"Massive Facebook Messenger Phishing Operation Generates Millions"

Researchers discovered a large-scale phishing campaign that exploited Facebook Messenger to trick millions of users into entering their account credentials and viewing adverts on phishing pages. The campaign operators used stolen accounts to send more phishing messages to victims' friends, thus resulting in the generation of significant revenue through online advertising commissions. According to PIXM, a New York-based AI-focused cybersecurity firm, the phishing campaign peaked between April and May 2022, but it has been active since at least September 2021. PIXM traced the threat actor and mapped the campaign because one of the identified phishing pages hosted a link to a traffic monitoring app that was publicly accessible without authentication. Although it is unclear how the campaign initially began, PIXM found that victims were sent to phishing landing pages via a series of redirects from Facebook Messenger. As the threat actors stole more Facebook accounts, they employed automated tools to send additional phishing links to the compromised accounts' friends, resulting in a tremendous increase in the number of stolen accounts. Facebook has security mechanisms in place to prevent the spread of phishing URLs, but the threat actors utilized a method to circumvent these safeguards. Their phishing mails used legitimate URL generating services that are difficult to block because legitimate apps use them. The researchers discovered they could acquire unauthenticated access to the phishing campaign stats pages and discovered that 2.7 million users visited one of the phishing portals in 2021. This number increased to 8.5 million in 2022, indicating the campaign's massive expansion. This article continues to discuss findings surrounding the large-scale Facebook Messenger phishing campaign.

Bleeping Computer reports "Massive Facebook Messenger Phishing Operation Generates Millions"