A NEW phishing campaign has been targeting Facebook users – here's what you need to know.
Threat actors are using Messenger chatbots to steal users' Facebook credentials, Bleeping Computer reported.
The chatbots impersonate the company's support team and bait users into revealing their login email address and password.
Facebook Messenger was launched in 2011, however, it wasn't until 2018 that the tech giant implemented AI chatbots.
A chatbot is a software program that automates a task – in Messenger, they can converse, answer questions, or triage customer support cases.
But now, they are being hacked and used to carry out phishing attacks, cybersecurity company Trustwave discovered.
Read more on Facebook
I worked at Facebook – inside sci-fi office with ‘sleep pods’ and Lego walls
How are the attacks being carried out?
First, the bad actors send an email informing the recipient that their Facebook page has violated Community Standards.
The fraudulent email also tells users that they have 48 hours to appeal the decision, or their page will be deleted.
Users are then directed to click on a malicious link – this takes them to a Messenger conversation where a chatbot pretends to be a Facebook customer support agent.
Most read in Tech
Nasa image of crashed 'UFO' on the Moon sends conspiracy theorists wild
Brain-scrambling TikTok optical illusion challenges users to see 10 numbers
iPhone warning for BILLIONS as three 'parasite apps' RUIN iPhone battery life
Urgent warning for ALL Google and Android phone owners – check settings now
Once engaged in conversation, the chatbot will send the victim an "Appeal Now" button on Messenger.
This link reportedly takes users to a fake "Facebook Support Inbox" with a URL outside of the company's domain.
On that page is a form that victims are urged to fill out with information such as their name, email, phone number, and page name.
They are then asked to re-enter their passwords to continue with the "appeal".
What happens then?
Once a user has submitted their information, it gets sent back to the bad actor’s database via a POST request.
Once a hacker has gained your credentials they can log into your Facebook account and hold it for ransom.
They may access your private photos and messages.
If you have any banking or payment information linked to your account, they can access those as well.
How to protect yourself
One good way to protect yourself against phishing attacks is to look at URLs for pages that ask for your credentials.
Read More On The Sun
I tried Kim Kardashian & Kylie Jenner’s skincare lines to see which was best
Mystery over death of jet ski champ Eric ‘The Eagle’ who vanished in race
If the domains do not match the real site's regular URL, then do not enter any information on that site and exit it immediately.
You should also avoid replying to suspicious-looking emails and SMS messages
Source: Read Full Article