A widespread phishing scam is circulating in Facebook Messenger, according to Jeff Parsons at Metro. The phishing messages simply contain the words, “Look what I found,” along with a link. If the user clicks the link, they’ll be taken to a spoofed Facebook login page that will steal their credentials. Notably, the attackers send the messages from compromised accounts of the target’s Facebook friends, which increases the appearance of legitimacy.
“Chances are the message will come from a friend or other contact who has had their account compromised,” Parsons says. “So while it seems to come from a trusted source, it’s actually a sneaky way to try and gain access to your data. Clicking on the link will take you through to a malicious webpage that asks for your Facebook log-in details. If you put them in, the scammers running the site will be able to scrape your personal data and, in some cases, install malware directly onto your phone. Not good if you’ve got any kind of sensitive or financial information stored on there.”
Parsons adds that this scam isn’t new, and most phishing attacks use similar social engineering techniques. Users can recognize these attacks if they know what to look for.
“The most well-known form of phishing involves the mimicry of official emails or text messages from trusted companies including Amazon, Paypal, all UK banks, Netflix, delivery companies, mobile phone providers, eBay and so on,” Parsons writes. “Phishing emails can also masquerade as messages from a council authority, HMRC, the Government, the police or a hospital. The phishers replicate to the best of their abilities, the exact logo of the company and then compose a phony email. Usually, the phishing messages explain that you need to update your billing details / address, employment record, your bank card details and so on, or they urge you to check up on a delivery tracking number. So it always pays to check your messages carefully to avoid falling for the trick.”
New-school security awareness training can give your employees a healthy sense of suspicion so they can avoid falling for social engineering attacks.