Password Input

Meta users urged to change passwords (again!)

Facebook and WhatsApp users have been warned to change their passwords after the platforms – both under the Meta umbrella – suffered yet another data breach.

Cybercriminals have reportedly been trying to trick people into sharing their passwords sensitive information via phishing scams.

What happened?

While Meta has not explicitly outlined the nature of what has happened, it appears as if the problem is scammers targeting individuals with phishing scams that tell them they need to take action to secure their Facebook or WhatsApp account. Additionally, it is thought cybercriminals are also regularly attempting the same scam with Facebook Messenger and Instagram users.

Cybercriminals who can successfully dupe people into sharing their social media passwords could then pose as their victims to contact friends and followers and request money or trick them into sharing other sensitive information.

Meta’s warning comes after it recently sued hackers who were targeting users with phishing scams in this manner. The company believes that one cybercrime campaign that ran throughout 2021 had over 39,000 fake websites imitating its platforms.

Warning users of the dangers of phishing, Jessica Romero, Facebook’s litigation director, said: “Phishing is a significant threat to millions of Internet users.

“Phishing attacks lure victims to a website that appears to be operated by a trusted entity, such as a bank, a merchant, or other service.

“The website, however, is a deception, a fake, and the site’s fake content is designed to persuade a victim to enter sensitive information, like a password or email address.

“We are taking this action to uncover the identities of the people behind the attack and stop their harmful conduct.

“We proactively block and report instances of abuse to the hosting and security community.

“And Meta blocks and shares phishing URLs so other platforms can also block them.”

What action should I take if I think I’ve fallen victim to phishing?

If you have recently input your password into a Meta service after receiving an email asking you to “Secure your account” or something similar, there’s a chance you’ve already been a victim of phishing.

To minimise the damage to yourself and potentially to your contacts, you should:

  • Immediately change your password – use a password manager app to come up with and store a hard to guess password
  • Implement two-factor authentication (2FA) for your relevant accounts – ideally using an authenticator app rather than SMS or email authentication, as these can easily be compromised too

How can you avoid becoming a victim of phishing?

Be alert!

As phishing scams rely on you clicking links inside emails and then sharing your details, the safest way to avoid falling victim to phishing is not to do this. Instead of clicking on email links to log in to a platform, navigate directly to the platform yourself. If there’s a problem with your Facebook account, for example, you’ll get a notification when you try and log in. If you can log in with no issues and don’t receive a notification from Facebook itself, it’s likely the email you received was a scam.

You should still ensure you enable 2FA, too. That way, even if you do fall victim to a phishing scam, you’ll still have the added layer of protection from your authenticator app or chosen 2FA method and be notified of unauthorised attempts to access your account.


Get in Touch

Fill in the form below to tell us your details, and we’ll get started.