Cybercriminals created more than 3,200 scam profiles, most of them impersonating Meta employees’ profiles, to phish public figures, celebrities, businesses, sports teams, and individual users.
Scammers tricked victims by impersonating Meta’s technical team and requesting users to voluntarily share data on a phishing website or by sending their browser cookies to avoid their profiles being blocked, according to a blog post by cybersecurity firm Group-IB.
Cybercriminals lure potential victims with attention-grabbing posts with a sign indicating the post was “written” by Meta/Facebook support staff. They tag dozens of other pages in their posts, which also feature links to phishing websites, the post said.
Potential victims will see scam posts in either their newsfeeds, notifications or when they search for the name of an individual or company whose account has been tagged.
(For top technology news of the day, subscribe to our tech newsletter Today’s Cache)
The aim of the campaign, still ongoing and spanning through February and March 2023, is to gain access to the Facebook accounts of high-profile users and use Facebook log-in credentials to target the individual’s other social media and financial accounts.
A long scam
Upon gaining access to the login credentials, scammers may leverage the compromised accounts to harvest the credentials of other users, and in some instances, attackers were found to repurpose compromised profiles into phishing profiles to increase the scope of impact. Scammers were found to be using keywords like “account”, “retrieval”, or “recovery” to lure in more victims.
Attackers were also found to be using compromised profiles to demand ransom threatening to either delete the account or post inappropriate content if their demands were not met.
“The real danger in this phishing campaign lies in its potential reach. The number of victims can increase exponentially because the followers of a particular page – those who subscribed before the account was taken over by the scammers – are converted into potential victims following account takeover”, the post said.
The research by Group-IB identified more than 3,200 scam profiles, with more than 220 phishing sites mimicking official Meta and Facebook webpages to lure potential victims.
