The new phishing scam uses malicious and fake chatbots to steal login credentials of unsuspected Facebook users through Facebook Messenger.
A new phishing campaign has been discovered by Trustwave security researchers, which involves using Facebook Messenger chatbots while the campaign’s objective is to steal user credentials.
According to Trustwave’s analysis of this new phishing campaign, the chatbots impersonate customer support staff of the social network. These bots then hijack pages by compelling page managers to enter credentials for that Facebook page. The malicious chatbots and websites were quickly taken down after Trustwave’s report.
Chatbots are basically specially designed programs that provide customer support and answer user queries as live support staff before the question is forwarded to a human employee. These bots are generally used by businesses that offer live chat or customer support services.
Attack Scenario Explained
This phishing attack started with an email informing the recipient that Facebook would delete their page after 48 hours for violating Meta community standards. When the recipient clicked on the Appeal Now link, they were redirected to a fake Messenger support page hosted by Google Firebase, where they had to interact with chatbots.
Researchers noticed that the phony support chatbot profile was a fan/business page that didn’t have any followers or posts. However, the attackers used the official Messenger logo on the profile page to make the bot appear legit. In the Appeal form, the user entered their name, surname, email ID, page name, and mobile number.
They were also prompted to complete 2FA authentication, and the OTP could be of any length. As soon as the user clicked on Submit button, the attackers received the form, and the credentials were compromised while the user was redirected to Meta’s official intellectual property and copyright guidelines page.
How was the Scam Exposed?
Concerns were raised when researchers identified many errors in the email, which hinted at its malicious nature. Such as, a dot was missing after the third sentence, and there was incorrect capitalization of the word Page.
The email header also contained several errors pointing to the email’s illegitimacy. For instance, Policy Issues was written in the sender’s name, and the sender domain didn’t belong to Facebook/Meta.
“The fact that the spammers are leveraging the platform that they are mimicking makes this campaign a perfect social engineering technique.”
In conclusion, it is imperative that social media users be cautious when opening such warning notices and always check for red flags before giving away sensitive information. Moreover, it is always best to be cautious when engaging with someone on Facebook or social media in general. If you are unsure about the legitimacy of a user or bot, do not provide any personal information and report them to Facebook.