Security News > 2020 > October > ‘Copyright Violation’ Notices Lead to Facebook 2FA Bypass
Scammers have hatched a new way to attempt to bypass two-factor authentication protections on Facebook.
The first step in the "Appeal?" The victim is asked to submit a username, password and 2FA code from their mobile device, according to Sophos researcher Paul Ducklin, allowing fraudsters bypass 2FA. 2FA is an added layer of protection on top of a username and password that usually involves sending a unique code to a mobile device, which must be entered to access a platform.
The fake Facebook emails offer clues that they're not legit, but Ducklin points out it's convincing enough to goad social-media administrators into wanting to gather more information on the supposed copyright violation complaints, which means clicking on the phishing link in the email.
"The catch is that the Facebook address is the fraudulent page set up to look like an official Facebook page dedicated to handling copyright violation issues."
Once on the site, users were asked to enter their password, twice, access the Facebook app on their mobile device and enter in the 2FA code, which is found in the "Settings & Privacy > Code Generator" section of the app.
News URL
https://threatpost.com/copyright-violation-facebook-2fa-bypass/160690/