Urgent Facebook Messenger alert for millions as scams could steal your credentials

A CYBERSECURITY company has reported a rampant Facebook Messenger scam that is infecting entire networks.

The scheme has been active since September 2021 and relies on a fake login portal.

1

“We have uncovered a campaign the scope of which may affect hundreds of millions of Facebook users,” PIXM, the cybersecurity firm that reported the scam, wrote in a blog.

The scam relies on a fake Facebook login portal where unsuspecting users enter their username and password.

After tricking users into giving up their details, they are redirected to a page littered with ads and surveys.

Based on correspondence between a hacker and PIXM, the organizers of the scam make around $150 per thousand page views and they’ve worked their way to almost 400,000,000 page views – at this rate, the scam would have around $60 million in revenue generated.

PIXM advises that the hacker is likely bragging and overestimating the value of his recording.

The scam achieved tremendous scalability because once a user was infected, it spread through messengers.

The hackers log into the account and send direct messages to others on a user’s network.

“A user’s account would be compromised and the threat actor would, in a likely automated manner, log into that account and send the link to the user’s friends via Facebook Messenger,” PIXM wrote.

Scammers masked their activities on Facebook Messenger servers by legitimizing part of their scam page’s URL.

Facebook could not have allowed users to click on real pages if the URL changes were detected and patched.

PIXM said this method of URL masking has “brought tremendous success” to hackers.

Facebook has long struggled to keep fraud and privacy breaches under control and enforce a proper code of conduct.

The brand loses a key player as Chief Operating Officer Sheryl Sandberg leaves the company after fourteen years.