By distributing ads promoting an allegedly updated version of Facebook Messenger, cybercriminals harvested users’ login credentials. About 1,000 fake Facebook profiles are being used in the scam. Group-IB’s DRP analysts have discovered nearly 1,000 fake Facebook profiles employed in the scheme. Upon the discovery of this type of fraud, Group-IB informed Facebook about the scam.
The scam had come to light last year when security analysts had discovered traces of a fraud campaign. Since then it has been growing progressively in scope. In April, the number of Facebook posts inviting users to install “the latest Messenger update” reached 5,700. To draw users’ attention, fraudsters registered accounts with the names mimicking the real app — Messanger, Meseenger, Masssengar, and etc. — and used Facebook Messenger official logo as their profile picture.
How did the scammers ‘trick’ Messenger users
As per the cyber security firm, the scammers used shortened links created with the help of such services as linktr.ee, bit.ly, cutt.us, cutt.ly, and rb.gy. After clicking on the link that is supposed to lead to the download of the app’s updated version, the user finds themselves on a fake Facebook Messenger website with a login form, where they’re asked to enter their credentials. Scammers used such platforms as blogspot.com, sites.google.com, github.io, and godaddysites.com to register fake Facebook Messenger login pages.
Users who fell victim to this scheme risk leaking their personal data and have their account hijacked. Scammers may use the compromised account to either blackmail the victim, pushing them to pay a ransom to have access to their account restored, or further scale up the scheme using the Facebook profile to distribute scam ads.