Fraudsters are spreading scams on Facebook that pose as ads for legitimate AI tools, according to researchers at Check Point. The Facebook pages impersonate ChatGPT, Google Bard, Midjourney, Jasper, and more.
“Most of the campaigns using fake pages and malicious ads in Facebook eventually deliver some kind of information stealing malware,” Check Point says. “In the past month, CPR and other security companies observed multiple campaigns that distribute malicious browser extensions aimed at stealing information. Their main target appears to be data associated with Facebook accounts and the theft of Facebook pages. It seems the cyber criminals are trying to abuse existing large audience pages, including advertising budgets, so even many pages with a large reach could be exploited in this way to spread the scam further.”
The Facebook pages are often very convincing and have many followers, which adds to their credibility.
“The threat actors behind certain malicious Facebook pages go to great lengths to ensure they appear authentic, bolstering the apparent social credibility,” the researchers write. “When an unsuspecting user searches for ‘Midjourney AI’ on Facebook and encounters a page with 1.2 million followers, they are likely to believe it is an authentic page. The same principle applies to other indicators of page legitimacy: when posts on the fake page have numerous likes and comments, it indicates that other users have already interacted positively with the content, reducing the likelihood of suspicion.”
Check Point gives the following advice to help users avoid falling for phishing attacks:
- “Ignore Display Names: Phishing sites or emails can be configured to show anything in the display name. Instead of looking at the display name, check the sender’s email or web address to verify that it comes from a trusted and authentic source.
- “Verify the Domain: Phishers will commonly use domains with minor misspellings or that seem plausible. For example, company.com may be replaced with cormpany.com or an email may be from company-service.com. Look for these misspellings, they are good indicators.
- “Always download software from trusted sources: Facebook groups are not the source from which to download software to your computer. Go directly to a trusted source, use its official webpage. Do not click on downloads coming from groups, unofficial forums etc.
- “Check the Links: URL phishing attacks are designed to trick recipients into clicking on a malicious link. Hover over the links within an email and see if they actually go where they claim. Enter suspicious links into a phishing verification tool like phishtank.com, which will tell you if they are known phishing links. If possible, don’t click on a link at all; visit the company’s site directly and navigate to the indicated page.”
New-school security awareness training can enable your employees to recognize these types of social engineering attacks.