ffs-2fa-1200
In this digital age, communicating online and through our devices has become the norm. From sharing highlights of last nightβs game to sending cute animal videos back and forth, so much of our connectedness happens virtually. Itβs become so easy to chat with friends and loved ones through social media that we donβt even have to think about it. We know whoβs on the other end of the screen, so why would we worry? We know our friends would never send us a malicious link that would steal our information, so why be cautious? Right?Β
Not necessarily. Though a message or link may seem like itβs coming from a friend, itβs also possible that it was sent without their knowledge. There are many ways for hackers to scam people very believably. The latest Facebook Messenger hack is just one of many examples.Β
According to PIXM, Facebook users have been conned for several months by a phishing scam that tricks them into handing over their account credentials. Users are shown a fake login page that copies Facebookβs user interface, giving it the illusion of being real. When someone enters their credentials, their password and login combo is sent to the hacker who then sends out the same link and fake login to the userβs friends through Facebook Messenger. Any user who clicks the link is asked to fill out their credentials, and the cycle repeats. PIXM estimates that over 10 million Facebook users have been duped by this scam since 2021.Β
This hacker was able to utilize a technique to evade Facebookβs security checks. When a user clicks on the link in the Messenger app, the browser redirects to a legitimate app deployment service, then redirects again to the actual phishing pages with advertisements and surveys that accrue revenue for the hacker. Using this legitimate service link prevents Facebook from blocking it without blocking other legitimate apps and links as well. Researchers say that even if Facebook managed to block one of these links, several others are created with new unique IDs every day to replace it.Β
Phishing scams like these are harder to detect due to the realistic-looking interface on the login pages and that these malicious links are seemingly coming from friends and family. However, there are always key things to look out for when faced with phishing scams.Β
Scams donβt always come from overtly sketchy emails or text messages from strangers. Sometimes they can (unintentionally) come from people we know personally. This isnβt to say that your friends online canβt be trusted! However, itβs important to always be cautious and keep an eye out for any odd behavior to stay on the safe side. Here are some key things to look out for when faced with potential malicious phishing scams:Β
When in doubt, just ask! If youβve received a message and a link from a friend online, simply ask if they meant to send it to you. If they didnβt send it themselves, not only did you dodge a bullet, but your friend is also now aware that theyβve been hacked and can take the necessary precautions to ensure their information is protected. And if they did mean to send it to you, then you can click the link knowing that itβs safe to do so. Itβs always best to err on the side of caution when it comes to your online security.Β
The post Over 10 Million Facebook Users Hacked in Ongoing Phishing Scam appeared first on McAfee Blog.