Scammers are leveraging Facebook’s Messenger chatbot to steal account credentials and phone numbers, focusing on the social network’s business pages. According to Trustwave SpiderLabs’ researchers, a sophisticated attack feels convincing due to scammers employing Messenger’s chatbot…a common feature users get across browsing brand pages. Victims are targeted with phishing emails supposedly from Facebook, warning of non-existent violations of Facebook’s Community Standards. The email pushes victims to respond fast, giving a 48-hour ultimatum until the automatic deletion of the victim’s Facebook page. The phishing email contains a link titled ‘Appeal Now,’ which leads the victim to a Messenger conversation with a chatbot. Users must be logged into the platform to engage with the chatbot.
The victims are not aware that they are speaking with an algorithm and not a real person at the other end of the chat. Interestingly enough, the chat’s title ‘Page Support’ actually leads to a Facebook page with the same name and zero likes. The chatbot provides victims with a short message informing them that their page ‘has been scheduled for permanent deletion’ followed by an additional ‘Appeal Now’ button. Clicking on it leads to the website imitating Facebook’s support interface. Once there, users are asked to provide details such as email, phone number, and name of the page they own to submit an appeal to avoid ‘deletion’. Users are expected to click ‘Submit’ in the form, which prompts them to enter their Facebook password. All the collected data is forwarded to spammers.
To make the scam look even more realistic, once users enter their password, they are redirected to a supposed two-factor authentication page with a count-down timer. Researchers claim that since most people have two-factor authentication enabled, this step provides an additional smokescreen to convince victims that they are on a legitimate website. Any number a victim enters into a box redirects to the actual Facebook Help Centre. “Chatbots serve a huge purpose in digital marketing and live support. Little wonder cyber attackers are now abusing this feature. People are not inclined to be suspicious of its contents, especially if it comes from a seemingly genuine source,” reads the report. Facebook phishing has been on the rise recently. According to the cybersecurity company Vade, Facebook has been the most impersonated brand in phishing attacks, accounting for 14% of all phishing pages.
And the attackers get smarter. As always, scams are never outdated. They are only updated. Therefore stay upgraded.