June 17, 2022

Millions of Facebook users have been duped by a phishing message on Facebook Messenger. The scam involves a fake Facebook login page that asks users to enter their Facebook credentials.

After a victim has been tricked into clicking “Login,” these credentials are sent to the attacker’s server. Afterwards, “in a likely automated fashion,” the attacker logs on to the compromised account and sends the link to the user’s friends via Facebook Messenger.

All Friends who click on the malicious link are taken to the fake login page. As soon as they fall for it and enter their login details, the info-stealing message is forwarded to their Friends.

The analysis of the phishing campaign was provided by researchers of PIXM Security. According to the researchers, the scam is still active, the number of affected users is estimated at almost 10 million.

The researchers said the phishing campaign began in 2021 and was ramped up in September and  millions of Facebook users were exposed to the scam every month.

Searching for the origin of the phishing scam, the researchers linked it to a single person in Colombia. The campaign was linked to a single person, as each message refers back to a code that is “signed” with a reference to a personal website.

The sources for this piece include an article in ThreatPost.