There are plenty of ways to get into your Facebook account when you’ve locked yourself out, but only one lets you do so when you’ve forgotten both your password and security question and don’t have access to your registered email.
That’s Facebook’s ‘Trusted Contacts’ feature. Which lets you designate a couple of pals as keymasters. Unfortunately, hackers have now learned to manipulate that feature in an elaborate phishing scam to break into people’s Facebook accounts.
According to AccessNow, hackers have been using the innocent security feature to gain access to victims accounts by deceiving them into thinking they’re talking to one of their friends. What happens with Trusted Contacts is that, if you need to get into your account, you initiate the security procedure from the login screen and it sends an email to each of your listed contacts, with a piece of a password. You then have to put the two or three pieces together to enter your account.
However what hackers have been doing is, they’ve already gained access to the account of one of your friends. Then, they send you a message in chat saying they need help getting into their account and you’re one of their trusted contacts. However, what the hacker actually does is trigger the “Forgot my Password” feature on your account so, if you don’t look too closely, the security code you’re actually sending them is to reset your own account’s password. And boom, they now have access to your account too.
Of course, there are a few very basic ways to protect yourself from this phishing method. For one, don’t stop at a simple message from your friend’s Facebook Messenger. If they say they need a code from you, pick up the phone and call them to make sure they’ve really initiated the feature. Secondly, properly read the email sent to you, to ensure you’re not getting scammed by a stranger. It takes two seconds to see whether the email is giving you a “Password Reset” or “Trusted Contacts” security code. Most of all, don’t panic and blindly send a code your friends asks for when they’re “locked out”.
It’s only their Facebook account, they’ll survive the few minutes it’ll take you to verify the situation.