We work hard to ensure Messenger is a safe place to connect with the people who matter most while also protecting their privacy ( learn more ), and today, I’m excited to announce a new safety feature that will help millions of people avoid potentially harmful interactions and possible scams without compromising their privacy. Privacy, safety and security are fundamental to Messenger. Researchers warn, “As long as these domains remain undetected by use of legitimate services, these phishing tactics will continue to flourish.By Jay Sullivan, Director of Product Management, Messenger Privacy and Safety May 21, 2020 The data indicated that nearly 2.8 million people fell for the scam in 2021 and 8.5 million have so far this year. PIXM said it was able to access the hacker’s own pages for tracking the campaigns. We would often observe several used in a day, per service,” researchers said. But, in terms of what lands on Facebook, it’s a link generated using a legitimate service that Facebook could not outright block without blocking legitimate apps and links as well.”Įven if Facebook caught on to and blocked any one of these illegitimate domains, “it was trivial (and based on the speed we observed, likely automated) to spin up a new link using the same service, with a new unique ID. “After the user has clicked,” the report’s authors explained, “they will be redirected to the actual phishing page. The first redirect points to a legitimate “app deployment” service. When a victim clicks on a malicious link in Messenger, the browser initiates a chain of redirects. The perpetrator of this campaign managed to circumvent the social media platform’s security checks by utilizing a technique that Facebook didn’t catch, PIXM said. This, researchers said, “would put this threat actor’s projected revenue at $59M from Q4 2021 to present.” However, researchers don’t believe the criminal is being honest about their earnings, adding they are “probably exaggerating quite a bit.” How the Scam Bypassed Security PIXM estimates nearly 400 million U.S.-based page views of the exit page. When researchers reached out to the individual taking claim for the phishing campaign the individual “claimed to make $150 for every thousand visits from the United States.” Each of these pages generates referral revenue for the attacker, researchers said. Post-credential phish, victims are redirected to pages with advertisements, which also in many instances also included surveys. If they fall for it the credential-stealing message is forwarded to their Friends. Then, “in a likely automated fashion,” the authors of the report explained, “the threat actor would login to that account, and send out the link to the user’s Friends via Facebook Messenger.”Īny Friends that click the link are brought to the fake login page. When a victim enters their credentials and clicks “Log In,” those credentials are sent to the attacker’s server. It might not look immediately suspicious, as it copies Facebook’s user interface closely. The crux of the phishing campaign centers around a fake Facebook login page. Researchers state the individual went so far as responding to researcher inquiries. The reason PIXM believes the massive Facebook scam is tied to a single individual is because each message links back to code “signed” with a reference to a personal website. PIXM asserts the campaign is tied to a single person located in Colombia. Researchers assert that the campaign remains active.įacebook has not replied to requests for comment for this report. Researchers believe millions of Facebook users were exposed each month by the scam. Unconfirmed estimates suggest nearly 10 million users fell prey to the scam, earning a single perpetrator behind the phishing ploy a huge payday.Īccording to a report published by researchers at PIXM Security, the phishing campaign began last year and ramped up in September. For months now, millions of Facebook users have been duped by the same phishing scam that cons users into handing over their account credentials.Īccording to a report outlining the phishing campaign, the scam is still active and continues to push victims to a fake Facebook login page where victims are enticed to submit their Facebook credentials.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |