Jump to content
Why become a member? ×
Please Support Basschat

Facebook taken over - update re FB Marketplace

Steve Browning

By Steve Browning,
in General Discussion

 Share

Recommended Posts

Steve Browning Grand Master

Steve Browning

Posted
Posted (edited)

HI all

 

My Facebook/Messenger ac counts have been taken over. I received a message from a friend, asking me to vote for him in an  online music competition (he's a guitarist). I was asked to repeat a code to verify my vote, that he sent. With that my account was no longer mine. I tried to get it back, but it seems to have been lost.

 

Seriously annoying, and I'm usually pretty on the ball with this stuff. Not so, this time. Just beware folks.

Edited by Steve Browning
  • Like 2
  • Sad 1
Link to comment
Share on other sites
Downunderwonder Grand Master

Downunderwonder

Posted
Posted

I don't FB but I bank. Pray tell more about this one. I am usually pretty scam savvy I think but no idea how this works.

 

My bank does password plus verification. It freaks me that I could log into a fake ib. address and input my password but sort of reassured that they would need my weird questions to have any chance of capturing the weird answers which would only garner a few letters at at a time. Or am I dead wrong?

  • Like 1
Link to comment
Share on other sites
Steve Browning Grand Master

Steve Browning

Posted
  • Author
Posted

Bank doesn't seem to be affected.

 

I had a Messenger message from a friend. He wanted me to vote for him in an online music competition (he is a musician). He said he'd send a confirmation code to validate my vote. Silly me, fell for it and provided the code. That was, it turns out, the code that enabled them to access my account and change the contact details. It seems only Facebook and Messenger (my bank is fingerprint log on) are affected. I guess you won't get the same thing if you don't use FB or Messenger.

  • Like 1
Link to comment
Share on other sites
Downunderwonder Grand Master

Downunderwonder

Posted
Posted
20 minutes ago, Steve Browning said:

Bank doesn't seem to be affected.

 

I had a Messenger message from a friend. He wanted me to vote for him in an online music competition (he is a musician). He said he'd send a confirmation code to validate my vote. Silly me, fell for it and provided the code. That was, it turns out, the code that enabled them to access my account and change the contact details. It seems only Facebook and Messenger (my bank is fingerprint log on) are affected. I guess you won't get the same thing if you don't use FB or Messenger.

None the wiser here. They gave you a code they got from where?

 

I tried to log into Amazon having forgotten my password. They emailed me a code. Then they asked me for my name, which I got wrong as almost nobody gets my real name online and I forgot which fake name I had given them. It's going to be a tough job for a scammer to take over the real Downunderwonder, I hope.

  • Like 1
Link to comment
Share on other sites
ambient Grand Master

ambient

Posted
Posted
53 minutes ago, Downunderwonder said:

None the wiser here. They gave you a code they got from where?

 

I tried to log into Amazon having forgotten my password. They emailed me a code. Then they asked me for my name, which I got wrong as almost nobody gets my real name online and I forgot which fake name I had given them. It's going to be a tough job for a scammer to take over the real Downunderwonder, I hope.

 

He must use two-factor verification for his Facebook account. The code he input into the fake site was the 2-factor verification code sent by Facebook. He'd inadvertently given it to the hackers to use.

  • Like 1
Link to comment
Share on other sites
goingdownslow Experienced

goingdownslow

Posted
Posted

For the last week I have been daily, sometimes twice, receiving Google verification codes by text message. I haven't requested them and they don't say what account they are for, I have five. I check them all and there is no suspicious activity.
I don't know what to make of them yet, possibly leading to some sort of scam or maybe someone else has set up their account with the wrong phone number.

  • Like 1
Link to comment
Share on other sites
wintoid Proficient

wintoid

Posted
Posted
2 hours ago, goingdownslow said:

For the last week I have been daily, sometimes twice, receiving Google verification codes by text message. I haven't requested them and they don't say what account they are for, I have five. I check them all and there is no suspicious activity.
I don't know what to make of them yet, possibly leading to some sort of scam or maybe someone else has set up their account with the wrong phone number.

 

Me too and many others.  https://support.google.com/accounts/thread/235285575

 

I've changed my passwords, removed the verification phone and switched to a TOTP code, but still the texts continue.

  • Like 1
  • Thanks 1
Link to comment
Share on other sites
Woodinblack Grand Master

Woodinblack

Posted
Posted
7 hours ago, Downunderwonder said:

I don't FB but I bank. Pray tell more about this one. I am usually pretty scam savvy I think but no idea how this works.

 

If you have two factor authentication with something, if you want to change your password or log into your account, you log in, and they send you a code to your phone or your email normally with a big disclaimer saying not to share it with someone. If they do get that number, they can log into your account and do whatever they want, the first thing is turning off 2 factor and changing the email / password - the account is now theres.

