Once attackers have your Facebook credentials, they can:
Users are told to copy a malicious script or paste their password into a comment or browser console to unlock a feature. Facebook Password Giveaway
| Type | Description | Example | |------|-------------|---------| | | Fake page or ad promising a reward for “verifying your account” by entering password. | “Get a blue check – enter your FB password below.” | | Contest Entry | “Like, share, and DM us your password to win an iPhone.” | Promoted via compromised accounts or fake influencers. | | Credential Harvesting | Third-party app claims to need password for analytics, growth, or prize delivery. | “We need temporary access to post the winner announcement from your account.” | | Internal Collusion (Rare) | Disgruntled or rogue employee offering passwords as part of a giveaway. | Insider threat in a marketing firm. | Once attackers have your Facebook credentials, they can:
: Once you enter your email and password, the scammer immediately captures them. They may then use this access to lock you out, change your recovery info, and scam your friends using your identity. | | Credential Harvesting | Third-party app claims