Facebook taken over - update re FB Marketplace

[Steve Browning]

HI all

 

My Facebook/Messenger ac counts have been taken over. I received a message from a friend, asking me to vote for him in an  online music competition (he's a guitarist). I was asked to repeat a code to verify my vote, that he sent. With that my account was no longer mine. I tried to get it back, but it seems to have been lost.

 

Seriously annoying, and I'm usually pretty on the ball with this stuff. Not so, this time. Just beware folks.

Edited November 8, 2023 by Steve Browning

[Woodinblack]

Yes, that code thing is the two factor authentication, one of the big scams that they try  at the moment. Its a real pain but at least it isn't your bank account. 

[Steve Browning]

6 minutes ago, Woodinblack said:

Yes, that code thing is the two factor authentication, one of the big scams that they try  at the moment. Its a real pain but at least it isn't your bank account. 

Very true. More annoyed with myself really but so pointless. 

[Downunderwonder]

I don't FB but I bank. Pray tell more about this one. I am usually pretty scam savvy I think but no idea how this works.

 

My bank does password plus verification. It freaks me that I could log into a fake ib. address and input my password but sort of reassured that they would need my weird questions to have any chance of capturing the weird answers which would only garner a few letters at at a time. Or am I dead wrong?

[Steve Browning]

Bank doesn't seem to be affected.

 

I had a Messenger message from a friend. He wanted me to vote for him in an online music competition (he is a musician). He said he'd send a confirmation code to validate my vote. Silly me, fell for it and provided the code. That was, it turns out, the code that enabled them to access my account and change the contact details. It seems only Facebook and Messenger (my bank is fingerprint log on) are affected. I guess you won't get the same thing if you don't use FB or Messenger.

[Downunderwonder]

20 minutes ago, Steve Browning said:

Bank doesn't seem to be affected.

 

I had a Messenger message from a friend. He wanted me to vote for him in an online music competition (he is a musician). He said he'd send a confirmation code to validate my vote. Silly me, fell for it and provided the code. That was, it turns out, the code that enabled them to access my account and change the contact details. It seems only Facebook and Messenger (my bank is fingerprint log on) are affected. I guess you won't get the same thing if you don't use FB or Messenger.

None the wiser here. They gave you a code they got from where?

 

I tried to log into Amazon having forgotten my password. They emailed me a code. Then they asked me for my name, which I got wrong as almost nobody gets my real name online and I forgot which fake name I had given them. It's going to be a tough job for a scammer to take over the real Downunderwonder, I hope.

[Delberthot]

I received an email at 3.30am a few nights ago asking to confirm my Facebook account with a code so I immediately changed my passwords for Facebook and Instagram just in case. Looks like it was a similar scam to this one.

[ambient]

53 minutes ago, Downunderwonder said:

None the wiser here. They gave you a code they got from where?

 

I tried to log into Amazon having forgotten my password. They emailed me a code. Then they asked me for my name, which I got wrong as almost nobody gets my real name online and I forgot which fake name I had given them. It's going to be a tough job for a scammer to take over the real Downunderwonder, I hope.

 

He must use two-factor verification for his Facebook account. The code he input into the fake site was the 2-factor verification code sent by Facebook. He'd inadvertently given it to the hackers to use.

[goingdownslow]

For the last week I have been daily, sometimes twice, receiving Google verification codes by text message. I haven't requested them and they don't say what account they are for, I have five. I check them all and there is no suspicious activity.
I don't know what to make of them yet, possibly leading to some sort of scam or maybe someone else has set up their account with the wrong phone number.

[wintoid]

2 hours ago, goingdownslow said:

For the last week I have been daily, sometimes twice, receiving Google verification codes by text message. I haven't requested them and they don't say what account they are for, I have five. I check them all and there is no suspicious activity.
I don't know what to make of them yet, possibly leading to some sort of scam or maybe someone else has set up their account with the wrong phone number.

 

Me too and many others.  https://support.google.com/accounts/thread/235285575

 

I've changed my passwords, removed the verification phone and switched to a TOTP code, but still the texts continue.

[Woodinblack]

7 hours ago, Downunderwonder said:

I don't FB but I bank. Pray tell more about this one. I am usually pretty scam savvy I think but no idea how this works.

 

If you have two factor authentication with something, if you want to change your password or log into your account, you log in, and they send you a code to your phone or your email normally with a big disclaimer saying not to share it with someone. If they do get that number, they can log into your account and do whatever they want, the first thing is turning off 2 factor and changing the email / password - the account is now theres.

[Downunderwonder]

1 hour ago, Woodinblack said:

send you a code

That bit is clear. I know how that operates.

 

OP implied his scammer mates sent him a code from his real mate's hacked or impersonated account.

