Facebook 2FA phish arrives just 28 minutes after scam domain created
The crooks hit us up with this phishing email less than half an hour after they activated their new scam domain.
Stay informed on the latest Facebook security updates and protect your personal data with expert analysis and tips on our Information Security tag.
Search across headline titles and summaries.
Background for this topic.
Facebook is a social networking platform for user profiles, messaging, groups, pages, and content sharing, delivered through web and mobile clients and interfaces for third-party applications. Its security relevance comes from concentrating identity, relationships, communications, and personal data in a connected account ecosystem; compromise can expose private content or enable impersonation and targeted social engineering.
Security coverage includes vulnerabilities in Facebook’s clients, APIs, authentication, and account-recovery workflows, along with abuse of messages, groups, applications, and advertising features to distribute phishing or malicious links. Practitioners should distinguish platform flaws from credential theft or fraudulent content, assessing advisories by affected component, exploitability, and required updates. Privacy controls and third-party permissions reduce exposure but do not replace unique credentials, multi-factor authentication, session review, and prompt reporting; investigations may also require platform logs and preserved account or message evidence.
The crooks hit us up with this phishing email less than half an hour after they activated their new scam domain.
Scheme allegedly targeted over 10,000 victims
The clever, interactive phishing campaign is a sign of increasingly complex social-engineering attacks, researchers warn.
A new phishing attack is using Facebook Messenger chatbots to impersonate the company's support team and steal credentials used to manage Facebook pages. [...]
A new phishing attack is using Facebook Messenger chatbots to impersonate the company's support team and steal credentials used to manage Facebook pages. [...]