Facebook phishing attacks are fairly common. The website has 1.65 billion active monthly users, a considerable number of which access the social media platform on a daily basis. With such a huge number of users, it is understandable that criminals often target users of the platform.
However, the latest phishing scam to target Facebook users is notable for the speed and scale of the attacks. Kaspersky Lab reports that the latest Facebook phishing attacks have been claiming a new victim every 20 seconds.
The Facebook phishing attacks took place over a period of two days, during which time more than 10,000 Facebook users had their computers infected with malware.
The phishing scam involves site users being sent a message from their ‘friends’. The messages say the user has been mentioned in a comment on a Facebook post. However, when they respond to the message they download a Trojan onto their computers and inadvertently install a malicious Chrome browser extension. In the second phase of the attack, the Trojan and the browser extension are enabled.
When the victim next logs into Facebook the login details are captured and sent to the attacker. This gave the attackers full control of the victims’ Facebook accounts. This allows them to make changes to the privacy settings, steal data, and send their own messages to all of the victims’ contacts on Facebook. The attacks were also used to register fraudulent likes and shares.
The attackers took steps to prevent the infections from being detected. The malware was capable of blocking access to certain websites which could potentially result in the victims discovering the malware infection. The websites of a number of cybersecurity sites were blocked, for instance.
The phishing attack mostly affected Facebook users on Windows computers, although Kaspersky Lab noted that Windows mobile phones were also compromised in the attacks. Individuals who accessed Facebook via Android and Apple phones were immune.
The attacks concentrated on users in South America, with Brazil the worst hit, registering 37% of the Facebook phishing attacks. Columbia, Ecuador, Mexico, Peru, and Venezuela were also heavily targeted. Attacks in Europe were mostly conducted on users in Poland, Greece, and Portugal, with Germany and Israel also hit hard.
The malware used in the latest Facebook phishing attacks is not new. It was first identified about a year ago. Kaspersky Lab reports that the attackers are most likely of Turkish origin, or at least Turkish-speaking.
What sets this phishing scam apart from the many others is the speed at which users were infected. However, the response to the attacks was also rapid. Users who discovered infections spread the news on Facebook, while the media response helped to raise awareness of the scam. Google has also taken action and has now blocked the malicious Chrome extension.