Each of these pages generates referral revenue for the attacker, researchers said. Post-credential phish, victims are redirected to pages with advertisements, which also in many instances also included surveys. If they fall for it the credential-stealing message is forwarded to their Friends. Then, “in a likely automated fashion,” the authors of the report explained, “the threat actor would login to that account, and send out the link to the user’s Friends via Facebook Messenger.”Īny Friends that click the link are brought to the fake login page. When a victim enters their credentials and clicks “Log In,” those credentials are sent to the attacker’s server. It might not look immediately suspicious, as it copies Facebook’s user interface closely. The crux of the phishing campaign centers around a fake Facebook login page. Researchers state the individual went so far as responding to researcher inquiries. The reason PIXM believes the massive Facebook scam is tied to a single individual is because each message links back to code “signed” with a reference to a personal website.
PIXM asserts the campaign is tied to a single person located in Colombia. Researchers assert that the campaign remains active.įacebook has not replied to requests for comment for this report.
Researchers believe millions of Facebook users were exposed each month by the scam. Unconfirmed estimates suggest nearly 10 million users fell prey to the scam, earning a single perpetrator behind the phishing ploy a huge payday.Īccording to a report published by researchers at PIXM Security, the phishing campaign began last year and ramped up in September. For months now, millions of Facebook users have been duped by the same phishing scam that cons users into handing over their account credentials.Īccording to a report outlining the phishing campaign, the scam is still active and continues to push victims to a fake Facebook login page where victims are enticed to submit their Facebook credentials.
0 kommentar(er)
