Security firm TrustWave has discovered a new phishing campaign that uses Facebook Messenger chatbots to steal Facebook Page login credentials.
In this specific case, the chatbot is posing as that of the support team Facebook: the victim receives an email stating that he has violated the standards of the Meta social network community, inviting the user to oppose the decision within 48 hours, under penalty of deletion of the Page. Since this attack perfectly mimics the way Facebook handles breaches, including the ability to appeal against action, users can be misled with some ease.
Special attention should be paid to phishing attempts on Facebook
The attack is fully automated, so it is possible that the stolen data will be exploited in a later moment, going to convince the victim even more that he actually interacted with Facebook.
This is an insidious attack, which could also hit average users, especially if you don't pay attention to some details: in the specific case, there would not always be a correspondence between the case number indicated in the e-mail and the one on the fake page, moreover, by carefully inspecting the URLs, it is possible to understand without too many doubts that the page does not belong to Facebook. This is particularly important if the page requires credentials to be entered: if the URL is abnormal or not attributable to the domains of Meta products and services, the interaction with the page should be stopped immediately.
In this specific case, the chatbot is posing as that of the support team Facebook: the victim receives an email stating that he has violated the standards of the Meta social network community, inviting the user to oppose the decision within 48 hours, under penalty of deletion of the Page. Since this attack perfectly mimics the way Facebook handles breaches, including the ability to appeal against action, users can be misled with some ease.
Special attention should be paid to phishing attempts on Facebook
The attack is fully automated, so it is possible that the stolen data will be exploited in a later moment, going to convince the victim even more that he actually interacted with Facebook.
This is an insidious attack, which could also hit average users, especially if you don't pay attention to some details: in the specific case, there would not always be a correspondence between the case number indicated in the e-mail and the one on the fake page, moreover, by carefully inspecting the URLs, it is possible to understand without too many doubts that the page does not belong to Facebook. This is particularly important if the page requires credentials to be entered: if the URL is abnormal or not attributable to the domains of Meta products and services, the interaction with the page should be stopped immediately.