Scammers recently used their own third-party Android apps to hijack over 10,000 Facebook accounts using the “Continue with Facebook” button.
If you were to download and open one of these malicious apps, you’d see a familiar feature: the “Continue with Facebook” button. Legitimate apps often integrate with websites like Facebook to make account creation quick and easy. In malicious apps, this type of link often leads to a phony login page designed to steal your login credentials.
This scam is unique because clicking the “Continue with Facebook” button actually opens the official Facebook login page. If you log in to your Facebook account, you’ll give the bad guys far more than your username and password. The malicious apps include an extra bit of code that gathers your account details, location, IP address, and more. Once they hijack your account, the bad guys can use it to generate ad revenue, spread disinformation, or even scam your friends and family.
Follow these tips to stay safe from malicious applications:
- Though this attack targets Android users, the technique could be used on any kind of device, even desktop computers. Always be careful when downloading apps or software, regardless of the device that you are using.
- Before downloading an app, read the reviews and ratings. Look for critical reviews with three stars or less, as these reviews are more likely to be real.
- Only download apps from trusted publishers. Remember, anyone can publish an app on official app stores, including cybercriminals.
Stop, Look, and Think. Don’t be fooled.
KnowBe4 is the world’s most popular integrated platform for awareness training combined with simulated phishing attacks. Let Keller Schroeder show you how KnowBe4 has helped thousands of organizations just like yours manage the continuing problem of social engineering. Contact us today to learn more.
DISCLAIMER : Any non-technical views expressed are not necessarily those of Keller Schroeder or its employee-owners.