Experts have warned of an ongoing cybercriminal campaign leveraging thousands of fake Facebook accounts and phishing pages in an attempt to obtain login data to financial service platform accounts belonging to public figures, celebrities, businesses, and sports teams.
Cybersecurity researchers from Group-IB’s Digital Risk Protection (DRP) team claim (opens in new tab) to have identified more than 3,200 fake Facebook accounts, some of which are impersonating Facebook and its parent company, Meta.
Through these accounts, the attackers would target legitimate users of the social platform to try and get them to visit fraudulent Facebook login pages.
There, they’d get them to enter their login credentials, and effectively grant them access to their accounts. The premise is that many people use the same username/password combination across a wide variety of accounts and that their Facebook login credentials might work on more serious platforms, such as financial services.
While the campaign is active in more than 20 languages, Group-IB experts are saying, the majority of the profiles impersonating Meta are speaking English.
“The scammers impersonate Meta, Facebook’s parent company, in their public posts and on any of their more than 220 phishing sites,” Group-IB researchers Sharef Hlal and Karam Chatra wrote.
“They appropriate Meta and Facebook’s official logos on their social media profiles and phishing web pages to make them appear legitimate and trustworthy in the eyes of users. These fake profiles have nothing to do with Facebook, and they are frequently taken down quickly by the social network.”
Phishing, especially when paired with identity theft (opens in new tab), is a major threat to the online security of both consumers, and businesses. It’s vital IT teams educate their employees on how to spot fake accounts and fake login pages. The easiest way to spot a phishing page is in the address bar – if the address isn’t facebook.com – it’s most likely a scam.
Via: Infosecurity Magazine (opens in new tab)