A NEW phishing campaign has been aimed at Facebook users – here’s what you need to know.

Threat actors use Messenger chatbots to steal Facebook, Bleeping Computer user credentials reported.


The phishing campaign was aimed at Facebook usersCredit: AP: Associated Press

Chatbots pretend to be a company support team and force users to disclose their email address and password.

Facebook Messenger was launched in 2011, but only in 2018 did the technology giant introduce AI chatbots.

Chatbots are software that automates a task – in Messenger they can talk, answer questions or handle customer support cases.

But now they are being hacked and used for phishing attacks, cybersecurity company Trustwave has found.

How are the attacks carried out?

First, bad actors send an email to the recipient that their Facebook page has violated community standards.

The fraudulent email also informs users that they have 48 hours to appeal the decision, otherwise their page will be deleted.

Users are then prompted to click on the malicious link – this will lead them to a conversation in Messenger, where the chatbot pretends to be a Facebook customer support agent.

After participating in the conversation the chatbot will send the victim an “Appeal Now” button in Messenger.

This link reportedly redirects users to a fake “Facebook Support Mailbox” with a URL outside the company’s domain.

This page contains a form that victims are asked to fill out with information such as their name, email address, phone number and page title.

They are then asked to re-enter their passwords to continue the “appeal”.

What happens then?

Once a user has submitted their information, it is sent back to the bad actor database via a POST request.

Once a hacker has received your credentials, they can log into your Facebook account and delay it for ransom.

They can access your personal photos and messages.

If you have banking or payment information related to your account, they can also access it.

How to protect yourself

One good way to protect yourself from phishing attacks is to view the URLs of the pages that request your credentials.

I tried Kim Kardashian and Kylie Jenner’s skincare lines to find out which one is the best
The mystery of the death of water skiing champion Eric

If the domains do not match the normal URL of this site, do not enter any information on this site and close it immediately.

You should also avoid replying to suspicious emails and text messages

Source link

Previous articleRussia is breaking up Norway by blocking access to the Arctic archipelago
Next articleI’m an expert – here are 6 ways your eyes can warn of dangerous health issues