Rick’s Tech Tips Newsletter
As you probably know by now, the scammers never seem to take a break from Facebook.
They’re at it again, and this time they’re impersonating the employers of Facebook users.
As usual, there are several variations of this scam, but they all work pretty much the same way…
First, the scammer identifies a large company they hope to hack into with stolen login credentials.
After they’ve identified a company to target, they get to work creating a fake, but authentic-looking web page that mimics the look and feel of that company’s official website.
On that fake web page will be a form with which company employees can ostensibly change the passwords to their employee accounts.
Next, they create a fake, but authentic-looking Facebook page that mimics the company’s official Facebook page.
I’m sure you can probably see where this is headed…
After the fake password-reset page and fake Facebook page are both set up they get on Facebook and search for users who work at the company they’re planning to target.
Once they’ve finished compiling a list of Facebook users who work at that company they contact those people with a fake “IT Alert”.
The wording of these fake alerts vary a bit, but they usually read something like this:
“Important IT Alert for Employees of [Company Name]
Our IT department has discovered a flaw in our software that resulted in hackers breaching our system and stealing employee login credentials.
The flaw has been fixed but all of our employee’s passwords have been compromised.
We need for you to click the link below and reset the password to your employee account:
[Link to fraudulent website]
It’s very important that you get this taken care of right away because your personal information is at great risk.“
The form on the fake password-reset page asks for three things:
1 – Your account’s username
2 – Your existing password
3 – The new password you wish to use for the account
The reason they give for requiring you to enter your existing password is to prove the account actually belongs to you instead of someone else.
Any users who have their email addresses displayed on their Facebook profiles will receive the fraudulent message via email. The others will receive it via Messenger.
The scammers prefer to use email when possible because:
1 – Most employees of large companies are used to receiving emails from their employer.
2 – People tend to be more trusting of the emails they receive than of Instant Messages. (Truth be told, it’s wise to always be skeptical of both.)
Any recipients of these messages that take the bait and enter the requested information on the fake password-reset page (and there always are a few) will have the info they entered intercepted by the scammer.
The scammer will then take that information and log into the user’s account using their real (existing) password and then immediately change the password to the new password the user requested via the form.
The legitimate account owner won’t realize anything is wrong because they’ll be able to log into their account using the new password.
And even the inevitable email alerting the user to the password change won’t raise any suspicions because the user indeed “changed” the password via the fake password-reset page.
As you can see, this is a very sophisticated scam, and unfortunately lots of people are falling for it.
Bottom line: If you receive an email or instant message similar to the one printed above, DO NOT click the link in that message and attempt to change your password via the fake form.
Instead, immediately contact your company’s IT department or Personnel department and let them know about the message you received. They’ll then provide guidance on which steps (if any) you need to take.
And now, one final note…
This scam is a perfect example of why it’s wise to put as little personal and professional info as possible on your social media profiles and limit the approved audience for your posts to “Friends”.
Any piece of information you list on Facebook (email address, phone number, employer, date of birth, etc.) can potentially be used by scammers to target both you and the company you work for.
And by the way, that also includes sensitive info you post into a status update/post since those are searchable as well by your Facebook friends (and everyone else if your privacy is set to “Public”).
Never miss a tip! Click here to sign up for my free Daily Tech Tips Email Newsletter!