Facebook users, be very careful right now! A scam rages on the social network via Messenger to steal your identifiers on a fake login page. The problem is that the trapped messages come from your own friends…
Hackers are attacking many Facebook users with a particularly vicious scam. A phishing campaign steals account credentials through a fake login page. PIXM, a New York firm specializing in security, estimates that about 10 million users of the social network have been had in a few months, and that several hundred million members have been targeted. Launched in September 2021, the campaign has unfortunately grown significantly since April 2022.
We all know that you should never click on a link sent by email or SMS by a stranger, a company or an organization. But what if this link is sent by one of your Facebook friends? This is the strength of this scam, since someone on your friends list sends you a very ordinary private message via Messenger. Although it has no personalization, it is extremely effective and invites you to click on a link that leads… to the Facebook login page. More exactly, to a fake page built almost identically to the real social network connection interface. The goal is to make you believe that to access content sent by a friend – a video, a meme or just a Facebook post – you have to reconnect to the platform. You enter your username and password, in complete confidence, and the trap closes: the fake site takes care of stealing these precious sesames, as well as all the personal information linked to your Facebook account. And therefore to all third-party services linked to your account.
An unstoppable scam
The PIXM company has inspected the code associated with the website to which users are redirected and has thus been able to trace the path taken by the threat. They also noticed a link leading to a traffic monitoring application, the metrics of which they were able to consult. The scheme is particularly ingenious because they managed to escape the vigilance of Facebook. Indeed, when you click on a link from Messenger, the browser redirects you to a completely harmless application deployment service, which means that the link is therefore not blocked by Facebook. Only then are you redirected to a real phishing page this time. Facebook can’t do anything since blocking this app deployment service would also block other harmless apps and links.
Another problem is that hackers use popular services like glitch.me, Famous.co, amaze.co and funnel-preview.com. These sites are used to quickly deploy and generate URLs for entire applications. As soon as Facebook blocks a link, others are immediately created to replace it. As a result, this scam is very complicated to block and spot. Only solution: if a friend sends you a link without more ceremony, start the conversation to be sure that it is really him who sends you the message.