Newsbytes
  • India
  • Business
  • World
  • Politics
  • Sports
  • Technology
  • Entertainment
  • Auto
  • Lifestyle
  • Inspirational
  • Career
  • Bengaluru
  • Delhi
  • Mumbai
  • Videos
  • Visual Stories
  • Reviews
  • Phone Reviews
  • Fitness Bands Reviews
  • Speakers Reviews
  • Find Cricket Statistics
Hindi
More
In the news
Samsung
Elon Musk
Apple
Newsbytes
Hindi
Newsbytes
User Placeholder

Hi,

Logout


India
Business
World
Politics
Sports
Technology
Entertainment
Auto
Lifestyle
Inspirational
Career
Bengaluru
Delhi
Mumbai
Videos
Visual Stories
Reviews
Phone Reviews
Fitness Bands Reviews
Speakers Reviews
Find Cricket Statistics

More Links
  • Videos

Download Android App

Follow us on
  • Facebook
  • Twitter
  • Linkedin
  • Youtube
 
Home / News / Technology News / Facebook Messenger users in 84 countries face phishing scam threat
Technology

Facebook Messenger users in 84 countries face phishing scam threat

Facebook Messenger users in 84 countries face phishing scam threat
Written by Chandraveer Mathur
Apr 21, 2021, 05:02 pm 4 min read
Facebook Messenger users in 84 countries face phishing scam threat

Analysts at cybersecurity firm Group-IB's Digital Risk Protection (DRP) wing have uncovered an old-school phishing scam targeting Facebook Messenger users at a global scale. The scam highlights yet another loophole, this time in Facebook's advertising system that doesn't seem to verify anything about the advertiser. Here's how this scam works and how you can steer clear of it.

Harvesting credentials
Scammers promoted a 'new' Facebook Messenger version, collected login information

In a release, Group-IB explained that the scammers are distributing ads promoting an updated version of Facebook Messenger. Users who click on the link contained in the ad are redirected to a fraudulent Facebook Messenger webpage. Here, the victim are asked to log in to their Facebook account from where the cybercriminals would harvest the login credentials.

Data
The scam seems to have affected people around the world

Group-IB estimates that Messenger users from at least 84 countries in Europe, Asia, Middle East & Africa region (MEA), North America, and South America could have fallen prey to this scam. The firm's analysts found at least 1,000 Facebook accounts employed in the scheme.

Eye opener
Facebook itself advertised and promoted the posts from cybercriminals' accounts

The bad actors used multiple Facebook accounts with names similar to Messenger such as "Messanger," "Meseenger," and "Masssengar" to post the malicious links which harvested credentials. Alarmingly, the scammer's posts (pictured) were being promoted on Facebook by the social media giant's advertising system. Essentially, the bad actors paid Facebook to aggressively promote a Facebook Messenger scam, targeting Facebook users. Let that sink in.

Easy workarounds
Cybercriminals used same profile picture, link shorteners to avoid suspicion

To lure unsuspecting victims, all the accounts created by the cybercriminals had the same profile picture as Facebook's authentic account for Messenger. To bypass Facebook's scam filters, the cybercriminal used link shorteners such as linktr.ee and bit.ly to navigate to the phishing links. The forms that harvested credentials were hosted on platforms such as blogspot.com, sites.google.com, and github.io.

Creative bait
Scammers gave fictitious Messenger features that even Facebook hasn't contemplated

To make the upgrade seem lucrative, the scammers reportedly claimed that the "updated Messenger" packed fictional features that let you see who viewed your account, view deleted messages, and upgrade to "Gold Messenger". Group-IB said that scammers even threatened and pressurized victims to enter their login credentials or face a (fictitious) permanent Facebook account ban.

Global scale
Since first sighting, the scam has grown in scope: Group-IB

Group-IB says it first uncovered the scam in the summer of 2020. It explained that since its initial discovery, the scam has grown in scope, spreading to multiple regions around the world. Analysts claim that in April, there were 5,700 fraudulent Facebook posts luring users. The analysts speculate that the victims' accounts could be used for promoting the scam and other nefarious activities.

Potential consequences
Victims could be blackmailed, subject to extortion and identity theft

Additionally, the scammers could lock victims out of their accounts and demand ransom to restore access. Data from the Facebook accounts could also be used to blackmail and extort money from victims and their Facebook friends. The possibilities are endless. To steer clear, all you need to do is keep an eye out for misspelled brand names and follow basic cyber hygiene.

Countermeasures
Basic cyber hygiene, paying attention can help avoid this scam

Group-IB recommended that users also pay attention to the URL of websites they visit. Poll websites and one-page blogs are major red flags, it said. This scam also highlights Facebook's sheer lack of monitoring and control over the content that's advertised and the usernames bad actors could use. Following the recent hacks, Facebook seems to be the go-to website to bid your privacy adieu.

