A NEW phishing campaign has been aimed at Facebook users – here’s what you need to know.
Threat actors use Messenger chatbots to steal Facebook, Bleeping Computer user credentials reported.
Chatbots pretend to be a company support team and force users to disclose their email address and password.
Facebook Messenger was launched in 2011, but only in 2018 did the technology giant introduce AI chatbots.
Chatbots are software that automates a task – in Messenger they can talk, answer questions or handle customer support cases.
But now they are being hacked and used for phishing attacks, cybersecurity company Trustwave has found.
How are the attacks carried out?
First, bad actors send an email to the recipient that their Facebook page has violated community standards.
The fraudulent email also informs users that they have 48 hours to appeal the decision, otherwise their page will be deleted.
Users are then prompted to click on the malicious link – this will lead them to a conversation in Messenger, where the chatbot pretends to be a Facebook customer support agent.
After participating in the conversation the chatbot will send the victim an “Appeal Now” button in Messenger.
This link reportedly redirects users to a fake “Facebook Support Mailbox” with a URL outside the company’s domain.
This page contains a form that victims are asked to fill out with information such as their name, email address, phone number and page title.
They are then asked to re-enter their passwords to continue the “appeal”.
What happens then?
Once a user has submitted their information, it is sent back to the bad actor database via a POST request.
Once a hacker has received your credentials, they can log into your Facebook account and delay it for ransom.
They can access your personal photos and messages.
If you have banking or payment information related to your account, they can also access it.
How to protect yourself
One good way to protect yourself from phishing attacks is to view the URLs of the pages that request your credentials.
If the domains do not match the normal URL of this site, do not enter any information on this site and close it immediately.
You should also avoid replying to suspicious emails and text messages