It all starts with an invitation to watch a video
They warn against a new phishing campaign that has been circulating in recent days, especially in Mexico, indicating the theft of the user’s access credentials Facebook.
The deception is distributed through messages circulating in MessengerFacebook messaging application, With text and a link pointing to a video the recipient is supposed to appear in.
In this case, they mimic the Facebook home page so that the user does not recognize it as a fake page and enters their login credentials. He explained that it is important to be aware of the hoaxes and hoaxes going around to avoid being victims, in addition to updating all systems and installing a security solution on all devices. Miguel Angel Mendoza, researcher at Eset Latin America Lab, the cybersecurity company that exposed this new fraud attempt.
Designed for mobile users, the malicious campaign contains a verification string to determine if a potential victim is accessing the link from the phone. This way, if a user enters a malicious link from a desktop computer, they will simply be directed to a video and avoid the case of sensitive information being stolen.
Otherwise, if the link is accessed from a file smartphone It is directed to the site Phishing Which simulates being the official Facebook login page where the user is supposed to log in by entering the email address and password used to access the social network.
Fake Facebook asks first to “verify account information” to view alleged video. This way the information is stolen. If you look closely at the URL in the navigation bar you are directed to, you can see that It does not match the official Facebook address. This in itself is sufficient indication to determine that we are dealing with a scam and should not grab the access token.
The Eset Research Lab analyzed the verification mechanism used in the URL of a malicious campaign and how the campaigners maliciously exploit Facebook’s development resources. After accessing the message, which is typically received from a contact through Facebook Messenger, the user is taken to a website that appears to contain empty content, but actually hosts embedded HTML code.
Recommendations to avoid falling into this type of scam:
1. It is recommended to ignore these types of messages that arrive in chats, even if they come from known contactsBecause the senders could have been tricked or their devices had been hacked into distributing these threats in an automated way.
2. It is important to inform the holder of the account from which the message is sent so that they know that this malicious activity is being carried out by impersonating and impersonating the profile, So it’s handy to review any unusual activity on your account, like logins from different sites or devices, and close sessions that don’t match the user’s.
3. If an activity is identified that the user does not recognize, it is convenient to update the hacked passwords immediately and activate additional security measures, Like two-factor authentication and installing anti-malware solutions on devices.
4. Due to the new features used by the creators of phishing sites, such as the use of security certificates, security locks, secure protocols, as well as replication attacks on web addresses, It is necessary to review the security certificates to verify the legitimacy of the site in question.
5. Last but not least, it is advisable to inform the users who have been affected by this message, To prevent them from falling victim to phishing campaigns aimed at accessing social media accounts and other Internet services.