system you should never whitelist in your environment

Bangaly Koita 3 weeks ago

New update in URLSCAN to detect malicious domains

Bangaly Koita 3 months ago

How to securely open a file

Bangaly Koita 8 months ago

Payoutproject[.]com the biggest scam ever on social media Facebook, twitter, TikTok, Instagram

Bangaly Koita 10 months ago

How to use a proxy server for free over the internet

Bangaly Koita 10 months ago