How it happens:This mention attack happens in 4 steps. If you can abort any one of these, then probably you won’t be a victim of this spam mention phishing attack. These steps are described below:
- Attracting Facebook users: This mention attack initiates with an lucrative status update revealing some tricks to play with Facebook systems. You’ll be asked to copy some code and paste in your browser console. As per the status update, this will bypass the Facebook security system and give you some beyond security/privacy benefits, such as thousands of fake likes, username and password of your selected friends, etc. The attack begins here. In some cases, the status message will ask you to do some preliminary tasks, such as mentioning a friend in the comment box whose username/passwords will be sent to you via an untraceable fake personal message, etc. If you follow their instructions then you are very near to be compromised with your online security.
- Pasting their code in your browser’s console: This is the second step of such Facebook phishing attack. They will force you with lucrative messages to copy their codes and paste in your browser’s console. Actual bypass is processed in this step. When you paste their code in your browser’s console and press the Enter key, a colorful Facebook Theme will be installed and you will see some extras loading over your Facebook/browser interface. These will bypass browser’s security and steal confidential credentials from your PC and even cache files.
- The code blocks some important browser security scripts: The codes pasted in your browser’s console will block some important security scripts in your browser, which protects your confidential credentials from phishing attacks. Here you are compromised. The Facebook Theme installed in your browser will collect confidential data and send them to the attack initiator. Thus you will become a victim of this new kind of phishing attack which passes through Facebook spam mentions.
- Mentioning some random friends: This is the last but most important step to pass the attack through other Facebook accounts. The Facebook Theme that was installed in your browser will choose some random contacts from your friend list and tag them into a comment to the post where you landed in the Step- 1 above. Thus the phishing attack continues and passes through numerous new victims every second.
- Disconnect your PC from internet as soon as you realize the attack. This may safe your credentials to some extend.
- Clear your browser cache and temporary files from your PC.
- Update your antivirus database and perform a full system scan.
- Close all your active online sessions and change all your passwords (including Facebook) associated with the PC.