A scam has been discovered that has deceived millions of users in the last month. Beware of these Messenger messages, they are a phishing attempt.
In recent months, more than 10 million users have been scammed. All of this took place on the Messenger messaging platform, where victims were lured by a phishing message.
Phishing is a scam that tries to deceive the victim into providing personal information, financial data or access codes, posing as a trustworthy entity. In this case, they pretended to be members of the Facebook staf by asking users for login credentials.
This is a scam that leads users to a fake Facebook login page, but is still active. Let’s see together what this scam entails and how to avoid falling into these messages.
Taken on the hook
In the report resulting from the work of PIXM Security researchers we read that the phishing campaign started last year with the pace that intensified in September. The campaign turns out to be currently active and, every month, millions of users are exposed to this scam and put at risk. Facebook did not respond to requests for comment from the report.
The campaign would be linked to a single individual who would be in Colombia because each message refers to a code that appears to be signed with a reference to a personal website. According to the researchers, the author went so far as to answer the questions they asked him by admitting that he was behind and of earn $ 150 for every thousand visits from the United States. In reference to the page with advertisements to which whoever falls victim to the scam is then redirected.
The fraudulent page follows faithfully the Facebook login interface. By entering your credentials and clicking on Log in you do not enter your Facebook account but User and Password are delivered straight into the crook’s hands. According to the researchers, at that point the threat actor probably logs into that account and sends the link to the user’s friends via Facebook Messenger.
Precisely through this mechanism the scam continues to run in an unstoppable manner. Because any friend of the original victim who clicks will find themselves falling into the ea trap send the link so that all your contacts are victims of it. By being redirected to a series of pages with advertisements, revenue is generated for the attacker.
Making an estimate, the researchers report this actor’s expected revenue at $ 59 million from the fourth quarter of 2021 to date. Despite having collected the testimony, scholars argue that those who said this are exaggerating. “As long as these domains remain discovered through the use of legitimate services, these phishing tactics will continue to thrive.”, State the researchers.