So it starts as a typical morning, drinking a cup of coffee, checking emails, and getting organized for the day. When suddenly I get a Facebook Messenger alert that a friend has sent me a chat message. I check the message and see a “Hello, Good morning” from one of my Facebook friends. I respond with a single “Good Morning” in response, then wait to see what the person wants to talk about.
A few moments later I get a response back, and the dialog starts with a vague message.
I respond with a polite response, waiting to see where this dialog is about to go.
A few moments later I get another response, this time asking if I know about some grant. At this point, something does not feel right in the dialog.
So I respond politely that I do not understand their message. Then I get a response that provides some additional details that includes a large dollar amount and stating that its free money, I won’t have to pay it back.
At this point, I stop engaging in the dialog and reach out to the person directly by contacting them on their mobile phone. After a quick dialog, I was able to confirm that the person on Facebook I am talking to is not my friend but someone who has gained access to their account.
It is clear that my Facebook Friends account has been compromised and someone is attempting to socially engineer me by leveraging my relationship and trust with the person. At this point, I worked with my friend to help them change their password, force a log out on all devices, and enable multi-factor authentication on their account to prevent this from happening again.
If you do not have multi-factor authentication enabled on your accounts your missing out on a significant security tool that can help you keep your accounts safe. Multi-factor authentication leverages a validation step using your mobile phone through a phone call, text message, or using an authenticator application to validate that the person logging into your account is you. Below are the steps that we took to reset the Facebook account password, Force a log out on all devices, and then enable Multi-Factor authentication to provide an extra layer of security.
- Reset your Facebook Account: https://www.facebook.com/help/248976822124608/?helpref=hc_fnav
- Force a log out of Facebook on all devices: https://www.facebook.com/help/211990645501187?helpref=faq_content
- Setup Multi-Factor authentication: https://www.facebook.com/help/2FA
Stay safe and alert! I have seen a significant increase in social engineering attempts trying to trick people into doing something that would potentially cause a financial loss.