Obvious Phishbait, But Someone Will Bite

facebook-messenger-phishing-scamA widespread phishing scam is circulating in Facebook Messenger, according to Jeff Parsons at Metro. The phishing messages simply contain the words, “Look what I found,” along with a link. If the user clicks the link, they’ll be taken to a spoofed Facebook login page that will steal their credentials. Notably, the attackers send the messages from compromised accounts of the target’s Facebook friends, which increases the appearance of legitimacy.

“Chances are the message will come from a friend or other contact who has had their account compromised,” Parsons says. “So while it seems to come from a trusted source, it’s actually a sneaky way to try and gain access to your data. Clicking on the link will take you through to a malicious webpage that asks for your Facebook log-in details. If you put them in, the scammers running the site will be able to scrape your personal data and, in some cases, install malware directly onto your phone. Not good if you’ve got any kind of sensitive or financial information stored on there.”

Parsons adds that this scam isn’t new, and most phishing attacks use similar social engineering techniques. Users can recognize these attacks if they know what to look for.

“The most well-known form of phishing involves the mimicry of official emails or text messages from trusted companies including Amazon, Paypal, all UK banks, Netflix, delivery companies, mobile phone providers, eBay and so on,” Parsons writes. “Phishing emails can also masquerade as messages from a council authority, HMRC, the Government, the police or a hospital. The phishers replicate to the best of their abilities, the exact logo of the company and then compose a phony email. Usually, the phishing messages explain that you need to update your billing details / address, employment record, your bank card details and so on, or they urge you to check up on a delivery tracking number. So it always pays to check your messages carefully to avoid falling for the trick.”

New-school security awareness training can give your employees a healthy sense of suspicion so they can avoid falling for social engineering attacks.

Don’t get hacked by social media phishing attacks!

Many of your users are active on Facebook, LinkedIn, and Twitter. Cybercriminals use these platforms to scrape profile information of your users and organization to create targeted spear phishing campaigns in an attempt to hijack accounts, damage your organization's reputation, or gain access to your network.

KnowBe4’s Social Media Phishing Test is a complimentary IT security tool that helps you identify which users in your organization are vulnerable to these types of phishing attacks that could put your users and organization at risk.

SPT-monitorHere's how the Social Media Phishing Test works:

  • Immediately start your test with your choice of three social media phishing templates
  • Choose the corresponding landing page your users see after they click
  • Show users which red flags they missed or send them to a fake login page
  • Get a PDF emailed to you in 24 hours with your percentage of clicks and data entered

Go Phishing Now!

PS: Don't like to click on redirected buttons? Cut & Paste this link in your browser:


Subscribe to Our Blog

Comprehensive Anti-Phishing Guide

Get the latest about social engineering

Subscribe to CyberheistNews