Cybersecurity firm SpiderLabs has recently discovered a new phishing campaign that is using the chatbot software on Facebook Messenger, reports TechRadar. The researchers have explained that the objective of this campaign is to get hold of the user’s Facebook credentials and various other personal data. According to the report, chatbots are hugely important for digital marketing and live support, so “cyber attackers are now abusing this feature.” Moreover, common users don’t usually suspect these contents, especially when it seems to come from a legitimate source, the report suggests.
As per the report, the fact that spammers are using the service that they are impersonating makes this campaign “a perfect social engineering technique.” Meanwhile, the report has also advised users to stay alert while browsing the internet and to avoid interaction with “unsolicited emails.”
How does this phishing campaign work
The report suggests that initially, victims receive an email that looks like it was sent from Facebook. These emails claim that the particular user page is “ in violation of the site’s community standards and will be terminated in 48 hours.” The report mentions that these emails also include an “Appeal Now” link which lures the victim to click on it if they want an opportunity to appeal for the termination.
As victims click on the “Appeal Now” link, they are redirected to a Messenger chatbot where users are asked to click another similar link. The report suggests that users are asked to click the link multiple times to overcome email security services (if any) as the link to the chatbot is not a malicious one.
According to the report, victims who proceed with clicking the links are landed on a website hosted on Google Firebase. This website is disguised as a Facebook “Support Inbox”, and this is where the victims end up surrendering their sensitive data to the attackers.
Moreover, the researchers have also warned that these attackers try to pry upon users’ personal information including — email addresses, mobile numbers, first and last names, page names and most importantly passwords.
How to avoid this phishing attack
The report states that luckily the content of these emails includes “a few red flags” that is expected to help common users identify the message as being fraudulent. For instance, the message body usually contains a few spelling and grammatical errors. Moreover, the recipient’s name in these emails also appears as “Policy Issues”, which is not Facebook’s usual way to handle such cases, the report suggests.
Apart from these, researchers have also found some more “red flags” where the page that owns the chatbot has a handle “@case932571902” which doesn’t belong to Facebook, the report confirms. Moreover, such fake pages are also expected to be empty with zero followers and posts.