A NEW phishing campaign has been targeting Facebook users – here’s what you need to know.
Threat actors are using Messenger chatbots to steal users’ Facebook credentials, Bleeping Computer reported.
The chatbots impersonate the company’s support team and bait users into revealing their login email address and password.
Facebook Messenger was launched in 2011, however, it wasn’t until 2018 that the tech giant implemented AI chatbots.
A chatbot is a software program that automates a task – in Messenger, they can converse, answer questions, or triage customer support cases.
But now, they are being hacked and used to carry out phishing attacks, cybersecurity company Trustwave discovered.
How are the attacks being carried out?
First, the bad actors send an email informing the recipient that their Facebook page has violated Community Standards.
The fraudulent email also tells users that they have 48 hours to appeal the decision, or their page will be deleted.
Users are then directed to click on a malicious link – this takes them to a Messenger conversation where a chatbot pretends to be a Facebook customer support agent.
Most read in Tech
Once engaged in conversation, the chatbot will send the victim an “Appeal Now” button on Messenger.
This link reportedly takes users to a fake “Facebook Support Inbox” with a URL outside of the company’s domain.
On that page is a form that victims are urged to fill out with information such as their name, email, phone number, and page name.
They are then asked to re-enter their passwords to continue with the “appeal”.
What happens then?
Once a user has submitted their information, it gets sent back to the bad actor’s database via a POST request.
Once a hacker has gained your credentials they can log into your Facebook account and hold it for ransom.
They may access your private photos and messages.
If you have any banking or payment information linked to your account, they can access those as well.
How to protect yourself
One good way to protect yourself against phishing attacks is to look at URLs for pages that ask for your credentials.
If the domains do not match the real site’s regular URL, then do not enter any information on that site and exit it immediately.
You should also avoid replying to suspicious-looking emails and SMS messages