Phishing remains one of hackers’ favorite ways to make money quickly and easily. To maximize the number of victims and by extension the revenue generated, operators typically target popular app users and very large enterprise customers. This is why Apple, Microsoft and Facebook are prime targets for phishing campaigns. In April 2022, hackers impersonated Facebook to hack into user accounts. And now, information security researchers at PIXM are warning of a massive new phishing campaign on Facebook Messenger.
So the principle of the operation is simple: hackers have developed many phishing sites by taking over the interface of Facebook and Messenger. The goal is to trick victims into providing their login credentials. Once the hackers had this information, two things happened: victims are redirected to websites that host ads, surveys and other ways to generate revenue for the operators and stolen Facebook accounts are used to distribute the campaign via Messenger.
Hackers Generate Millions From Massive Facebook Messenger Phishing Campaign
To do this, hackers use automated tools to send other phishing links to friends of compromised accounts. “A user’s account was attacked and, in a likely automated fashion, the threat actor logged into that account and sent the link to the user’s friends via Facebook Messenger. “.
And while Facebook has safeguards to prevent the delivery of malicious URLs; the operators used a trick to bypass the security of Facebook Messenger. Indeed, phishing messages use legitimate ULR generation services such as litch.me, Famous.co, amaze.co or even funnel-preview.com. These URLs are used by many legitimate applications. According to researchers, 2.7 million users visited one of the phishing portals. This figure has increased to 8.5 million in 2022, reflecting the massive growth of the campaign.
Colombian police and Interpol obtained investigation results from PIXM; but the campaign is still ongoing, despite the fact that many identified URLs are offline.