A Blow-By-Blow Facebook Account Hijack Attempt
Recently we posted a desk/hutch for sale on Facebook Marketplace. Only minutes later we received a Facebook Messenger message telling us someone was interested in the desk. They were not interested in the desk, they wanted to hijack the Facebook account. Here is how it went down.
As you can see, it seemed like a simple request to ensure that the seller was a legitimate seller, after all there are many scammers on the Internet. Except that the scammer was the buyer pretending to protect themselves.
What the scammer tried to do was to get the seller to provide the six digit code used to authenticate the seller’s Facebook account by pretending they were trying to find out if they were dealing with a “real seller”. What the scammer was actually doing was asking for the seller’s phone number and then sending a Facebook six-digit code so that they could hijack the account.
What the scammer was not counting on was a seller who had yet to set up two-factor authentication. It is for this reason alone, and only this reason, that this scam did not work.
Readers should note that the scammer’s attempt to hijack the account failed and thus demanded “another cell number”.
The lesson is never to send anyone any codes sent to your phone no matter how reasonable it seems. Do not send anyone any code for any reason.
Yes, there are legitimate reasons that banks, for example, will ask you to verify yourself so that they can provide you account information. But before providing such information, ask yourself, is it safe to do so? More important and what the scam reveals is that banks will not ask you for your cell phone number as they usually have it on file. They just send you the code to the number on file. The scammer did not have that so they asked for it.
The problem lies in that scammers use “groupthink” to look for ways around schemes like two-factor authentication, while the rest of us are busy individuals who rely on trust (bad) and our own experience to try to protect ourselves. It’s many of them against one of you.
The best thing to do is avoid giving codes to anyone unless the need outweighs the risk. The scammer in this instance betrayed themselves with the urgency of another phone or else, “bye.”
Apparently this scammer was too busy scamming others that they weren’t going to wait around for the seller to get their act together helping them hijack their Facebook account.
