"Facebook Messenger Scam Duped Millions"

Security researchers at PIXM security have analyzed a well crafted phishing message sent via Facebook Messenger that ensnared 10 million Facebook users and counting.  The researchers noted that the scam is still active and continues to push victims to a fake Facebook login page where victims are enticed to submit their Facebook credentials.  The phishing campaign began last year and ramped up in September.  The researchers assert the campaign is tied to a single person located in Colombia.  The reason PIXM believes the massive Facebook scam is tied to a single individual is because each message links back to code “signed” with a reference to a personal website.  The researchers stated that the crux of the phishing campaign centers around a fake Facebook login page.  It might not look immediately suspicious, as it closely copies Facebook’s user interface.  The researchers noted that when a victim enters their credentials and clicks “Log In,” those credentials are sent to the attacker’s server.  Then, the threat actor would login to that account and send out the link to the user’s friends via Facebook Messenger.  Any friends that click the link are brought to the fake login page.  If they fall for it, the credential-stealing message is forwarded to their friends.  Post-credential phish, victims are redirected to pages with advertisements, which in many instances also included surveys.  The researchers noted that each of these pages generates referral revenue for the attacker.  The researchers stated that the adversary of this campaign managed to circumvent the social media platform’s security checks by utilizing a technique that Facebook missed.  When a victim clicks on a malicious link in Messenger, the browser initiates a chain of redirects.  The first redirect points to a legitimate “app deployment” service.  After the user has clicked, the victim will be redirected to the actual phishing page.  But, in terms of what lands on Facebook, it’s a link generated using a legitimate service that Facebook could not outright block without blocking legitimate apps and links as well.  The researchers were able to access the hacker’s own pages for tracking the campaigns.  The data indicated that nearly 2.8 million people fell for the scam in 2021 and 8.5 million have so far this year.  The researchers warn that as long as these domains remain undetected by using legitimate services, these phishing tactics will continue to flourish.

 

Threatpost reports: "Facebook Messenger Scam Duped Millions"

Submitted by Anonymous on