Beware of Facebook Messenger Scams
Table of Contents
- By Patrick Ryan
- Jun 21, 2022
A messenger scam on Facebook has fooled millions of the social media platform’s users.
Around 10 million Facebook users were duped by the phishing message. The scam is successful to the point that it fools targets into forking over their login credentials, making it seem as though the inquiry and request are completely legitimate.
How Does the Facebook Messenger Scam Work?
A recent report detailing the phishing campaign noted that the Facebook scam is ongoing. The scam steers victims toward a fake login Facebook page. At this point, the targeted Facebook users are encouraged to provide a username and password.
When did the Phishing Campaign Start?
The Facebook messenger scam started last year yet didn’t peak until September. If estimates are accurate, the phishing scam converts millions of targets per month, meaning the campaign is ever-evolving, amounting to quite the sizable payday for the hacker behind it.
How is the Threat Actor Getting Around Digital Safeguards?
At this point, readers are understandably wondering how, exactly, the latest Facebook messenger scam was able to circumvent digital protections. The creativity of this attack is a testament to the need to upgrade your computer and network digital safeguards with regularity.
The threat actor used a strategy that Facebook’s digital security checks could not identify. The clicking of the Messenger link spurs a series of redirects from app deployment services to the phishing page, etc.
Therefore, Facebook cannot block the threat unless it also blocks the apps that the platform’s users use daily. Furthermore, if Facebook succeeded in blocking one of the domains, it would spur a new link without a long wait.
What is Facebook Doing to Eliminate the Threat?
Several media outlets have contacted Facebook to comment on the messenger threat.
However, Facebook has not responded to inquiries for comments on the report.
Who is Behind the Phishing Scam?
According to PIXM, the phishing campaign is allegedly linked to an individual in Colombia. There is a widespread belief in cybersecurity circles that only one person is responsible for the scam as the messages link to the same code that references a personal site. Furthermore, it is also interesting to note that the hacker even responded to questions posed by members of the media.
The brunt of the scam revolved around the phony login page. Though the page does not look odd at first glance, as it nearly replicates the user interface of Facebook, it is completely fake. The target’s entry of their login credentials, followed by a clicking of the “Log In” button, sends the credentials to the hacker’s server.
The hacker logs into the account, transmit the link to their friends through Facebook Messenger and waits until those friends click the link. The scam is then forwarded to that victim’s friends and so on. The digital attack successfully targets millions of people in surprisingly little time by casting a wide net to trap as many victims as possible.
How Much Money is the Attack Generating?
It is estimated that every 1,000 visits to the exit page in question stemming from the United States result in $150 for the threat actor. Part of the hack’s revenue generation is attributable to the redirection of victims to web pages with ads. The redirection occurs after the credentials in question are stolen.
As a result, it is logical to conclude that the hacker is generating massive revenue from kickbacks paid out by those who own the survey sites. All in all, PIXM estimates the 400 million exit page views stemming from the United States result in nearly $60 million in revenue from the final fiscal quarter of 2021 up until the time of this publication.