Heads up, Facebook users! Cybercriminals have come up with an innovative strategy to hack Facebook accounts. In a recently spotted phishing campaign, the threat actors used malicious chatbots to steal Facebook logins.
Facebook Phishing Campaign
Sharing the details in a recent post, Trustwave researchers explained how the phishing campaign used malicious Messenger chatbots to hack Facebook accounts.
The attack began with a phishing email reaching the victim’s mailbox. The email’s content included a message about a Facebook page deletion following a possible violation of Facebook Community Standards. Additionally, the email had an embedded link with the text “Appeal Now,” supposedly allowing the user to appeal against the decision.
Clicking on this linking would take the victim to an apparent Facebook Page Support chat box, with a predefined chatbot message stating the same as the phishing email. Here again, a clickable “Appeal Now” button would exist, clicking on which would redirect the user to another apparent Facebook page. (However, a closer look at the URL would reveal the falsification of the web page.)
The phishing pages then took the user to multiple web pages to gain a legit look. These pages would ask the user to enter critical Facebook information, like the login email address, phone number, user’s name, and page name. And then, a popup window would appear seemingly to “re-enter” the Facebook password. That’s where the victim loses all the key information to the attackers.
The victim would then land on a subsequent web page asking to enter an OTP. However, the researchers noted that it was a mere dummy page with no apparent functionality to send or accept OTPs. It was seemingly another attempt to add legitimacy to the attack. Entering any random number string at this point would then take the victim to an actual Facebook article on intellectual property.
Facebook Users, Be Aware
The researchers confirmed that the web pages and chatbots used in this attack had been taken down. But the probabilities for such attacks to re-appear still exist. Therefore, Facebook users must remain very careful when dealing with emails or chats that ask for account information.