New Facebook Messenger Phishing Campaign: It All Starts With a Video Invitation

They warn of a new phishing campaign that has been circulating in recent days, particularly in Mexico, indicating the theft of user access credentials Facebook.

The deception is distributed through messages circulating in messengerFacebook messaging app, With text and a link pointing to a video in which the recipient is supposed to appear.

In this case, they mimic the Facebook home page so that the user doesn’t recognize it as a fake page and enter their access credentials. He explained that it is important to be aware of the hoaxes and hoaxes that are being circulated to avoid becoming victims, in addition to updating all systems and having a security solution installed on all devices. Miguel Angel Mendoza, a researcher at Eset Latin America Lab, the cybersecurity company that exposed this new fraud attempt.

Designed for mobile users, the malicious campaign contains a verification string to determine if a potential victim is accessing the link from the phone. This way, if a user enters a malicious link from a desktop computer, they will simply be directed to a video and avoid the case of sensitive information being stolen.

Otherwise, if the link is accessed from a file smart phone It is directed to the site phishing Which simulates being the official Facebook login page where the user is supposed to log in by entering the email address and password used to access the social network.

The fake Facebook first asks to “verify account information” to view the alleged video. In this way, the information is stolen. If you look closely at the URL in the browser bar you are directed to, you can see that It does not correspond to the official Facebook address. This in itself is sufficient indication to determine that we are dealing with a scam and that we should not enter the access token.

The Eset Research Lab analyzed the verification mechanism used in the URL of a malicious campaign and the way in which the perpetrators of this campaign maliciously exploit Facebook’s development resources. After accessing the message, which is generally received from a contact via Facebook Messenger, the user is directed to a website that appears to contain empty content, but is actually hosting embedded HTML code.

Recommendations to avoid falling into this type of scam:

1. It is recommended to ignore these types of messages that arrive in chats, even if they come from known contactsBecause the senders could have been tricked or their devices had been hacked to spread these threats in an automated manner.

2. It is important to notify the account holder from whom the message is sent so that they know that this malicious activity is being carried out by impersonating their identity and profile, So it is convenient to review any unusual activity in your account, such as logins from different sites or devices, and close sessions that do not correspond to those of the user.

3. If activity is identified that the user does not recognize, it is convenient to immediately update the hacked passwords and enable additional security measures, Such as two-factor authentication and installing anti-malware solutions on devices.

4. Due to the new features used by phishing site creators, such as the use of security certificates, security locks, secure protocols, as well as replication attacks on web addresses, It is necessary to review the security certificates to verify the legitimacy of the site in question.

5. Last but not least, it is appropriate to notify users who have been affected by this message, To prevent them from becoming victims of phishing campaigns that seek to gain access to social networking accounts and other Internet services.

Read on: