According to analysts at a Singapore-based cybersecurity firm Group-IB, cybercriminals distributed ads promoting an allegedly updated version of Facebook Messenger to harvest users’ login credentials.
(Subscribe to our Today’s Cache newsletter for a quick snapshot of top 5 tech stories. Click here to subscribe for free.)
Users of Facebook Messenger have been targeted in a large-scale scam campaign in at least 84 countries including Canada, the United States, France, Germany, Italy, Singapore, Malaysia, and South Africa.
According to analysts at a Singapore-based cybersecurity firm Group-IB, cybercriminals distributed ads promoting an allegedly updated version of Facebook Messenger to harvest users’ login credentials. The firm found about 1,000 fake Facebook profiles that were involved in the scam.
To draw users’ attention, fraudsters registered accounts with names similar to the real app, such as ‘Messanger’, ‘Meseenger’, and ‘Masssengar’, and used Facebook Messenger’s official logo in their profile picture.
“To facilitate the moderation process in Facebook and to bypass its scam filters, scammers shortened links created with the help of services like linktr.ee, bit.ly, cutt.us, cutt.ly, and rb.gy,” Group-IB wrote in a blog post.
Once a user clicked on the fake app download link, they were directed to a fake Facebook Messenger website with a login form, where they were asked to enter their credentials. Cybercriminals used blogspot.com, sites.google.com, github.io, and godaddysites.com to register fake Facebook Messenger login pages.
Scammers added features like the possibility to find out who visited an user profile and saw the messages that were deleted, or even offered to shift to Gold Messenger to lure users into following the link.
Cybercriminals also threatened users that if they didn’t sign up on the fake page, their account would be banned forever.
“The safety and security of our users is always our top priority and we are investigating this matter,” a Facebook spokesperson said.
“We have a zero-tolerance policy to scams on our services and take immediate action to remove illegal activity as quickly as possible, and strongly encourage users to report any suspicious activity.”
Group-IB advised users to be cautious while following shortened links and raise a red flag if it leads to a poll or one-page blog. Besides, it suggested that users never enter any personal data on websites to which they got from third-party resources even if they have logos of well-known brands.
Users can also pay attention to the domain of the page as fraudsters often register domain names misspelling brand names, as it was the case with Facebook Messenger.