Phishing Attack On Facebook Messenger Steals Millions Of Credentials

Phishing attack on Facebook Messenger steals millions of credentials

Group uses technique to bypass blocking of their URLS. Huge growth in phishing attacks compared to 2022.

The discovery of a large-scale Facebook Messenger scam potentially affecting hundreds of millions of Facebook users highlights the global threat potential of phishing attacks. PIXM reports that 2.7 million users visited a phishing site in 2021, and around 8.5 million so far in 2022, representing a huge growth in this attack method compared to last year.

Here, the threat actors use compromised Facebook accounts to spread the phishing pages via Facebook Messenger. The links probably originated from Facebook itself, according to the researchers. That is, a user’s account is compromised, and the threat actor likely automatically logs into that account and sends the link to the user’s friends via Facebook Messenger. Facebook’s internal Threat Intelligence team is privy to these credential collection schemes, but this group is using a technique to bypass the blocking of their URLS.

Training to combat phishing campaigns

Security awareness training can help employees and companies see through the sophisticated scams that manage to bypass corporate security filters. The basic idea is to use simulated phishing emails to test how alert employees are. The aim of the training is to increase awareness of the dangers and to recognise such attacks.