Share this timeline
Facebook
Whatsapp
Twitter
Linkedin
Chandraveer Mathur
Chandraveer Mathur
Mail
I am a design engineer with a knack for all things related to tech, smartphones, photography, and automobiles. When I am not tinkering with gadgets, I enjoy books, CGI, a lovingly curated audio library, and therapeutic solo drives.
Latest
Phishing Attack
Facebook Messenger
Cybersecurity
Related
Latest
Witness the power of museums this International Museum Day
Witness the power of museums this International Museum Day Lifestyle
5 anime films to watch on Amazon Prime Video
5 anime films to watch on Amazon Prime Video Entertainment
Apple releases new updates for iPhones, iPads: Details here
Apple releases new updates for iPhones, iPads: Details here Technology
IPL 2022: SRH beat MI, stay alive in playoffs race
IPL 2022: SRH beat MI, stay alive in playoffs race Sports
SC extends demolition of Noida's Supertech twin towers: Details here
SC extends demolition of Noida's Supertech twin towers: Details here Business
Phishing Attack
Sensitive data of 100 million users leaked on Dark Web
Sensitive data of 100 million users leaked on Dark Web Technology
How hackers used WhatsApp, LinkedIn to target human rights activists
How hackers used WhatsApp, LinkedIn to target human rights activists Technology
#BugAlert: Gmail bug allowed sending fake emails from real accounts
#BugAlert: Gmail bug allowed sending fake emails from real accounts Technology
Zoom bug allowed mimicking organizations; now fixed
Zoom bug allowed mimicking organizations; now fixed Technology
This malware can steal passwords, card data from 300+ apps
This malware can steal passwords, card data from 300+ apps Technology
More News
Facebook Messenger
Mark Zuckerberg lost $6 billion during Facebook outage: Details here
Mark Zuckerberg lost $6 billion during Facebook outage: Details here Business
Here's what caused the longest Facebook outage last night
Here's what caused the longest Facebook outage last night Technology
#FacebookDown: Facebook, WhatsApp, Instagram are all down for users worldwide
#FacebookDown: Facebook, WhatsApp, Instagram are all down for users worldwide Technology
Facebook brings chat themes, new features to Instagram and Messenger
Facebook brings chat themes, new features to Instagram and Messenger Technology
Facebook, WhatsApp, TikTok among most popular apps of 2020
Facebook, WhatsApp, TikTok among most popular apps of 2020 Technology
More News
Cybersecurity
ITI seeks revision of CERT-In directive on cybersecurity breaches
ITI seeks revision of CERT-In directive on cybersecurity breaches Technology
Centre orders VPN companies to collect and store user data
Centre orders VPN companies to collect and store user data Technology
Amid Russia-Ukraine crisis, European countries hit by major "cyberattack": Report
Amid Russia-Ukraine crisis, European countries hit by major "cyberattack": Report World
'Bulli Bai' creator nabbed from Assam; 4th arrest in case
'Bulli Bai' creator nabbed from Assam; 4th arrest in case India
Bulli Bai case: 18-year-old main accused arrested from Uttarakhand
Bulli Bai case: 18-year-old main accused arrested from Uttarakhand India
More News
Related
Here's how to update Google Chrome after government's 'cyber-attack' warning
Here's how to update Google Chrome after government's 'cyber-attack' warning Technology
Facebook spotted testing voice, video calling using main app again
Facebook spotted testing voice, video calling using main app again Technology
Next News Article
Next News Article

Love Technology news?

Subscribe to stay updated.

Science Thumbnail
India News Business News World News Politics News Sports News Technology News Entertainment News Auto News Lifestyle News Inspirational News
Career News Bengaluru News Delhi News Mumbai News Mukesh Ambani Indian Premier League (IPL) Karnataka Samsung Xiaomi West Bengal
Bihar Virat Kohli Rohit Sharma Haryana Narendra Modi Arvind Kejriwal Tamil Nadu Gujarat Yogi Adityanath YouTube
Instagram Hollywood News Uttar Pradesh Kerala Netflix Bollywood News Mamata Banerjee Maruti Suzuki Rahul Gandhi Elon Musk
Shah Rukh Khan Chelsea FC OPPO Akhilesh Yadav Indian Cricket Team Apple Manchester United Salman Khan Cryptocurrency OnePlus
Amitabh Bachchan ICC Women's World Cup Vivo India vs Sri Lanka
About Us Privacy Policy Terms & Conditions Contact Us Ethical Conduct Grievance Redressal News News Archive Topics Archive IPL 2022 Schedule IPL 2022 Points Table Find Cricket Statistics
Follow us on
Facebook Twitter Linkedin Youtube
All rights reserved © NewsBytes 2022