Facebook and Messenger users should be aware of an ongoing large-scale phishing campaign that has been active since September 2021 and peaked in April-May 2022. According to cybersecurity firm PIXM, millions of users have become victims of scammers, who lured them to visit phishing pages, enter their account credentials and view advertisements.
Using credentials provided by the victims, the fraudsters send further phishing messages to their contacts, thus getting a significant profit via online advertising commissions. To send messages containing phishing links they use automated tools, so the number of compromised accounts rises very fast. Supposedly, the scammers’ revenue is estimated to be millions of USD.
Facebook does have protection mechanisms to stop the distribution of phishing links, but the threat actors use a trick to bypass these measures. For example, they use legitimate URL generation services (litch.me, famous.co, amaze.co, and funnel-preview.com). Legitimate apps also use these services, that’s why it’s not easy to block such messages.
According to PIXM, in 2021, 2.7 million victims had visited one of the phishing sites. In 2022, this figure rose to 8.5 million.
The researchers identified 405 unique usernames with a separate Facebook phishing page for each one. These pages had page views ranging from 4,000 views to some in the millions. PIXM believes that these usernames represent only a fraction of the pages used by the scammers in this operation.
The researches shared the results of their inquiry with the law enforcement agencies, and many of the identified links have gone offline. However, the operation is still ongoing.