Beware of Facebook Messenger Scams

  • By Steven
  • Jun 21, 2022

A messenger scam on Facebook has fooled millions of the social media platform’s users. 

Around 10 million Facebook users were duped by the phishing message. The scam is successful to the point that it fools targets into forking over their login credentials, making it seem as though the inquiry and request are completely legitimate.

How Does the Facebook Messenger Scam Work?

A recent report detailing the phishing campaign noted that the Facebook scam is ongoing. The scam steers victims toward a fake login Facebook page. At this point, the targeted Facebook users are encouraged to provide a username and password.

When did the Phishing Campaign Start?

The Facebook messenger scam started last year yet didn’t peak until September. If estimates are accurate, the phishing scam converts millions of targets per month, meaning the campaign is ever-evolving, amounting to quite the sizable payday for the hacker behind it.

How is the Threat Actor Getting Around Digital Safeguards?

At this point, readers are understandably wondering how, exactly, the latest Facebook messenger scam was able to circumvent digital protections. The creativity of this attack is a testament to the need to upgrade your computer and network digital safeguards with regularity.

The threat actor used a strategy that Facebook’s digital security checks could not identify. The clicking of the Messenger link spurs a series of redirects from app deployment services to the phishing page, etc. 

Therefore, Facebook cannot block the threat unless it also blocks the apps that the platform’s users use daily. Furthermore, if Facebook succeeded in blocking one of the domains, it would spur a new link without a long wait.

What is Facebook Doing to Eliminate the Threat?

Several media outlets have contacted Facebook to comment on the messenger threat

However, Facebook has not responded to inquiries for comments on the report.

Who is Behind the Phishing Scam?

According to PIXM, the phishing campaign is allegedly linked to an individual in Colombia. There is a widespread belief in cybersecurity circles that only one person is responsible for the scam as the messages link to the same code that references a personal site. Furthermore, it is also interesting to note that the hacker even responded to questions posed by members of the media.

The brunt of the scam revolved around the phony login page. Though the page does not look odd at first glance, as it nearly replicates the user interface of Facebook, it is completely fake. The target’s entry of their login credentials, followed by a clicking of the “Log In” button, sends the credentials to the hacker’s server. 

The hacker logs into the account, transmit the link to their friends through Facebook Messenger and waits until those friends click the link. The scam is then forwarded to that victim’s friends and so on. The  digital attack successfully targets millions of people in surprisingly little time by casting a wide net to trap as many victims as possible.

How Much Money is the Attack Generating?

It is estimated that every 1,000 visits to the exit page in question stemming from the United States result in $150 for the threat actor. Part of the hack’s revenue generation is attributable to the redirection of victims to web pages with ads. The redirection occurs after the credentials in question are stolen.

As a result, it is logical to conclude that the hacker is generating massive revenue from kickbacks paid out by those who own the survey sites. All in all, PIXM estimates the 400 million exit page views stemming from the United States result in nearly $60 million in revenue from the final fiscal quarter of 2021 up until the time of this publication.

About the Author
IDStrong Logo

Related Articles

Instagram Vulnerability Allowed Hackers Access to Control Your Phone

Security experts Check Point Research discovered a critical vulnerability while examining Instagra ... Read More

Alien Malware Infects More than 226 Mobile Apps and Steals Bank Data

As reported on September 24, 2020, by ZDNet and ThreatPost, a new strain of malware named “A ... Read More

Universal Health Systems Hit by Ransomware Attack

Universal Health Systems (UHS), a Fortune 500 company owning more than 400 hospitals across the co ... Read More

Exchange Server Bug Exposes a Big Risk to Hackers

Months after Microsoft released a patch to fix a serious flaw in MS Exchange Server, more than 61% ... Read More

Clients’ Bank Data Exposed in Blackbaud Ransomware Attack

Blackbaud software was victim to a ransomware attack last May, and new information suggests that c ... Read More

Latest Articles

Weekly Cybersecurity Recap February 16

Weekly Cybersecurity Recap February 16

This week was particularly active in Cybersecurity—attacks rained upon all states, from the Great Basin of Nevada to the Volcanoes of Hawaii.

462k Hawaiians and Patients Exposed by Health Network Cyberattack

462k Hawaiians and Patients Exposed by Health Network Cyberattack

Navvis & Company is a comprehensive healthcare network throughout the US, including Hawaii. They offer scalable healthcare services that push patients towards their health and wellness goals while supporting providers' roles to achieve those milestones.

National Vascular Care Provider Confirms Cyber Attack; 348k Exposures

National Vascular Care Provider Confirms Cyber Attack; 348k Exposures

Azura Vascular Care operates a national network of health and wellness centers. They specialize in minimally invasive procedures and strive to treat vascular conditions in comfortable, out-patient settings.

Featured Articles

How to Buy a House with Bad Credit

How to Buy a House with Bad Credit

Buying your own home is the American Dream, but it might seem out of reach to those with bad credit. However, the good news is, if your credit is less than perfect, you do still have options and in most cases, can still buy a home.

How Secure Is Your Password? Tips to Improve Your Password Security

How Secure Is Your Password? Tips to Improve Your Password Security

Any good IT article on computers and network security will address the importance of strong, secure passwords. However, the challenge of good passwords is that most people have a hard time remembering them, so they use simple or obvious ones that pose a security risk.

Top 10 Senior Scams and How to Prevent Them

Top 10 Senior Scams and How to Prevent Them

Senior scams are becoming a major epidemic for two reasons. First, seniors often have a lot of money in the bank from a life of working hard and saving.

Free Identity Exposure Scan
Instantly and Securely Check if Your Personal Information is Exposed on the Dark Web or Sold by Data Brokers
Please enter first name
Please enter last name
Please select a state
Free Identity Threat Scan
Instantly Check if Your Personal Information is Exposed
All fields below are required
Please enter first name
Please enter last name
Please enter a city
Please select a state
Please enter an age
Please enter an email address