Up next
Author

A NEW phishing campaign has been targeting Facebook users – here’s what you need to know.

Threat actors are using Messenger chatbots to steal users’ Facebook credentials, Bleeping Computer reported.

A phishing campaign has been targeting Facebook users

1

A phishing campaign has been targeting Facebook usersCredit: AP:Associated Press

The chatbots impersonate the company’s support team and bait users into revealing their login email address and password.

Facebook Messenger was launched in 2011, however, it wasn’t until 2018 that the tech giant implemented AI chatbots.

A chatbot is a software program that automates a task – in Messenger, they can converse, answer questions, or triage customer support cases.

But now, they are being hacked and used to carry out phishing attacks, cybersecurity company Trustwave discovered.

How are the attacks being carried out?

First, the bad actors send an email informing the recipient that their Facebook page has violated Community Standards.

The fraudulent email also tells users that they have 48 hours to appeal the decision, or their page will be deleted.

Users are then directed to click on a malicious link – this takes them to a Messenger conversation where a chatbot pretends to be a Facebook customer support agent.

Most read in Tech

Once engaged in conversation, the chatbot will send the victim an “Appeal Now” button on Messenger.

This link reportedly takes users to a fake “Facebook Support Inbox” with a URL outside of the company’s domain.

On that page is a form that victims are urged to fill out with information such as their name, email, phone number, and page name.

They are then asked to re-enter their passwords to continue with the “appeal”.

What happens then?

Once a user has submitted their information, it gets sent back to the bad actor’s database via a POST request.

Once a hacker has gained your credentials they can log into your Facebook account and hold it for ransom.

They may access your private photos and messages.

If you have any banking or payment information linked to your account, they can access those as well.

How to protect yourself

One good way to protect yourself against phishing attacks is to look at URLs for pages that ask for your credentials.

I tried Kim Kardashian & Kylie Jenner's skincare lines to see which was best
Mystery over death of jet ski champ Eric 'The Eagle' who vanished in race

If the domains do not match the real site’s regular URL, then do not enter any information on that site and exit it immediately.

You should also avoid replying to suspicious-looking emails and SMS messages

This post first appeared on Thesun.co.uk

Leave a Reply

Your email address will not be published. Required fields are marked *

You May Also Like

Scientists discover what happens seconds before you die

The ‘light at the end of the tunnel’ a person experiences just…

Black Friday PS4 deals 2020: What to expect from the sales

BLACK Friday PS4 deals should be easy to find this year, with…

People are just realizing iPhone has hidden red light – millions can use trick to spot ‘invisible’ feature

IPHONE users have been left perplexed after spotting a hidden red light…

iPhone 12 will ship WITHOUT EarPods or a power adaptor in the box

Apple customers forking out up to £1,400 ($1,400) for a new top-of-the-range…