Phishing scams are when scammers try to lure you to a fake site or download an infected file by trying to make it look like something else. We are seeing all sorts of innovative and harmful phishing scams at the moment such as fake job offer scams and Android trojans hiding in APK download files. Unfortunately, cybersecurity specialists have discovered another scam that is targeting Facebook and Facebook Messenger.
PIXM, an anti-phishing firm in New York that focuses on AI-related cybersecurity issues has released details of a campaign that has been active on both Facebook and Messenger since September last year. They say the campaign reached a peak in April and May but that it is still very active now.
According to PIXM, the scam involves Messenger users being repeatedly redirected from the Meta app and ending up on phishing landing pages filled with malicious links and files. Then, as well as targeting the unwitting victims who end up there, the phishing campaign also accesses their contacts lists and uses automated tools to further spread the phony redirection requests to other users.
In this way, the campaign has been able to lure millions of Facebook and Messenger users to the phishing pages and tricking them into handing over their account details. PIXM reports that 2.7 million users had accessed the campaign’s phishing landing pages in 2021, rising up to 8.5 million users this year. These were spread across over 400 phishing landing pages identified by the cybersecurity specialists.
Unfortunately, although PIXM has reported the scam to authorities and many of the pages have been taken down, there are still many sites from the campaign that are still active. This is particularly worrying as some of those 405 sites had seen up to 6 million visits on their own. Even though it has been discovered and highlighted, this is still very much an active campaign.
As always with these cases, you need to be extra vigilant about the links you click on, no matter where you find them. To make sure you have the best chance of spotting a fake link or redirect, check our infographic guide to spotting phishing scams.
Image via: PIXM
