By distributing advertisements for an allegedly updated version of Facebook Messenger, cyber criminals have been collecting user credentials. Around 1,000 fake Facebook profiles are used for the scam. Group IBs DRP Analysts have discovered nearly 1,000 fake Facebook profiles used in the program. After discovering this type of fraud, Group-IB notified Facebook of the fraud.
The fraud came to light last year when security analysts discovered traces of a fraud campaign. Since then, it has grown in size. In April, the number of Facebook posts inviting users to install the “latest Messenger update” reached 5,700. To attract users’ attention, scammers registered accounts with names that imitate reality App – Messanger, Meseenger, Masssengar etc. – and the official Facebook Messenger logo used as a profile picture.
How did the scammers “trick” Messenger users?
According to the cyber security company, the scammers used shortened links created with the help of services such as linktr.ee, bit.ly, cutt.us, cutt.ly, and rb.gy. After clicking the link that should lead to the download of the updated version of the app, the user is on a fake Facebook Messenger website with a login form that asks them to enter their credentials. Fraudsters used platforms like blogspot.com, sites.google.com, github.io, and godaddysites.com to register fake Facebook Messenger login pages.
Users who have fallen victim to this system run the risk of losing their personal information and hijacking their account. Fraudsters can use the compromised account to either blackmail the victim, force them to pay a ransom to restore access to their account, or to further enlarge the system using Facebook’s profile to distribute scam reports.