Lately, a new form of unconventional scam has become popular on Facebook, aimed at accessing users’ passwords. Victims receive an innocent message, such as “Can you like me on the photo?” Along with a link where they are invited to click. Here’s how a new phishing campaign begins.
This message usually comes from one of the contacts and it asks to be liked under a photo of him, of course for a “good cause”. The message contains a link with a shortened URL to a supposed image and requests that the victim access to give a like. But, to carry out this action, you need to log into a fake page that copies the image of the official Facebook site.
What happens is that the phishing site, or impersonation, uses the characteristics of a secure site, has a security certificate, handles HTTPS, has a security padlock and, in addition, uses an identical image similar to the one on the page Facebook official, explains Camilo Gutiérrez Amaya, head of the ESET Latin America Laboratory.
All these aspects suggest that it is an official site. Therefore, in this case one can fall into a trap, especially if it is a known contact who sends the message.
“The objective of this campaign is to steal Facebook access credentials”, emphasizes the specialist.
Many Internet users believe that the possession of the security certificate (HTTPS or security padlock) is sufficient to trust the site, thinking that it is true. But it is a mistake since any web page can obtain a certificate of this type.
- Coronavirus: Scientists develop an antibody that fights even new mutant strain
- How common are allergic reactions to the Moderna vaccine in the US, according to CDC
- Titan’s Kraken Mare surprises scientists with its depth
- Newbie Venom developer promotes a cure for COVID-19
- Scientists develop a spray that kills coronavirus in one minute
How to find out that it is a fake website? A clear proof of the spoofed URL adds words, periods, or hyphens that differ from the original URL. But sometimes these details are barely noticeable to users who don’t even pay attention to them.
As soon as the Internet users enter their access credentials to Facebook, they are redirected to the official site of the social network due to an alleged authentication error. However, by now his data has already been obtained by the cybercriminals who organized this plot.
The message usually comes from a contact whose account is already in the hands of criminals, who use it to repeat the plot and take control of other accounts. Therefore, it is always necessary to review the security parameters so as not to fall into this trap, no matter if this link comes from a trusted contact or not. So it is advisable to distrust these types of messages and avoid spreading them, Amaya recommends.
In order not to fall victim to these new tricks, first, you should not click on the links that arrive as private messages, even if they come from known contacts. What can be done in these cases is to contact the person who supposedly sent the message by other means of contact and make sure that the message actually comes from them.
Second, one should alert the account holder from which the message came so that they know that someone is doing suspicious activity impersonating their identity and advise them to review any unusual actions, such as logins from different locations or devices.
Third, it is necessary to change the password, enable the second factor of authentication and verify the activities that are registered in the account.
Lastly, it is a good idea to keep the operating system of your PC up to date.
In November, cybercriminals took on the credentials of thousands of Facebook accounts: usernames and passwords, IP addresses, and personally identifiable information, such as emails.
This is a malicious campaign under the false promise of knowing who had seen the profile. Thus, cybercriminals developed a global scam that affected between 150,000 and 200,000 Facebook accounts, as reported by the computer security company ESET.