FACEBOOK users are being targeted by a new shapeshifting scam which seeks to fleece them of cash through fake news articles, The Sun can reveal.
Dodgy links being spread on social media is a tale as old as time, but the scammers behind this particular campaign are using a new technique to evade detection.
3
3
Scammers are hiding behind an infinite supply of malicious URLs – where no two are the same, Jérôme Segura, director of threat intelligence at Malwarebytes, discovered.
These URLs are swapped out with a new one as quickly as five minutes after they are launched – so it’s nearly impossible for users to report that they’re a scam.
Sharing the research exclusively with The Sun, Segura’s team uncovered a raft of Facebook posts that lead to external websites set up with the purpose of scamming users out of hundreds of dollars.
This is done by luring users into clicking the link to a news article, before being seamlessly redirected to a fake 302 error page which urges users to plug in their financial information before they can ‘have control’ of their computer back.
“Online criminals are notorious for lurking on social media sites and tricking users into visiting malicious links,” Segura’s team wrote in a new report.
“What is unique with this campaign is the abuse of Google Cloud Run to generate new malicious links every few minutes.
“We had previously never seen tech support scams hosted on Google’s serverless platform, and certainly not at this scale.”
The team found several Facebook accounts peddling the same scheme that were posting a number of news stories, ranging from clickbait articles to newsworthy content.
Most read in Tech
While researchers are unsure whether the Facebook accounts were compromised or not, one account had posted multiple malicious links, suggesting that it might have been controlled by a cyber crook.
“These websites are set up in a way to deceive security controls by employing a technique known as cloaking,” they wrote.
Cloaking is when scammers use two types of URLs: the legitimate URL (or decoy) and the money URL (the malicious one).
This lures cyber savvy Facebook users into clicking a link, even when they’ve checked that the URL looks legitimate.
“If you were to visit the URLs while running a VPN or perhaps via a country that is not targeted, you will see what appears to be a typical news site devoid of any scam,” researchers continued.
“But the closer you look at those sites, the more you realise they are bogus: it’s essentially the same content with different domain names.”
If you click on that same link as a “real human” without a VPN, you will be taken to the malicious a 302 error page.
The fake error pages are hosted on Google Cloud Run, which lets scammers run code that responds to web requests – so when users click a link it triggers the fake alert.
“We monitored the cloaking domains closely for some time and determined that the threat actor has set up a scheduled task that creates a new Cloud Run URL every five minutes,” researchers continued.
“This new URL is immediately available and assigned to the cloaking domain for the malicious redirect. Over the course of a few days, we observed thousands of malicious URLs.”
Facebook users must be extra vigilant when it comes to clicking links on the platform – even if it comes from what appears to be a news site, or has gone viral.
“Click-bait articles are notorious for leading to various bogus offers or worse,” researchers wrote.
“As always, we recommend not to panic even if your computer screen suddenly becomes hijacked as a stern audio recording plays back.
“In practically all cases, you can safely close these pop-ups and be back up and running.”
Malwarebytes’ free web extension Browser Guard can help block these attacks – while also helping the cybersecurity firm build a database of dodgy sites.
The Sun has contacted Facebook and Google for comment.
3
Best Phone and Gadget tips and hacks
Looking for tips and hacks for your phone? Want to find those secret features within social media apps? We have you covered…
We pay for your stories! Do you have a story for The Sun Online Tech & Science team? Email us at [email protected]
