The company’s Digital Risk Protection (DRP) analysts have found evidence proving that users in more that 80 countries in Europe, Asia, the Middle East and North and South America have been affected by the campaign which uses fake ads promoting an updated version of Facebook Messenger to harvest users’ login credentials.
So far, Group-IB has discovered almost 1,000 fake Facebook profiles being used in the scheme that first appeared on its radar last summer when its DRP analysts in Asia and Europe began detecting traces of the same fraudulent campaign.
Head of the digital risk protection department at Group-IB in Europe, Dmitriy Tiunkin provided further insight on why internet users often fall for these types of scams online in a press release, saying;
“The internet has made people abandon critical thinking. Living in the era of instant-everything, clicking on an attractive ad, proposal, headline became a natural human reflex. This didn’t come unnoticed by fraudsters who have been relentlessly feeding on users’ carelessness. It is up to brands to set things straight in this endless stand-off by ensuring that their name isn’t used to trick unsuspecting customers into a scam, with digital risk protection services serving as a silver bullet in this case.”
Facebook Messenger scam campaign
While this new Facebook Messenger scam campaign originated in the summer of 2020, it began picking up steam in April of this year when the number of posts on the social network inviting users to install the latest Messenger update reached 5,700.
In order to appear more legitimate, the cybercriminals behind the campaign registered for accounts on Facebook with names that mimic the real app such as Messanger, Meseenger, Massengar while using the official Facebook Messenger logo as their profile picture. At the same time though, they also used link shortening services like bit.ly to bypass Facebook’s scam filters.
If a user clicks on the link in one of these fake ads, they are taken to a fake Facebook Messenger website with a login form used by the scam campaign to harvest their credentials. The cybercriminals used a number of different free web hosting services to create these fake login pages and they even offered Facebook users non-existent features such as being able to see who visited their profiles or to view deleted messages to entice them to login.
Group-IB has informed Facebook regarding this campaign but until it is shut down, users of the social network should be on the lookout for these fake ads and avoid clicking on shortened URLs as they can lead to phishing pages or even malware. Misspellings in brand names and web addresses are another thing to look out for when trying to identify scam campaigns online.