Don’t Trust Your Trusted Facebook Friends

When one of the world’s massive social media sites offers an impenetrable way for account holders to regain a forgotten password and/or security question when they don’t have access to their registered email account, what could possibly go wrong?

Rest assured the Kings of Spam-a-lot reign supreme. They’ve wormed their way into this “foolproof” way to safely gain access to your Facebook account, or even help a friend with their account. Facebook developed a “Trusted Friend” option to help those locked-out users. What was once a happy idea has twisted tragically against Facebook users.

According to ACCESSNOW, this is how the Facebook phishing scam plays out:

– You get a message from an attacker on Facebook Messenger, who is using the compromised account of someone on your Friends list.

– The attacker asks for your help recovering his account, explaining that you are listed as one of his Trusted Contacts on Facebook, and tells you that you will receive a code for recovering his account.

– Then the attacker triggers the “I forgot my password” feature for your Facebook account and requests a recovery code.

– In an effort to help, you send the code you’ve just received to your “friend.”

– Using the code, the attacker can now steal your account from you, and use it to victimize other people.
Now that we know how it works against us, how can we make it work for us?

– If you receive a message from your friend on Facebook Messenger asking for the code to get back into her account, don’t assume it’s legitimate. A simple phone call to your friend will confirm or deny the request.

– Take the time to verify the email sender, hover over the source, make sure spellings are correct, and never immediately act without thinking and thoroughly vetting the source.

– If you’re suspicious your Facebook account has been hit, go directly to, then click “My Account Is Compromised.” Follow the indicated steps to find your answer.

Also use Facebook’s Security Checkup tool, which helps fortify your account security settings.

© Copyright 2017 Stickley on Security