Beware of this scam which has already claimed 10 million victims on Facebook

Lured by a fake login page, millions of Facebook users have fallen into the trap set by a cyberscammer in the space of a few months.

Many Facebook users have been duped in recent months by a scam. This consists of a phishing-type operation which aims, for scammers, to steal people’s identifiers using a fake login page. The New York security firm PIXM estimates that around 10 million users of the social network have fallen into the trap, out of several hundred million potentially targeted members.

A scheme that begins with messages sent by your (trapped) friends from Messenger

It all started with a fake Facebook connection portal which would have started “its activity” in September 2021. Obviously, and this is the primary source of its success, it is built almost identically to the interface of legitimate social network connection. In other words: a user with little regard can easily be fooled, and thus have the identification information attached to his Facebook account stolen.

Very concretely, how can a user be tricked? Often, we imagine that cyber scams go through e-mails or SMS, but here, they come directly from… your Facebook friends. Basically, someone on your list sends you a mundane private message via Facebook Messenger, without any real personalization (which may raise suspicion) and invites you to click on a link. The fake login page does the rest.

Since its launch, the phishing campaign has grown, reaching its peak in April and May 2022. On the side of cyber professionals, it is estimated, without outbidding, at around 10 million the number of Facebook users duped by this scam since last year.

A technique that allows to escape the control of Facebook

By inspecting the code associated with the website to which users are redirected, PIXM revealed two interesting points. First, there is a reference to the actual server hosting the database server that collects user credentials. This was obviously different from the original URL visited by members, with a clever game of various redirects.

Next, cyber experts found a link pointing to a traffic monitoring application, whose metrics can be viewed without authentication. This obtained the threat actors’ traffic data for the landing page as well as other pages developed by the hackers.

Where the hackers shined was in managing to evade Facebook’s security checks. Because, when a user clicks on a link from Messenger, the browser first redirects them to a legitimate application deployment service, before being redirected to a real phishing page. There are advertisements and other surveys to complete in order to be able to generate income at the same time, which remains the primary goal of hackers.

Facebook does not stand idly by, but when the Meta group blocks a link, several others are created in stride, and this, daily, with new unique identifiers which come to replace it. This scam is as complicated to neutralize by the social network as it is to be spotted by users, who initially think that the links received by message come from relatives, friends or acquaintances. Caution remains, again and again, the essential leitmotif. It is therefore better, if in doubt, to respond to the message and start a conversation with the friend in question, in order to verify that he still has control of his account.

Source : PIXM