Photo Credit: Group-IB
Facebook Messenger users in at least 84 countries in Europe, Asia, the MEA region, North and South America have been hit by a scam campaign, as per a new report. This “large-scale scam campaign” has been detected by digital risk protection (DRP) analysts at Group-IB, a Singapore-based threat hunting and adversary-centric cyber intelligence company. They claim that cybercriminals distributed advertisements promoting an alleged updated version of Facebook Messenger, and harvested users' login credentials. The group says they have informed Facebook about this online fraud.
As per a blog post by Group-IB, DRP analysts discovered nearly 1,000 fake Facebook profiles employed in the scheme. It also states that the scam first came into the spotlight in the summer of 2020 and DRP analysts in Asia and Europe detected traces of the fraudulent campaign. “In April, the number of Facebook posts inviting users to install ‘the latest Messenger update' reached 5,700,” the firm said.
In order to draw users' attention, fraudsters reportedly registered accounts with the names mimicking the real app — Messanger, Meseenger, Masssengar, etc. — and used Facebook Messenger's official logo as their profile picture. Group-IB says that to facilitate the moderation process in Facebook and bypass its scam filters, scammers used shortened links created with the help of such services as linktr.ee, bit.ly, cutt.us, cutt.ly, and rb.gy.
Furthermore, they gave users offers in the form of some non-existent features, such as the possibility of finding out who visited one's profile and seeing deleted messages. In some cases, the users were also offered to shift to Gold Messenger. Additionally, there were other ways in which the scammers blackmailed users that their accounts would be banned forever if they did not sign up on the fake page.
These led users to click the malicious links, and they were greeted with a fake Facebook Messenger website with a login form. They were asked to enter their credentials from where they were stolen. “Scammers used such platforms as blogspot.com, sites.google.com, github.io, and godaddysites.com to register fake Facebook Messenger login pages,” the company said. Users in countries like Canada, France, Germany, Italy, Malaysia, Singapore, South Africa, and the US fell victim to this scheme unknowingly leaked their personal data and had their account hijacked.
Is OnePlus 9R old wine in a new bottle — or something more? We discussed this on Orbital, the Gadgets 360 podcast. Later (starting at 23:00), we talk about the new OnePlus Watch. Orbital is available on Apple Podcasts, Google Podcasts, Spotify, and wherever you get your podcasts.