  • Like 1
Link to comment
Share on other sites
Downunderwonder Grand Master

Downunderwonder

Posted
Posted
1 hour ago, Woodinblack said:

send you a code

That bit is clear. I know how that operates.

 

OP implied his scammer mates sent him a code from his real mate's hacked or impersonated account.

 

So they had to have known his email on the FB account to prompt FarceBook into sending the text. All in the background while having a public conversation as his mate about some bs survey competition. No?

 

Seems a pretty bogus system if it's that vulnerable. Wouldn't they have to be be poking his FB for it to text while he's logged in looking at it?

 

Or the other way around. They sit around waiting for him to be offline but not so busy. Quickly poke him from their scam account and hope he sees it and goes to it but doesn't log in before they have poked FB to send the text code so OP gets it all at once thinks it is the real thing....

  • Like 1
Link to comment
Share on other sites
Cliff Edge Mentor

Cliff Edge

Posted
Posted
On 05/11/2023 at 14:55, wintoid said:

 

Me too and many others.  https://support.google.com/accounts/thread/235285575

 

I've changed my passwords, removed the verification phone and switched to a TOTP code, but still the texts continue.

Slightly off topic but Google has/had a long standing issue with email/account names. If I set up an email account  cliff-edge at Google dot com, I can also use cliffedge as well and will receive email using either. But someone else can set up an account cliffedge at google dot com. So you can imagine how that works, or not.  Accounts my wife and I set up years ago using a hyphen to separate words have been affected by this. We both occasionally receive emails not meant for us. Luckily the email accounts are largely used as junk black holes these days. Passwords are changed fairly regularly. 

  • Like 2
Link to comment
Share on other sites
  • Steve Browning changed the title to Facebook taken over - update re FB Marketplace
Cliff Edge Mentor

Cliff Edge

Posted
Posted

Facebook threatened to take down one of my accounts years ago because they didn’t like my name. To be fair it was obviously not a real name and they gave me the opportunity to change it. So I did, to Mahatma Coat from Glasgow. They seemed happy with that and I continued to use it for several years until they again asked me to change it. 

  • Haha 2
Link to comment
Share on other sites
TimR Grand Master

TimR

Posted
Posted
On 08/11/2023 at 17:57, Steve Browning said:

It does look as though it's been taken down by Facebook, so that's something.

 

This happened to a friend of mine. Account hacked. Used for fraud or to write antisocial posts. FB took it down, gave him 30 days to appeal. But FB so understaffed the 30 days went by with no reply. 

 

Luckily he had been doing so sales to the UK facebook team and emailled a real person in another department. Who raised an internal ticket and got it back.

 

If you run a page, have multiple admins! If one admin gets hacked or blocked you won't lose your page. 

Link to comment
Share on other sites
Guest

Guest

Posted
Posted
On 10/11/2023 at 14:11, TimR said:

If you run a page, have multiple admins! If one admin gets hacked or blocked you won't lose your page. 

 

Wouldn't the hacker just remove the other admins as soon as they got access? 

Link to comment
Share on other sites
TimR Grand Master

TimR

Posted
Posted (edited)

I assume everyone has two factor authentication set up. Anyone wanting to add or remove admins from a page will need your current Facebook password. 

 

I don't know how they're hacking into accounts that have 2FA and then setting up another password. 

Edited by TimR
Link to comment
Share on other sites
Downunderwonder Grand Master

Downunderwonder

Posted
Posted
2 hours ago, TimR said:

I assume everyone has two factor authentication set up. Anyone wanting to add or remove admins from a page will need your current Facebook password. 

 

I don't know how they're hacking into accounts that have 2FA and then setting up another password. 

From what we discussed earlier I think they start by posting as a friend messaging you about some b.s that requires a code. They quickly pose as you to FB locked out or wanting to do admin or sommat, and you are silly enough to give it to them. That's the only way I can see how it could be done short of an actual hack.

 

How they fool you that it's your friend messaging you on some other platform I have no idea.

Link to comment
Share on other sites
Guest

Guest

Posted
Posted
9 hours ago, TimR said:

I don't know how they're hacking into accounts that have 2FA and then setting up another password. 

 

The thread explains how ... social engineering ... tricking people into handing out the information ... but once someone has admin access to a Facebook page, they can just remove the other admins. So having multiple administrators (as was suggested earlier in the thread) doesn't really help unless the hacker is very slow or somewhat sloppy.

Link to comment
Share on other sites
Steve Browning Grand Master

Steve Browning

Posted
  • Author
Posted
11 hours ago, Downunderwonder said:

From what we discussed earlier I think they start by posting as a friend messaging you about some b.s that requires a code. They quickly pose as you to FB locked out or wanting to do admin or sommat, and you are silly enough to give it to them. That's the only way I can see how it could be done short of an actual hack.

 

How they fool you that it's your friend messaging you on some other platform I have no idea.

Yup. Silly enough, you empathetic chap, you. 

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...