 

So they had to have known his email on the FB account to prompt FarceBook into sending the text. All in the background while having a public conversation as his mate about some bs survey competition. No?

 

Seems a pretty bogus system if it's that vulnerable. Wouldn't they have to be be poking his FB for it to text while he's logged in looking at it?

 

Or the other way around. They sit around waiting for him to be offline but not so busy. Quickly poke him from their scam account and hope he sees it and goes to it but doesn't log in before they have poked FB to send the text code so OP gets it all at once thinks it is the real thing....

[Cliff Edge]

On 05/11/2023 at 14:55, wintoid said:

 

Me too and many others.  https://support.google.com/accounts/thread/235285575

 

I've changed my passwords, removed the verification phone and switched to a TOTP code, but still the texts continue.

Slightly off topic but Google has/had a long standing issue with email/account names. If I set up an email account  cliff-edge at Google dot com, I can also use cliffedge as well and will receive email using either. But someone else can set up an account cliffedge at google dot com. So you can imagine how that works, or not.  Accounts my wife and I set up years ago using a hyphen to separate words have been affected by this. We both occasionally receive emails not meant for us. Luckily the email accounts are largely used as junk black holes these days. Passwords are changed fairly regularly. 

[Steve Browning]

Bit of an update/warning. I am told that accounts like mine are often used to make fraudulent sales in FB Marketplace. 

 

Some here are FB chums but I would never sell through that medium. If you see an advert purporting to be me, please report it.

[Woodinblack]

31 minutes ago, Steve Browning said:

Some here are FB chums but I would never sell through that medium. If you see an advert purporting to be me, please report it.

 

No luck getting the account back?

[Steve Browning]

3 hours ago, Woodinblack said:

 

No luck getting the account back?

 

It would seem not. I've thrown in the towel with that I think. Dull, but there are bigger problems people face.

[Steve Browning]

It does look as though it's been taken down by Facebook, so that's something.

[Woodinblack]

Just now, Steve Browning said:

It does look as though it's been taken down by Facebook, so that's something.

 

Well, that is better than it being under someone elses control, at least it can't be used for scamming people you know.. 

[Cliff Edge]

Facebook threatened to take down one of my accounts years ago because they didn’t like my name. To be fair it was obviously not a real name and they gave me the opportunity to change it. So I did, to Mahatma Coat from Glasgow. They seemed happy with that and I continued to use it for several years until they again asked me to change it. 

[TimR]

On 08/11/2023 at 17:57, Steve Browning said:

It does look as though it's been taken down by Facebook, so that's something.

 

This happened to a friend of mine. Account hacked. Used for fraud or to write antisocial posts. FB took it down, gave him 30 days to appeal. But FB so understaffed the 30 days went by with no reply. 

 

Luckily he had been doing so sales to the UK facebook team and emailled a real person in another department. Who raised an internal ticket and got it back.

 

If you run a page, have multiple admins! If one admin gets hacked or blocked you won't lose your page. 

[Gramski]

On 10/11/2023 at 14:11, TimR said:

If you run a page, have multiple admins! If one admin gets hacked or blocked you won't lose your page. 

 

Wouldn't the hacker just remove the other admins as soon as they got access? 

[TimR]

I assume everyone has two factor authentication set up. Anyone wanting to add or remove admins from a page will need your current Facebook password. 

 

I don't know how they're hacking into accounts that have 2FA and then setting up another password. 

Edited November 13, 2023 by TimR

[Downunderwonder]

2 hours ago, TimR said:

I assume everyone has two factor authentication set up. Anyone wanting to add or remove admins from a page will need your current Facebook password. 

 

I don't know how they're hacking into accounts that have 2FA and then setting up another password. 

From what we discussed earlier I think they start by posting as a friend messaging you about some b.s that requires a code. They quickly pose as you to FB locked out or wanting to do admin or sommat, and you are silly enough to give it to them. That's the only way I can see how it could be done short of an actual hack.

 

How they fool you that it's your friend messaging you on some other platform I have no idea.

[Gramski]

9 hours ago, TimR said:

I don't know how they're hacking into accounts that have 2FA and then setting up another password. 

 

The thread explains how ... social engineering ... tricking people into handing out the information ... but once someone has admin access to a Facebook page, they can just remove the other admins. So having multiple administrators (as was suggested earlier in the thread) doesn't really help unless the hacker is very slow or somewhat sloppy.

[Steve Browning]

11 hours ago, Downunderwonder said:

From what we discussed earlier I think they start by posting as a friend messaging you about some b.s that requires a code. They quickly pose as you to FB locked out or wanting to do admin or sommat, and you are silly enough to give it to them. That's the only way I can see how it could be done short of an actual hack.

 

How they fool you that it's your friend messaging you on some other platform I have no idea.

Yup. Silly enough, you empathetic chap, you.