With over 2.9 billion monthly active users, Facebook remains a preferred playground for scammers looking to carry out social engineering ploys or steal personal information. Recently, a new phishing scam has been detected, leveraging over 3,000 fake profiles to steal login credentials.
Some statistics about the scam
Between February and March, Group-IB researchers detected a massive phishing campaign, involving fake Facebook profiles impersonating Meta support staff.
The attackers used 3,200 profiles, that were either created by themselves or were hacked from genuine users. Of these fake profiles, 1,200 were created in March alone.
These pages were developed in over 20 different languages. A majority of these profiles, impersonating Meta security staff, posted content in English.
The links posted on these fake pages redirected the potential victims to more than 220 phishing sites carrying Meta or Facebook’s branding. These sites were typically used for phishing or session hijacking attacks.
The scam bait
The fake profiles are named Restriction Account Business Information and Page Standard-Community Recovery, masquerading as the technical support team.
Scammers create several pages using these accounts and publish posts related to an alleged violation of Facebook norms. In these posts, the profiles of the targeted victims are tagged, informing them about the violation, and urging them to verify their accounts.
The key targets include popular celebrities, public figures, sports personalities, and businesses.
Scammers attempt to gain access to their Facebook accounts and steal sensitive information. Some attempts were observed to access additional accounts linked to these accounts.
Concluding notes
The latest scams abusing Facebook and Meta brands highlight the fact that scammers are continuously making efforts to lure unsuspecting victims by leveraging people’s trust in these brands. Users are urged to practice digital hygiene (such as the use of different passwords for different accounts) and use vigilance when dealing with such phishing attempts.