Almost half a million users duped by Facebook phishing campaign
Think twice before opening that message from an ‘old friend’
When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.
After investigating a malicious message sent via Facebook Messenger, the researchers atCyberNewshave uncovered a large-scalephishingcampaign that has tricked close to 500k Facebook users.
The “Is that you” phishing scam first started circulating on the social network back in 2017. The scam begins with a message sent by one of a user’s friends in which they claim to have found a video or image with them featured in it.
However, the message appears as a video that when clicked, leads a user through a chain of websites infected with malicious scripts. These scripts are able to determine a user’s location, the device they’re using and even itsoperating system.
From there, the scripts lead users to a Facebook phishing page to harvest their credentials and then if possible, infect a user’s device withadwareor othermalware.
Is that you?
While the “Is that you” phishing scam has been around for years, the campaign discovered byCyberNewsbegan operating at the end of January 2020 and so far 480,00 users have fallen victim to it with 77 percent of the victims residing in Germany.
Due to the large-scale nature of the campaign and how it appears to mainly target German users, the news outlet shared its report with CERT Germany, Facebook and the URL shortener service wal.ee which was used by the threat actor responsible.
At the same time, the threat actor also used a legitimate third-partyweb statisticsservice to track their campaign which is howCyberNewswas able to uncover it in the first place and learn how many users were affected.
Are you a pro? Subscribe to our newsletter
Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!
Interested users can read thefull report hereandCyberNewsrecommends that those at risk of phishing use apassword manager,two-factor authenticationand remain vigilant when checking their messages online to avoid falling victim to this or other similar scams.
After working with the TechRadar Pro team for the last several years, Anthony is now the security and networking editor at Tom’s Guide where he covers everything from data breaches and ransomware gangs to the best way to cover your whole home or business with Wi-Fi. When not writing, you can find him tinkering with PCs and game consoles, managing cables and upgrading his smart home.
Phishing attacks surge in 2024 as cybercriminals adopt AI tools and multi-channel tactics
This new phishing strategy utilizes GitHub comments to distribute malware
Do-it-yourself repair kits for the iPhone 16 series are now available from Apple
