Security researchers at Access Now have revealed detailed information about a fraud scheme allowing cybercriminals to compromise Facebook accounts through the “Trusted Contacts” feature.
“Trusted accounts” feature can be used to restore your Facebook account in case if you forget your password or your account is suspended. If you activate this feature, Facebook will ask you to indicate from 3 up to 5 trusted contacts to send them parts of a security code. Once your friends send you all parts of security code, you will be able to restore access to Facebook account.
First, attacker compromises Facebook account of a trusted contact of the target Facebook user. Attacker asks the victim to help recover access to this trusted person’s Facebook account. The victim is asked to provide a security code which he/she will receive via SMS or email, claiming it’s needed to recover trusted contact’s Facebbok account.
Next, attacker activates “Forgot Password” feature for the victim’s Facebook account. Victim sends the received security code to the attacker, believing it’s for the trusted person’s account, not his/her own. As a result, the attacker gets full access to victim’s account and personal data which can be used for further frauds.
According to Access Now researchers, this attack is targeted at Facebook users who don’t know about “Trusted Contacts” feature on Facebook. Most of the compromised accounts belong to human rights activists and journalists in the Middle East and North Africa.