Brother
Professional
- Messages
- 2,590
- Reaction score
- 526
- Points
- 113
For more than a year, a large-scale phishing campaign has been unfolding on the social network.
For more than a year, Facebook* has been actively distributing phishing messages with the text "I can't believe it's gone anymore. I will miss him so much." Users who click on the link in such a post are taken to a site that steals their credentials.
The campaign is promoted through hacked user accounts. Thus, attackers collect a huge database for further attacks. Since the messages are supposedly coming from Facebook friends, they look quite plausible.
Несмотря на то, что Facebook пытается блокировать подобные посты, кампания не прекращается по сей день. Стоит появиться очередным новым постам и жалобам на них, как Facebook отключает перенаправление на Facebook.com в тексте, чтобы ссылки перестали работать.
By clicking on a link from a post in the Facebook app on a mobile phone, the user is taken to the fake news site NewsAmericaVideos. On it, the user is required to enter their Facebook login details, ostensibly to confirm their identity and view the video.
To encourage password entry, the site shows a blurry "video clip" in the background, which is actually a normal image downloaded from Discord.
After entering the credentials, the attackers intercept them, and the user is redirected to the Google page.
If a person visits a phishing page from a PC, they will be redirected to Google or fraudulent sites that promote VPNs, browser extensions, or affiliate programs.
The campaign was widely distributed. According to the researchers, numerous new posts are published daily on behalf of friends and relatives whose accounts were hacked in a similar way.
Experts strongly recommend that Facebook users enable two-factor authentication to protect themselves and avoid falling into the trap.
For maximum security, we recommend using special applications rather than SMS messages for authentication. This is because the phone number can be stolen in SIM-swapping attacks.
For more than a year, Facebook* has been actively distributing phishing messages with the text "I can't believe it's gone anymore. I will miss him so much." Users who click on the link in such a post are taken to a site that steals their credentials.
The campaign is promoted through hacked user accounts. Thus, attackers collect a huge database for further attacks. Since the messages are supposedly coming from Facebook friends, they look quite plausible.
Несмотря на то, что Facebook пытается блокировать подобные посты, кампания не прекращается по сей день. Стоит появиться очередным новым постам и жалобам на них, как Facebook отключает перенаправление на Facebook.com в тексте, чтобы ссылки перестали работать.
By clicking on a link from a post in the Facebook app on a mobile phone, the user is taken to the fake news site NewsAmericaVideos. On it, the user is required to enter their Facebook login details, ostensibly to confirm their identity and view the video.
To encourage password entry, the site shows a blurry "video clip" in the background, which is actually a normal image downloaded from Discord.
After entering the credentials, the attackers intercept them, and the user is redirected to the Google page.
If a person visits a phishing page from a PC, they will be redirected to Google or fraudulent sites that promote VPNs, browser extensions, or affiliate programs.
The campaign was widely distributed. According to the researchers, numerous new posts are published daily on behalf of friends and relatives whose accounts were hacked in a similar way.
Experts strongly recommend that Facebook users enable two-factor authentication to protect themselves and avoid falling into the trap.
For maximum security, we recommend using special applications rather than SMS messages for authentication. This is because the phone number can be stolen in SIM-swapping attacks.