Facebook Messenger Phishing Scammers made millions of dollars
A massive phishing campaign has been discovered, potentially earning its perpetrators millions of dollars via affiliate advertising commissions.
The campaign was first discovered in September 2021 by AI-focused cybersecurity firm PIXM. Prior to its peak in April and May 2022. This campaign was employed for Facebook’s Messenger service, legit URL shortener services, and websites containing advertisements and surveys.
The foundation is simple; the cybercriminals set up a slew of phishing sites to trick victims into handing over their Facebook passwords. Then two things would happen:
- They would be directed to a website containing advertising, surveys, and other revenue-generating options for the operators.
- The victims’ Facebook accounts would be utilized to disseminate the campaign further via Messenger.
Bypassing Facebook’s security
The social media marketing platform – Facebook Messenger is normally rather efficient at detecting and destroying phishing URLs. However, the hackers managed to circumvent the security by using authentic URL shortening services like litch.me, famous.co, amaze.co, and funnel-preview.com.
The whole operation appears to have been automated, with very little masterminds’ intervention.
PIXM warned when a user’s account would be hacked, and the crook would likely log in to that account. Then they would share the link to the user’s friend list through Messenger.
The company further investigated and discovered one of the phishing URLs holding an open link to a public, traffic monitoring tool. Using the app, they determined that 2.7 million individuals visited one of the phishing sites in 2021, increasing to 8.5 million this year.
In this campaign, 405 distinct usernames were identified, which is likely not the total number of accounts utilized in the campaign.
The company also discovered a similar code snippet on all the phishing pages that referenced a website as seized and shut down by law enforcement. It is allegedly the property of a Colombian individual named Rafael Dorado. An inquiry is now underway against this individual
Although earnings details are limited, however, according to researchers they are in the millions.
The more we assume criminals are stupid the more they prove us wrong. At this point, companies should reconsider their cybersecurity ecosystem to prevent such incidents from happening again.