New Facebook phishing attack taking Vietnamese opposition voices offline

Tiếng Việt

Access Now’s Digital Security Helpline has recently received reports of social engineering attacks in Vietnam targeting the Facebook profiles of bloggers and citizen journalists writing about democracy and human rights. These attacks aim to connect the targeted account with content that violates Facebook’s terms of service, leading to blocking of the account and near impossibility of recovery.

Here’s how the attack works:
  1. The attacker sends a friend request to the person being targeted, perhaps including a message trying to convince the person to accept their request.
  2. The attacker adds them as an admin of a Facebook page. Any of your friends can add you as a page admin without your confirmation. You will only receive a notification you have been added. That means once you accept the friend request, you become vulnerable to the attack.
    If you haven’t accepted the friend request, the attacker can still send you a request to join the page as an admin. The name of the page will make it seem harmless, but you should only allow your account to be connected to pages you know and trust.
  3. The attacker strategically designs the page to violate Facebook’s terms of service, and then reports the page for those violations. This process happens very quickly, leaving you little time to realize there is a problem and remove yourself from the page.
  4. Facebook blocks both the page and the admins’ accounts for the terms-of-service violation.
  5. The target asks Facebook to restore their account, but they are seen to have violated the terms of service and their request is denied.At this point, the person whose account was attacked is completely erased from view — all of their past posts are no longer available. It also means they have lost access to all of their followers and aren’t able to share information with their audience in the future.

If you are in Vietnam, use these tips to keep your accounts secure:
  1. Be careful about accepting friend requests, and review your account privacy settings to ensure the content you publish is only available to the people you want to see it.
  2. Do not accept requests to become a page admin unless you are familiar with the page and the person sending the request. If you receive a notice you have been added to a page by one of your friends, immediately review the page and remove yourself if you did not expect to be added.
  3. Carefully review any pages you have permissions for. In the far right corner of the top navigation, click the drop-down arrow and then click Manage Pages. For any page you do not recognize, you can open it and choose Settings in the top right > Page Roles in the left menu > scroll down for  to the Existing Page Roles section > click Edit next to your name > click Remove.
  4. If you have been targeted in this kind of attack, or otherwise need assistance, contact the Digital Security Helpline.

This kind of attack is consistent with the work of Force 47, a 10,000-person military unit tasked with combating “wrong views” online that criticize the government or promote ideas counter to the governing party’s ideology.

We first received reports of this method of attack in September, but we have observed a spike in Facebook account suspensions and content takedowns in Vietnam since June following the passing of the Cybersecurity Law, which triggered widespread protest in the country. The law will go into effect in January 2019, and will require global tech companies like Facebook and Google to localize storage of data from users in Vietnam.