General Question

Aboo_Anas's avatar

Do you think Facebook was honest with its response?

Asked by Aboo_Anas (4points) September 8th, 2020

My Facebook two-Factor authentication code was sent by an unknown mobile number instead of Facebook. So I believed this should be a security bug from Facebook. I tried to log into my account and the same thing happened again, but this time, my two-factor authentication code was sent by another mobile phone number and in a different style. I tried to reproduce this bug and I was able to reproduce it. I reported this bug to Facebook in details through their bug bounty programme and Facebook said they actually own the two numbers I reported but my country operator was not fully aware of that, hence it did not display the label “Facebook”. I was not paid anything and the issue was closed by Facebook.
However, looking at the format of the messages, I don’t want to believe that the messages were from facebook. Although, the codes sent were valid.
The first message goes thus: “free delivering message system. auth pin XXXXXX sent f00r y00u fr00m facbk”
Note the following in the message:
1. free delivering message(grammatical blunder)
2. auth (abbreviation and small letter ‘a’ after a period, another unprofessional writing style)
3. f00r( using two zeros instead of letter “o” and spelling f00r instead of “for”)
4. y00u(using two zeros instead of letter “o” and spelling y00u instead of you)
5. fr00m(same error as in 3 and 4)
6. facbk(abbreviating Facebook as fcbk, I don’t think any company employee will go down to this level)
7. No period (full stop) at the end of the message.

The second message goes thus:”Use XXXXXX for….on….”. Although the code was valid when I entered it, but I don’t want to believe that it was sent by Facebook. Or why will Facebook write “for … on….”?
What do you think I can do?

Observing members: 0 Composing members: 0

3 Answers

JeSuisRickSpringfield's avatar

If you reported the numbers (which they own) instead of the messages (which do look suspicious), then they might have closed the case on a technicality. But it’s also possible that whoever set up the messaging system for your specific country just didn’t do a very good job. Facebook doesn’t spend as much time polishing its product for markets outside of the US, Europe, and Southeast Asia.

Zaku's avatar

How would a scammer send you valid two-factor ID codes?

SergeantQueen's avatar

@Zaku

if it was a phishing link, and you entered a number for a code. Not sure how they would be able to get in though because the code shouldn’t actually work but I don’t know.

Answer this question

Login

or

Join

to answer.

This question is in the General Section. Responses must be helpful and on-topic.

Your answer will be saved while you login or join.

Have a question? Ask Fluther!

What do you know more about?
or
Knowledge Networking @ Fluther