Scam on Facebook: Scammers are using Messenger chatbots to steal login information

The new phishing scam uses fake and malicious chatbots to steal login information from Facebook users who don't know what's going on. This is done through Facebook Messenger.

Trustwave security researchers have found a new phishing campaign that uses chatbots on Facebook Messenger. The goal of the campaign is to steal user credentials.

Trustwave's analysis of this new phishing campaign shows that the chatbots act like the social network's customer service staff. Then, these bots take over pages by forcing the people in charge of those pages to enter the page's login information. After Trustwave's report, the bad chatbots and websites were taken down right away.

Chatbots are basically specially made programmes that help customers and answer their questions as if they were talking to a real person before the question is sent to a real person. Most of the time, businesses that offer live chat or customer service will use these bots.

Explaining the Attack Scenario

This phishing attack began with an email that said Facebook would delete the person's page in 48 hours because it didn't follow Meta community standards. When the recipient clicked on the "Appeal Now" link, they were sent to a fake Google Firebase-hosted Messenger support page where they had to talk to chatbots.

Sponsored Link

1. Green roads CBD oil
2. Best Man Plus Capsule 
3. wonder leaf CBD oil
4. Beliv Blood Sugar Oil 
5. Green roads CBD oil
6. Man Plus Australia
7. wonder leaf CBD oil
8. Beliv Blood Sugar Oil 
9. Man Plus

Get More Information​

1. https://www.facebook.com/wonderleafcbdoils/reviews
2. https://techplanet.today/post/wonder-leaf-cbd-oil-reviews-2022-how-to-use-and-its-pros-and-cons
3. https://techplanet.today/post/keto-max-science-reviews-2022-how-does-it-work-in-weight-loss
4. https://techplanet.today/post/keto-max-science-reviews-2022-how-to-use-and-its-pros-and-cons
5. https://techplanet.today/post/green-roads-cbd-oil-reviews-2022-how-to-use-and-its-pros-and-cons
6. https://www.facebook.com/Keto-Max-Science-Canada-101759245942823
7. https://www.facebook.com/Green-Roads-CBD-Oil-101929482569948/
8. https://techplanet.today/post/beliv-blood-sugar-oil-reviews-2022-how-to-use-and-its-pros-and-cons
9. https://www.facebook.com/Beliv-Blood-Sugar-Oil-Reviews-2022-101025996022554
10. https://www.facebook.com/Manplus-107217752061909

Researchers saw that the fake support chatbot profile was a fan/business page with no posts or followers. On the profile page, though, the attackers put the official Messenger logo to make the bot look like it was real. The user put their name, last name, email ID, page name, and cell phone number on the Appeal form.

They were also asked to do two-factor authentication, and the one-time password (OTP) could be any length. As soon as the user clicked the "Submit" button, the form was sent to the attackers and the user's credentials were stolen. The user was then taken to Meta's official page for intellectual property and copyright guidelines.

How did the Scam get found out?

Researchers were worried when they found a lot of mistakes in the email, which hinted that it was malicious. For example, there was no dot after the third sentence, and the word Page was written with the wrong capitalization.

The email header also had several mistakes that showed the email wasn't real. For example, Policy Issues was written in the sender's name, and the sender domain didn't belong to Facebook/Meta.

In the end, social media users must be careful when opening these warnings and always look for warning signs before giving out sensitive information. Also, it's best to be careful whenever you talk to someone on Facebook or any other social media site. If you don't know if a user or bot is real, don't give them any personal information and tell Facebook about them.

Source: https://www.hackread.com/