Facebook Messenger users in 84 countries face phishing scam threat
Analysts at cybersecurity firm Group-IB's Digital Risk Protection (DRP) wing have uncovered an old-school phishing scam targeting Facebook Messenger users at a global scale. The scam highlights yet another loophole, this time in Facebook's advertising system that doesn't seem to verify anything about the advertiser. Here's how this scam works and how you can steer clear of it.
- Scammers promoted a 'new' Facebook Messenger version, collected login information
- The scam seems to have affected people around the world
- Facebook itself advertised and promoted the posts from cybercriminals' accounts
- Cybercriminals used same profile picture, link shorteners to avoid suspicion
- Scammers gave fictitious Messenger features that even Facebook hasn't contemplated
- Since first sighting, the scam has grown in scope: Group-IB
- Victims could be blackmailed, subject to extortion and identity theft
- Basic cyber hygiene, paying attention can help avoid this scam
Scammers promoted a 'new' Facebook Messenger version, collected login information
In a release, Group-IB explained that the scammers are distributing ads promoting an updated version of Facebook Messenger. Users who click on the link contained in the ad are redirected to a fraudulent Facebook Messenger webpage. Here, the victim are asked to log in to their Facebook account from where the cybercriminals would harvest the login credentials.
The scam seems to have affected people around the world
Group-IB estimates that Messenger users from at least 84 countries in Europe, Asia, Middle East & Africa region (MEA), North America, and South America could have fallen prey to this scam. The firm's analysts found at least 1,000 Facebook accounts employed in the scheme.
Facebook itself advertised and promoted the posts from cybercriminals' accounts
The bad actors used multiple Facebook accounts with names similar to Messenger such as "Messanger," "Meseenger," and "Masssengar" to post the malicious links which harvested credentials. Alarmingly, the scammer's posts (pictured) were being promoted on Facebook by the social media giant's advertising system. Essentially, the bad actors paid Facebook to aggressively promote a Facebook Messenger scam, targeting Facebook users. Let that sink in.
Cybercriminals used same profile picture, link shorteners to avoid suspicion
To lure unsuspecting victims, all the accounts created by the cybercriminals had the same profile picture as Facebook's authentic account for Messenger. To bypass Facebook's scam filters, the cybercriminal used link shorteners such as linktr.ee and bit.ly to navigate to the phishing links. The forms that harvested credentials were hosted on platforms such as blogspot.com, sites.google.com, and github.io.
Scammers gave fictitious Messenger features that even Facebook hasn't contemplated
To make the upgrade seem lucrative, the scammers reportedly claimed that the "updated Messenger" packed fictional features that let you see who viewed your account, view deleted messages, and upgrade to "Gold Messenger". Group-IB said that scammers even threatened and pressurized victims to enter their login credentials or face a (fictitious) permanent Facebook account ban.
Since first sighting, the scam has grown in scope: Group-IB
Group-IB says it first uncovered the scam in the summer of 2020. It explained that since its initial discovery, the scam has grown in scope, spreading to multiple regions around the world. Analysts claim that in April, there were 5,700 fraudulent Facebook posts luring users. The analysts speculate that the victims' accounts could be used for promoting the scam and other nefarious activities.
Victims could be blackmailed, subject to extortion and identity theft
Additionally, the scammers could lock victims out of their accounts and demand ransom to restore access. Data from the Facebook accounts could also be used to blackmail and extort money from victims and their Facebook friends. The possibilities are endless. To steer clear, all you need to do is keep an eye out for misspelled brand names and follow basic cyber hygiene.
Basic cyber hygiene, paying attention can help avoid this scam
Group-IB recommended that users also pay attention to the URL of websites they visit. Poll websites and one-page blogs are major red flags, it said. This scam also highlights Facebook's sheer lack of monitoring and control over the content that's advertised and the usernames bad actors could use. Following the recent hacks, Facebook seems to be the go-to website to bid your privacy adieu.
