Tim BrayNov 20, 2023
Yow, I just got successfully phished on the Facebook Android app. I clicked on "Your friend X tagged in a post" and this thing managed to put a browser window over the top of the FB app so it looked like I was still in the app, totally consistent style, and asked for a Facebook login, which I haven't done for years so I thought made sense. I fell for it, and I bet most people wouldn't have noticed it was sketchy, which I fortunately did; password hastily changed….
Show threadaegilops

@timbray thanks for sharing!

If you switch to using a password manager, then it won’t insert your password into the UI, prompting you to notice that and start questioning what’s up.

If you haven’t already, you could enable MFA, such as a TOTP, to try to limit the effectiveness of stealing the password (though they can be phished along with the password).

Did you check the logged in sessions to make sure the culprit isn’t still logged in after the password change?

#phishing

Nov 20, 2023 at 9:40pmWeb
Show threadSodomy Non SapiensNov 20, 2023
@aegilops @timbray cant be much worse than giving these details to zuckerburg though, i would not trust that crook with anything
Show threadTim BrayNov 20, 2023
@aegilops D'oh, I *did* use my pw manager and it refused to fill and I was too dumb to twig to that instantly. On your last point, when you change your FB password it helpfully asks "would you like to log out all other current sessions?" - kudos to FB, I might not have been smart enough to think about that. Some of those sessions were on hardware retired years ago…