The discovery of a large-scale Facebook Messenger scam potentially affecting hundreds of millions of Facebook users highlights the global threat potential of phishing attacks. 

PIXM reports that 2.7 million users have visited a phishing site in 2021, and around 8.5 million so far in 2022. This represents huge growth in this attack method compared to last year.

Compromised Facebook accounts

The threat actors use compromised Facebook accounts to spread the phishing pages via Facebook Messenger. The links probably came from Facebook itself, according to the researchers. That is, a user's account is compromised, and the threat actor likely automatically logs into that account and sends the link to the user's friends via Facebook Messenger. Facebook's internal threat intelligence team is privy to these credential harvesting systems, but this group uses a technique to bypass the blocking of their URLs.

Here is a recent example of a compromised Facebook account

“Incredible, I found your video.” If you this or similar message via Facebook Messenger, do not click on the link and above all: do not give out your Facebook login details!

These messages that you receive from friends via Facebook Messenger have been circulating for years. A video preview with short text that usually says “Is that you in the video?” or something similar. Often garnished with a frightened emoji, so one has to assume that it is a video with rather sensitive content.

Screenshot: Facebook Messenger with the incorrect message "Incredible, I found your video."
Screenshot: Facebook Messenger with the incorrect message "Incredible, I found your video."

Do not click or enter any login details

But the sender is not our Facebook friends, but rather fraudsters who are trying to use this scam to crack Facebook accounts.

Screenshot of an incorrect Facebook login page
Screenshot of an incorrect Facebook login page

What can happen

If you're curious, you click or tap on it anyway. After all, the link seems to come from a trustworthy person, right? The scammers have different approaches, which is why the following can happen:

  • You come to a page with a video, but you supposedly have to install a browser plugin to see it. However, this plugin intercepts the login data for Facebook and you can never see a video
  • You are taken to a replica Facebook page where you have to enter your login details to see the video. Of course no video appears, but the scammers now have the login details
  • You catch a Trojan.

"I got hacked!"

If you enter your access data, a cycle is started. The messages with the alleged video are sent to the entire friends list, and here too there may be “victims” who click on the video and enter their access data. Facebook users who have been made aware of the news often respond by posting that their Facebook profile has been hacked.

What you should do if you get this Facebook video message in Messenger: Write back that your friend urgently needs to change their Facebook account login details

What you should NOT do, however, is click on the picture sent via Facebook Messenger out of sheer curiosity and fear. The video described simply does not exist because it is a fraud trap!

Fell into the trap?

If, despite all caution, you fall victim to a phishing attack, it is first important to keep an overview. In this case, change your Facebook access data immediately and, when asked, log out all of your devices from Facebook and follow Facebook's instructions!

1. I think my Facebook account has been hacked or is being used by someone without my consent
2. I think my boyfriend/girlfriend's Facebook account has been hacked.

What to do if you are affected?

  1. Change your Facebook account password immediately
  2. Check whether the correct email address is stored in the Facebook account.
  3. Inform your friends list about the mishap.
  4. Scan your computer for malware.
  5. If necessary, remove all harmful browser extensions in the browser and check whether there are any other extensions/add-ons in the browser that you have not installed or that you are not aware of.

Source:
Phishing tactics: how a threat actor stole 1M credentials in 4 months


If you enjoyed this post and value the importance of well-founded information, become part of the exclusive Mimikama Club! Support our work and help us promote awareness and combat misinformation. As a club member you receive:

📬 Special Weekly Newsletter: Get exclusive content straight to your inbox.
🎥 Exclusive video* “Fact Checker Basic Course”: Learn from Andre Wolf how to recognize and combat misinformation.
📅 Early access to in-depth articles and fact checks: always be one step ahead.
📄 Bonus articles, just for you: Discover content you won't find anywhere else.
📝 Participation in webinars and workshops : Join us live or watch the recordings.
✔️ Quality exchange: Discuss safely in our comment function without trolls and bots.

Join us and become part of a community that stands for truth and clarity. Together we can make the world a little better!

* In this special course, Andre Wolf will teach you how to recognize and effectively combat misinformation. After completing the video, you have the opportunity to join our research team and actively participate in the education - an opportunity that is exclusively reserved for our club members!


Notes:
1) This content reflects the current state of affairs at the time of publication. The reproduction of individual images, screenshots, embeds or video sequences serves to discuss the topic. 2) Individual contributions were created through the use of machine assistance and were carefully checked by the Mimikama editorial team before publication. ( Reason )