An incredibly dangerous phishing scam has been discovered that takes advantage of Facebook’s messaging system. Millions of users fell victim to it, and millions more may still be tricked.
There is a phishing scam on Facebook. A recent report says that a huge number of Facebook users have fallen for this scam and given up their passwords. The scam is still happening, and around 10 million users have fallen for the phishing scam.
According to a report published by researchers at PIXM Security, a scam has been targeting Facebook users for months. This cyberattack started last year and increased in September. The researchers believe that millions of Facebook users were exposed each month by the scam. The attack remains active today.
PIXM has allegedly uncovered that the scammer is one person, who is located in Colombia. The reason PIXM believes this is because each message links back to a personal website. PIXM has asked the individual to respond, and they did.
The core of the phishing scam is a fake Facebook login page. It might not look immediately suspicious because it imitates Facebook’s user interface. Once a victim enters their credentials and clicks “Log In,” those credentials are sent to the attacker’s server. Then, in a likely automated fashion, the threat actor would login to that account and proceed to steal information from the Facebook profile.
If any Friends of the victim click the link, they will be brought to a fake login page. If they input their credentials, they will be forwarded to their friends. The attackers also redirect their victims to a page that’s full of advertisements — they also use surveys to make money. This new scam is a big money-maker for the attackers, researchers said.
When researchers contacted the individual responsible for creating the phishing campaign, he said the money was good. The individuals, who are based in the U.S., help me earn $150 for every thousand people that visited a specific ad page. Researchers estimate that the phishing campaign is earning $59 million. However, they don’t believe the criminals are being honest about their earnings. The criminals are probably exaggerating their earnings by a lot.
When a user clicks a link in Facebook Messenger, the browser will redirect them to an app deployment service. This service is legitimate. After clicking the link, users will be redirected to an actual phishing site that looks legitimate. The phishing site’s URL will appear to be a link generated by this legitimate service.
Even if Facebook blocked one of the rogue domains, this is a trivial process for the spammers. They can just launch a new domain with a different name and continue their campaign. We observed that it was common practice for them to launch several new domains every day.