Facebook usually will only send password reset code to the phone number if the user forgot the keyword to log into the account. The SMS will be sent to the mobile number the user enrolled into his account.
In general there are three causes of users sent SMS by Facebook, or others who claim to be Facebook.
1. The user wants to reset the password
If this is the case, then there is nothing to worry about because it is the user himself who wants to reset the password.
This happens when the user is logged in (already logged in) to the Facebook account, then want to change the password but forgot the current password.
If the user chooses the "forgot password" option, Facebook will send a password reset code to the registered e-mail address or mobile number.
The reset code will then be sent to the user's mobile via SMS, then put into the code field on the Facebook site.
If the user still remembers the current password, then the step is simpler, simply by entering the keyword and the new keyword in the field provided.
2. There are other people or bots that want to enter without permission
If the SMS contains a code from Facebook comes unexpectedly through the password reset step above, then beware, there could be other people or bots (automated programs) that are trying to break into your Facebook account.
As in the first point above, Facebook provides a way to reset the password from the login page, before logging in to the account. This mechanism is actually intended to facilitate the user if forgotten password, but prone to misused others, because the condition only have to know the e-mail address or mobile phone number listed in the targeted Facebook user account.
Facebook will then display an option to send a password reset code to the e-mail address or mobile phone number in question, as shown in the picture above.
Furthermore, the person trying to get in was just doing social engineering by calling the phone number sent the password reset code earlier. Maybe he can impersonate an officer from Facebook or a friend of a user and request a reset code.
Once the reset code of six-digit number has been obtained, the account password can be changed so that the original owner can not enter again while the account is taken over.
To prevent unpleasant incidents as above, when receiving via SMS, then never give or reset the reset code to anyone.
The arrival of SMS reset code without this invitation also means that there are others who know the e-mail address or mobile phone number of users, then try to use that information to login to your Facebook account.
If you're worried about getting prone, you can change the password with a stronger or enable two-factor authentication security feature, which requires additional code in addition to the main password to log into Facebook.
3. Phishing
Apart from Facebook itself like the two cases above, SMS or e-mail may come from another party disguised as Facebook, aka the phishing trap is a common method for social engineering attacks.
SMS or phishing e-mail may include links to malicious sites, such as those that look like Facebook login pages, but they are not.
Once you enter the password on this mock page, the user's password can be stolen directly by the hacker so that his account can be broken into
When receiving SMS or phisihing email like this, then you should not do anything. Do not click on an existing link. Ignore or delete those phishing messages.
In addition to the reset code sent via e-mail or SMS, Facebook also provides another entry into the user account, ie by selecting the option "Do not have access here again" on the reset screen sending code.
Facebook will then guide you with some steps of account verification. What if the user account has been overtaken by someone else? Facebook still provides the option to help restore your account.
0 comments:
Post a Comment