Fake Login Attempt Fraud

Fake Login Attempt Fraud:

If someone would try to log into your Facebook account, Facebook feature would immediately send you an alert, right? Similarly, when someone enters the wrong password, or attempts to log in from an unfamiliar location or different device, we usually get such alerts from Facebook, which is actually good for us, as it enables us so to change our password or take some other preventive measures before becoming a victim to un-authorized account access.

But, cybercriminals have not spared even this good feature in attempts to commit fraud. They take advantage of this feature by sending such fake emails in bulk to random users or in targeted manner to create panic. So, do not panic if you get such an email that alerts you of any login attempt into your account by an intruder/ stranger.

Modus Operandi:
The Modus Operandi of criminals has been explained below - 

1. Criminals send such phishing emails in bulk to several individuals alerting them of an unknown user login alert.
2. The user who receives it, panics and clicks on the report user (as he is supposed to do).
3. Fake Facebook login page opens.
4. User would not check the URL (which would never be Facebook as it's a fake login alert). 
5. User enters the username and password.
6. The attacker would get the login credentials, which they use to hack the account. Subsequently, they try to extort money from contacts, to gather sensitive personal information, to defame the user etc. 
7. Many people re-use the passwords, thus once the attacker compromises the Facebook account, other accounts with same credentials can also be breached by the hacker.   
8. Attacker getting access to other accounts like email, Twitter, Instagram etc can prove disastrous.

Thus, by sending a fake login alert, attacker can potentially enter into several of your accounts. Be aware of such frauds and always check the URL carefully before entering your login credentials into any website.

Also Read: What is e-SIM Card Swapping Fraud?