Australian technology news, reviews, and guides to help you
Australian technology news, reviews, and guides to help you

Fake Facebook: how scammers try to break into your account

It’s a simple trick that Meta is powerless to stop. But if you’ve ever wondered how scammers snatch your Facebook logins, there’s a clear answer and why.

Writing security articles tends to put you in the crosshairs for all sorts of interesting individuals. Some of them legitimate individuals interested in learning more, and others again are just yet more scammers, interested in breaking into your account to keep the con going.

Ever since reporting on the celebrity scams hitting social, this journalist has seen more than his fair share of interested parties, and I’m always happy to help where I can.

But when it’s a scammer, it can be better to turn the tables on them and expose their operations.

So when a scammer asked this journalist to log into Facebook to read an article, skepticism naturally followed. Fortunately, we know what we’re doing, and can identify a fake Facebook login, and shortly you should be able to, as well.

What is a fake Facebook login?

As the name suggests, a fake Facebook login is a version of the social media network designed to look legit but be anything but.

You might be wondering why a fake Facebook even exists, and the answer is this: your details are worth something on the black market. Your details can be used to game passwords for other services, many of which are shared for a lot of people, and at the same time can be used to break into other people’s accounts.

For instance, if one set of account details is stolen by a scammer, and they log in there, they can attempt to convince that person’s list of friends that a whole bunch of other links are legitimate places to login at, and in turn have their accounts hacked and violated.

“Violation” is a great word to describe a fake login, because it intends to violate your trust.

How fake Facebook logins work

A form of phishing, a fake login may be designed to look real, but none of the data is entered into the real place.

Just because a login looks legitimate doesn’t mean it is. Webpage clones are easy enough to make, and recreating the look and feel of Facebook isn’t difficult at all. There are thousands that pop up and all too easily. If one is reported and taken down, you can bet plenty more will pop up in its place.

Unfortunately, that means scammers can make the front door all too easily and place their own storage system behind it, ready for you to enter your details and have them be captured by a criminal.

How to go on the defence

The good news is that even though scammers can make these Facebook facades, you can easily go on alert against them, checking out the URL to determine whether they’re legit as you can with many other scams, and even bolstering your security in other ways.

The most obvious way to check whether Facebook is real is by looking at the URL in your web browser. Even though Facebook is owned by Meta, the website address should always be www.facebook.com.

If any other website sits where Facebook’s should be, you’re one step closer to proving that you’re looking at a scam.

This isn’t Facebook’s Marketplace!

Viewing access on your account

Going on the defensive against fake Facebook logins doesn’t just have to come from clicking to the wrong location. It can also come from preventing scammers from taking advantage of your friends list.

While you might not have given access to a scammer, it’s entirely possible that your friends inadvertently have, so consider locking down your friends list and other pieces of identifying information only to your friends. That’ll stop would-be scammers from trying to clone you with information they’ve gained from your listing.

Make multi-factor part of your life

It’s important to connect your social accounts with as much security as you can, and that means making multi-factor authentication a part of how you connect.

Originally known as two-factor authentication or “2FA”, multi-factor now goes beyond the number two or even three, because we can engage multiple forms of login authentication if we want.

The idea is simple: rather than just use your email address and password, you’ll use a second or third or fourth form of authentication to login. That could be a text message on your phone, a physical backup key, a code, a call, and so on.

Setting up your account to rely on at least one more form of authentication means that if you did accidentally fall into a scammer’s trap, they wouldn’t be able to just take over your account, and would need that extra form of authentication to make the details work, cutting them off in the process.

Read it all and take everything with a grain of salt

Finally, the best tip in protecting yourself from scammers is to read everything and take what you see with a grain of salt.

One consistency ever scammer pushes is urgency. Forcing you to act quickly almost always throws away any sense of rationality you might have, and you can see it in the way a scammer works.

They’ll badger and pepper you with suggestions to do it now, to check the link, did you read the article, just log in, etc etc. The idea is to get you to type in your details without thinking, even if there are telltale signs, including:
You seemingly being logged out of Facebook at the link you’ve been sent to, and
The wrong URL at the login (not showing up as facebook.com, because scammers can’t use that website)

Those are the most obvious two, but there are others, and taking what you read with a grain of salt is important, as is taking time. Criminals prefer to communicate in urgency and bewilderment, because you’re more likely to act without thinking, which benefits them.

Read next