The cybersecurity start-up Pixm has uncovered a large-scale phishing campaign aimed at users of Facebook and Meta messengers. As “BleepingComputer” reported, more than 8 million Facebook users have been affected so far.
The scammers send links in Messenger, which lead via several redirects to a landing page that entices users to enter their Facebook credentials. A new round of redirects then begins, leading to promotional pages, survey forms, and so on. The fraudsters make a profit from these referrals, since they are paid a commission by the advertisers. Pixm estimates that the fraudsters made millions of dollars in profits from an operation of this magnitude.
However, the stolen credentials are used to log into a victim’s Facebook profile and send the phishing link to their friends. As in a snowball system, the number of those attacked grows exponentially with each victim.
Started last year
According to Pixm’s investigation, the campaign started back in September 2021. The security researchers were able to identify a website that the scammers used to track interactions on their website.
This way, over 400 landing pages were identified, all of which are related to the same campaign. These pages generated between 4000 and 6 million page views. Pixm assumes that these 400 pages are only a fraction of the entire campaign.
Social media phishing is popular, with scammers using the Linkedin logo most often, as you can read here.
If you want to read more about cybercrime and cybersecurity, Sign up for the Swisscybersecurity.net newsletter here. The portal provides daily news about current threats and new defense strategies.
–
