Facebook is undoubtedly one of the most popular and used social networks. This makes hackers set their sights here and always look for ways to steal user data and passwords. In this article we echo a new massive Phishing operation that affects Facebook. We are going to explain how it works, how it can trick users and, most importantly, what to do to avoid it.
Mass Phishing campaign against Facebook
We can say that a Phishing attack is a strategy used by cybercriminals to steal passwords. It basically consists of redirecting the victim to a false page, where they will put their data and instead of reaching the legitimate platform, which in this case would be Facebook, they will end up on a server controlled by the attackers.
Now, a group of security researchers has detected a large-scale campaign to lure millions of users to Phishing sites in order to get them to enter their credentials and passwords. In this way they could steal the accounts and use them to carry out further attacks against the victim’s contacts and thus expand the chain.
This campaign, according to the information security company PIXM, has been active since at least September 2021. However, the maximum peak has been reached in recent months, between April and May.
They do not know how the campaign started in the first place, but indicate that the victims reach the destination page, the Phishing site, through redirects from Facebook and Facebook Messenger. As more accounts were stolen, they used them to send more and more links to contacts. These links lead to the Phishing site, where the victim, when logging in, delivers the data to the attackers on a tray.
Keep in mind that Facebook has different tools to avoid sending Phishing links. However, attackers have used legitimate URL generation services to bypass the block. This made the number of users who ended up clicking those fake links more than significant. Specifically, there were 2.7 million in 2021 and 8.5 million during 2022. This does not mean, far from it, that this number suffered account theft, since one thing is to click and another to end up logging in.
What to do to avoid Phishing in social networks
As you can see, Phishing is a very important problem that can also affect social networks like Facebook. What can we do to be protected and avoid problems? Undoubtedly the most important thing is common sense. Some mistake needs to be made for personal data to leak and passwords to be stolen. In this case, that error is basically logging in through a fake link.
Therefore, you must always be vigilant and never log in outside of Facebook or the platform you use. Never do it through a link that comes to you by private message, by a post on the social network, etc. You should always use official sources, such as the application itself.
Likewise, it is important to always protect the equipment. You should always have a good antivirus that can prevent the entry of malware, as well as having the system updated with the latest versions and correct possible vulnerabilities that may appear and be exploited by cybercriminals. Also, you can protect Facebook with 2FA authentication.
