{"id":19062,"date":"2022-05-17T03:10:13","date_gmt":"2022-05-17T11:10:13","guid":{"rendered":"http:\/\/www.palada.net\/index.php\/2022\/05\/17\/news-12795\/"},"modified":"2022-05-17T03:10:13","modified_gmt":"2022-05-17T11:10:13","slug":"news-12795","status":"publish","type":"post","link":"https:\/\/www.palada.net\/index.php\/2022\/05\/17\/news-12795\/","title":{"rendered":"“Look what I found here” phish targets Facebook users"},"content":{"rendered":"

Credit to Author: Christopher Boyd| Date: Tue, 17 May 2022 10:54:33 +0000<\/strong><\/p>\n

Facebook-themed messages are a frequent source of bogus links from both spam and compromised accounts. Whether you receive the messages via SMS, the Messenger app, or just inside regular web chat, it pays to be careful. A wide variety of attacks use bogus messages as their launchpad, and the risk of account compromise is ever-present. Phishing is not the only threat. Scammers will also happily send \u201ccheck this out\u201d messages and direct you to malware<\/a>. This is why it\u2019s crucial to be careful around links\u2026any link. You just never know.<\/p>\n

One such phishing message is currently doing the rounds in Dutch, and it plugs into a sense of FOMO<\/a> to encourage you to click the link. It was first observed<\/a> back in March, and appears to be making a comeback.<\/p>\n

How does this phish attack work?<\/h2>\n

This is the message currently in circulation, being distributed through a compromised account:<\/p>\n

\n

Kijk eens wat ik hier heb gevonden?? [url]<\/em><\/p>\n<\/blockquote>\n

\"\"<\/figure>\n

The message says \u201cLook what I found here\u201d.<\/p>\n

This is a very common tactic, not giving anything away and almost baiting you into clicking. There\u2019s a few others along these lines being sent to people in Facebook Messenger at the moment. One style of message is one that asks something along the lines of \u201cHave you seen who died\/Guess who died\u201d. The answer, of course, is nobody has died. However, the aim of the game is to have you panic and hit the link without thinking.<\/p>\n

It\u2019s a similar technique in play here, although nowhere remotely as panic-inducing.<\/p>\n

All the same, the link redirects to a fake Facebook page on what looks like a compromised photography website.<\/p>\n

\n
\"\"<\/figure>\n<\/div>\n

The site says \u201cFacebook needs to verify that it\u2019s you, log in to continue\u201d and asks for mobile number\/email and password.<\/p>\n

Hitting the login button submits the data and redirects you through several different domains. In testing, we kept hitting a Google 404 error but you may well end up somewhere else depending on region, type of browser, device, and so on.<\/p>\n

If you\u2019ve entered your login after clicking through from a random message in this fashion, stop what you\u2019re doing. Go to Facebook and change your password as soon as you possibly can. <\/p>\n

The power of \u201cfriendly\u201d messaging<\/h2>\n

The big problem with rogue messages via IM is the aspect of sender trust. If a link is sent to you from a total stranger on a public platform like Twitter, you\u2019ll probably be sceptical and treat it with the caution it deserves. An SMS from a number you don\u2019t recognise? They have some success depending on scam type, but you\u2019d probably expect a banking phish or a fake parcel delivery message through that route.<\/p>\n

But if you get a message from someone within your closed network of friends and family, where you may interact dozens or even hundreds of times a day, then it’s likely you’ll be clicking those links with a lot more confidence.<\/p>\n

Sadly, accounts belonging to those you trust can be hijacked like any others. If your dad\u2019s Facebook account was compromised yesterday and you woke to a link and a message which reads \u201cLook what I found here\u201d, what would you do?<\/p>\n

Phishers know that if they can crack an account, it\u2019ll almost certainly be allowed to send messages to people in its immediate circle as their security settings will permit them access. After all, you don\u2019t add your closest relatives to Facebook and then prevent<\/em> them from sending you messages. <\/p>\n

Tips to avoid falling for rogue messages<\/h2>\n