When Messenger detects that this might be happening, it will warn users that the person they are messaging might be pretending to be someone they know. Similarly, the app will also look for messages that come from accounts that may be trying to impersonate a Facebook friend. Researchers warn, “As long as these domains remain undetected by use of legitimate services, these phishing tactics will continue to flourish.Messenger will employ the same type of warning to root out potential scammers, warning users to “be wary of claims about money” when they receive a message from someone they aren’t already friends with. The data indicated that nearly 2.8 million people fell for the scam in 2021 and 8.5 million have so far this year. PIXM said it was able to access the hacker’s own pages for tracking the campaigns. We would often observe several used in a day, per service,” researchers said. But, in terms of what lands on Facebook, it’s a link generated using a legitimate service that Facebook could not outright block without blocking legitimate apps and links as well.”Įven if Facebook caught on to and blocked any one of these illegitimate domains, “it was trivial (and based on the speed we observed, likely automated) to spin up a new link using the same service, with a new unique ID. “After the user has clicked,” the report’s authors explained, “they will be redirected to the actual phishing page. The first redirect points to a legitimate “app deployment” service. When a victim clicks on a malicious link in Messenger, the browser initiates a chain of redirects. The perpetrator of this campaign managed to circumvent the social media platform’s security checks by utilizing a technique that Facebook didn’t catch, PIXM said. This, researchers said, “would put this threat actor’s projected revenue at $59M from Q4 2021 to present.” However, researchers don’t believe the criminal is being honest about their earnings, adding they are “probably exaggerating quite a bit.” How the Scam Bypassed Security PIXM estimates nearly 400 million U.S.-based page views of the exit page. When researchers reached out to the individual taking claim for the phishing campaign the individual “claimed to make $150 for every thousand visits from the United States.” Each of these pages generates referral revenue for the attacker, researchers said. Post-credential phish, victims are redirected to pages with advertisements, which also in many instances also included surveys. If they fall for it the credential-stealing message is forwarded to their Friends. Then, “in a likely automated fashion,” the authors of the report explained, “the threat actor would login to that account, and send out the link to the user’s Friends via Facebook Messenger.”Īny Friends that click the link are brought to the fake login page. When a victim enters their credentials and clicks “Log In,” those credentials are sent to the attacker’s server. It might not look immediately suspicious, as it copies Facebook’s user interface closely. The crux of the phishing campaign centers around a fake Facebook login page. Researchers state the individual went so far as responding to researcher inquiries. The reason PIXM believes the massive Facebook scam is tied to a single individual is because each message links back to code “signed” with a reference to a personal website. PIXM asserts the campaign is tied to a single person located in Colombia. Researchers assert that the campaign remains active.įacebook has not replied to requests for comment for this report. Researchers believe millions of Facebook users were exposed each month by the scam. Unconfirmed estimates suggest nearly 10 million users fell prey to the scam, earning a single perpetrator behind the phishing ploy a huge payday.Īccording to a report published by researchers at PIXM Security, the phishing campaign began last year and ramped up in September. For months now, millions of Facebook users have been duped by the same phishing scam that cons users into handing over their account credentials.Īccording to a report outlining the phishing campaign, the scam is still active and continues to push victims to a fake Facebook login page where victims are enticed to submit their Facebook credentials.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |