Facebook Messenger users in 84 countries face phishing scam threat
Analysts at cybersecurity firm Group-IB's Digital Risk Protection (DRP) wing have uncovered an old-school phishing scam targeting Facebook Messenger users at a global scale. The scam highlights yet another loophole, this time in Facebook's advertising system that doesn't seem to verify anything about the advertiser. Here's how this scam works and how you can steer clear of it.
In a release, Group-IB explained that the scammers are distributing ads promoting an updated version of Facebook Messenger. Users who click on the link contained in the ad are redirected to a fraudulent Facebook Messenger webpage. Here, the victim are asked to log in to their Facebook account from where the cybercriminals would harvest the login credentials.
Group-IB estimates that Messenger users from at least 84 countries in Europe, Asia, Middle East & Africa region (MEA), North America, and South America could have fallen prey to this scam. The firm's analysts found at least 1,000 Facebook accounts employed in the scheme.
The bad actors used multiple Facebook accounts with names similar to Messenger such as "Messanger," "Meseenger," and "Masssengar" to post the malicious links which harvested credentials. Alarmingly, the scammer's posts (pictured) were being promoted on Facebook by the social media giant's advertising system. Essentially, the bad actors paid Facebook to aggressively promote a Facebook Messenger scam, targeting Facebook users. Let that sink in.
To lure unsuspecting victims, all the accounts created by the cybercriminals had the same profile picture as Facebook's authentic account for Messenger. To bypass Facebook's scam filters, the cybercriminal used link shorteners such as linktr.ee and bit.ly to navigate to the phishing links. The forms that harvested credentials were hosted on platforms such as blogspot.com, sites.google.com, and github.io.
To make the upgrade seem lucrative, the scammers reportedly claimed that the "updated Messenger" packed fictional features that let you see who viewed your account, view deleted messages, and upgrade to "Gold Messenger". Group-IB said that scammers even threatened and pressurized victims to enter their login credentials or face a (fictitious) permanent Facebook account ban.
Group-IB says it first uncovered the scam in the summer of 2020. It explained that since its initial discovery, the scam has grown in scope, spreading to multiple regions around the world. Analysts claim that in April, there were 5,700 fraudulent Facebook posts luring users. The analysts speculate that the victims' accounts could be used for promoting the scam and other nefarious activities.
Additionally, the scammers could lock victims out of their accounts and demand ransom to restore access. Data from the Facebook accounts could also be used to blackmail and extort money from victims and their Facebook friends. The possibilities are endless. To steer clear, all you need to do is keep an eye out for misspelled brand names and follow basic cyber hygiene.
Group-IB recommended that users also pay attention to the URL of websites they visit. Poll websites and one-page blogs are major red flags, it said. This scam also highlights Facebook's sheer lack of monitoring and control over the content that's advertised and the usernames bad actors could use. Following the recent hacks, Facebook seems to be the go-to website to bid your privacy adieu.
