An intelligence firm has found that a cybercriminal obtained one million Facebook account credentials in four months as hundreds of Facebook users fell prey to phishing scams. A phoney login gateway was utilised as a substitute for Facebook’s landing page, according to PIXM, an anti-phishing firm and it was found that the information of those who entered their account information on the page was stolen.
When PIXM investigated the fake landing page further, it discovered “a reference to the actual server which is hosting the database server to collect users’ entered credentials” which had been altered from the legitimate URL and resulted in a series of redirects.
PIXM also discovered a link to a traffic monitoring application within the code, allowing the anti-phishing firm to view the tracking metrics. As a result, PIXM discovered not only the traffic information from the cybercriminals’ page but also a slew of other bogus landing pages.
The links were later discovered to be coming from Facebook, as threat actors would gain access to a victim’s account, and then send harmful links in bulk to the victim’s friend group in order to cultivate more account credentials.
The websites would deploy and generate URLs of the fake Facebook landing page using services such as glitch.me, famous.co, amaze.co, and funnel-preview.com, thus tricking individuals into entering and having their account information stolen.
The phishing scams were tracked back to a cybercriminal in Colombia and an email account used in the online attacks, according to the researchers.
Phishing is a sort of online scam that targets consumers by sending them an e-mail that looks to be from a well-known source, such as an internet service provider, a bank, or a mortgage firm. It requests personally identifying information from the customer.
As per the researchers, following additional analysis, the attacks looked to be coming from a threat actor in Colombia, along with the perpetrator’s email address.