Scammers are using compromised Facebook accounts to circulate phishing attack to the hacked accounts’ friends, according to Paul Ducklin at Naked Security. The links are sent via Facebook Messenger, and appear to be a video with a blacked-out image and a caption that says “Is it you in the video?” Ducklin notes that these messages are much more effective when they come from a trusted account.
“From someone you didn’t know, a question like that would fall somewhere between bizarre and creepy, but from a friend, who wouldn’t want to take a look?” Ducklin says. “There is no video, of course – the black image links to a URL shortening service, which in turn redirects to a URL that pops up what looks like a Facebook login page.”
If a user enters their Facebook credentials on this phishing page, their own account will be hacked and their friends will then receive similar messages. Interestingly, the criminals in this case attempt to trick their victims twice by redirecting them to third-party scams after stealing their credentials.
“After entering your password, there’s a short delay, as you might expect when logging in to any online service, after which the crooks seem to pick from a range of other scams and redirect you to one of them randomly,” Ducklin says. “These didn’t look as though they were being run by the same criminals, so we’re assuming the message-spamming crooks were simply hoping to collect ‘affiliate fees’ from other criminals in the underground. These ‘second redirect’ scams varied from specious VPN offers to a range of those ‘free’ phone deals where all you need to do is pay a modest delivery fee (£1.95 in the variants we saw here), thus giving the crooks a believable excuse to collect your credit card details.”
New-school security awareness training can help your employees recognize scams and teach them not to let their curiosity get the better of them.
Naked Security has the full story.