A large-scale phishing attack has been detected by PIXM, as well as by the person who carried out the attacks.
Like phishing attack Continued to be the target of threat actors, one scam discovered that one user stole a million Facebook account credentials in a period of just four months. Anti-fraud company PIXM detected that a rogue login portal because Facebook was used as a foothold for the social network’s landing page and that users were entering their account information to try to log into the site only to have their information stolen.
“It is impressive how much revenue a threat actor can generate even without using ransomware or other images,” said Chris Clements, vice president of solution architecture at the cybersecurity firm. Other common scams like asking for a gift card or asking for PayPal urgently. Cerberus Sentinel. “Given enough scale, even actions like advertising referrals that lead to coins can grow into amounts that become attractive to mining cybercriminals.”
Phishing Tactics Used to Steal Facebook Login Credentials
When PIXM took a closer look at the fake landing page, it found “a reference to a real server hosting a database server to collect user-entered credentials”, which has since been corrected. changed from a legitimate URL and resulted in a series of redirects. Also in the code, PIXM discovered a link to a traffic monitoring application, allowing the anti-phishing company to view tracking metrics. This resulted in PIXM not only detecting traffic information from the cybercriminal site, but also a host of other fake landing pages.
“People often underestimate the value of their social media accounts, don’t enable MFA and otherwise protect their accounts from cybercriminals. Unfortunately, when bad guys take over an account, it’s often used to attack their friends and family,” said Erich Kron, security awareness advocate at KnowBe4. “Through the use of a compromised real account, the bad guys will use the trust inherent in a known connection to trick people into taking actions or risks they wouldn’t normally do. ”
The links were later found to have originated from Facebook itself, as the attackers would gain access to the victim’s account, then send the malicious link to the victim’s friend group for additional information. account login. Using services like glitch.me, famous.co, amaze.co, and funnel-preview.com, the websites will deploy and generate URLs of fake Facebook landing pages, thus tricking individuals into visiting and their account information stolen.
Upon further investigation, the attacks appear to have originated from a threat actor in Colombia, along with the email address of the person who carried out the attacks.
UNDERSTAND: Password Breach: Why Pop Culture and Passwords Don’t Go Together (Free PDF) (TechRepublic)
Ways to avoid becoming a victim of Facebook scams
One main way to avoid these attacks is by do not click on links that appear to be fake or illegal, even if they appear to come from a trusted friend or source. While someone close to you may send you a link, that doesn’t necessarily mean it came from an actual person’s account, as evidenced by large-scale phishing attacks. sketch above.
“To stay safe, everyone should be aware of the type of fraudulent campaign that cybercriminals are running and always be on the lookout,” Clements said. “Any unusual requests from social media contacts should be independently verified through another method, such as calling your friends to confirm the action they requested. is legal.”
One method to avoid having your account compromised is to use MFA, which requires entering a code or string of numbers before someone can access your particular account. This can prevent cybercriminals by not having all the information needed to log into a compromised account.
“To protect themselves against the threat, individuals should enable MFA on their accounts and should use strong and unique passwords for each account,” says Kron. “Individuals should always be wary of unusual requests, posts or messages, even if sent by a trusted friend. If asked to verify themselves, people should make sure they look at the URL bar in their browser to make sure they’re logging into a real website and not a human look. “
