How scammers used Facebook’s phone number and email address search facility
Facebook has been all over the news lately over the data breach scandal involving data being skimmed by Cambridge Analytica. Since news first broke of the scandal, Facebook has been under heavy fire over their data privacy policies, as well as how they use people’s data and how it is shared.
In the latest, it can now be assumed that every Facebook user has had their data improperly shared. But, another issue is the questionable Facebook phone number search facility that has, reportedly, been used by scammers who are abusing the facility for their own gain.
Read on to find out how.
You can (or rather, could) search for a person on Facebook using a phone number or an email address: a feature designed to allow people to search for their friends’ profiles when they have their mobile telephone number or email address.
But scammers have also been using the facility to great effect.
By searching for a phone number or an email address, which by all intents and purposes could be completely made up by the scammer, they can link the search to that person’s Facebook profile in order to gain more information about them.
Here’s an example: a scammer types a random number into the Facebook search facility and finds the number is real and belongs to someone’s profile. Depending on the person’s security and privacy settings, the scammer may now have the full name and address (or at least location) of the victim, and could even see posts they have made which could help them target them more. Say, they put a post up complaining that their telecommunications provider had let them down with a complaint. The scammer could try and pose as a representative from the company and scam the victim.
An email address could be even easier to use given how many of them are hacked from databases all the time. Organisations who have their customers’ information breached often play down the breach when it involves “just an email address”, but a scammer could take that email address – even where it’s nondescript – and could abuse the Facebook search facility to locate the owner’s profile, and therefore find way more data about them.
Ever wondered how people get your data when it seems almost impossible as to how they got it? Well, perhaps this is the reason as to why…
Facebook has previously encouraged users to add their phone numbers for the facility to work, but this has inadvertently opened the door to scammers to abuse the facility. This issue has been known for a long time, yet back in 2015 Facebook reportedly told a security researcher that it did not consider this to be a security vulnerability.
Following the additional scrutiny Facebook has been under as a result of the Cambridge Analytica data scandal, they have now removed the facility.
Request a call back from our team
Fill out our quick call back form below and we'll contact you when you're ready to talk to us.
All fields marked with a * are required.